cybersecurity

Danish Trains Halted Through Cyberattack

By Dave McKay in cybersecurity

November 9, 2022

Ransomware on Suppliers’ Servers Halts Trains Trains ground to a halt in Denmark on Oct. 29, 2022. Not through strike action, but because of a cyberattack. Attacks against critical infrastructure are not new. In the United States, the Transportation Security Administration (TSA) recently issued a new directive with the aim of improving the cybersecurity of railroad operations. Attacks against critical infrastructure such as railways are almost always carried out by Advanced Persistent Threat groups, the state-sponsored cyber-offensive wings of governments.

Continue reading

Massive Breach at Twitch

By Dave McKay in cybersecurity

October 7, 2021

Entire Source Code Base Stolen and Posted Online The term a massive breach doesn’t quite describe what took place at Twitch, Amazon’s streaming platform. Twitch announced the breach on Twitter on Oct. 6, 2021. The amount of data is staggering—around 125GB—but the scope of its content is truly astonishing. The hackers stole: All of Twitch’s source code. All of it. Every piece of software they’ve written in-house. Remuneration details for their content creators.

Continue reading

Facebook Data Breach Exposes 533 Million Accounts

By Dave McKay in cybersecurity

April 4, 2021

533 Million Facebook Accounts from 106 Countries Leaked Online Yet again, Facebook suffers a data breach embarrassment. Underlining once more—as if it was needed—that Facebook does not practice what it preaches when it comes to safeguarding and protecting its users’ personal data. The breached data is freely available on the Dark Web. Usually, breaches of this type are monetized. The threat actors charge other cybercriminals for access to the data.

Continue reading

Story Behind Bizarre Strategic Command Tweet

By Dave McKay in cybersecurity

March 31, 2021

Gobbledegook Tweet Causes Panic An ominous tweet from the US Strategic Command—the agency responsible for looking after America’s nukes—simply said “;l;;gmlxzssaw”. Was it a message in a strange code, or maybe a glitch in the software? Had the account been hacked—and if so, what else had been hacked? Thankfully, this time, there’s no need for panic. It turns out a working-from-home manager had left his computer unattended and his young child mashed on the keyboard a few times.

Continue reading

Russian Military Hackers Accused of Spreading Malware

By Dave McKay in cybercrime

October 21, 2020

Six Russian Military Officers Charged Over Malware Six officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces, have been charged by the US with spreading malware and meddling with elections. They are said to be part of the infamous Fancy Bear Advanced Persistent Threat group, APT28. “No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney General for National Security John C.

Continue reading

Negligent Homicide in German Hospital Cyberattack

By Dave McKay in cybersecurity

September 24, 2020

German Police Probe ‘Negligent Homicide’ in Hospital Cyberattack A ransomware attack on a German hospital is under investigation as a cybercrime, obviously, but it is also being investigated from a potential homicide viewpoint. The ransomware attack delayed treatment for a female patient that led to her death, a state Justice Ministry has suggested. The patient was scheduled to undergo life-saving treatment at the Düsseldorf University Clinic but a ransomware attack against about 30 servers forced emergency services to redirect ambulances to a different hospital in Wuppertal, about 60 Km away.

Continue reading

Warner Music Group Hacked Personal Data Leaked

By Dave McKay in cybersecurity

September 6, 2020

Warner Music Group (WMG) has suffered a data breach that has compromised the personal and financial information of thousands of its customers. Its e-commerce sites have been attacked and breached by a group of alleged Magecart operators. Magecart attacks are based on injecting malicious scripts into JavaScript-based websites in order to “skim” sensitive information such as financial and payment details. WMG has c. 4,000 employees and operates in 70 countries, so the number of affected data subjects could run into the millions.

Continue reading

Intel Data Breach and Poor Passwords

By Dave McKay in privacy

August 8, 2020

Intel Data Protected By Worthless Passwords Intel: “We believe an individual with access downloaded and shared this data” McKay Consulting: No shock, Sherlock. Intel has suffered a data breach of sensitive and company-confidential information related to its as yet unlreased Tiger Lake platform. This is design level data including source code, development and debugging tools, schematics, roadmaps and other similar information. A misconfigured Akamai content delivery network (CDN) server seems to have been the entry point for the hackers.

Continue reading

US Bans Tiktok and Wechat

By Dave McKay in privacy

August 7, 2020

US Bans TikTok and WeChat Mobile Apps It has long been known that free mobile apps make their money by selling your data to advertisers. That’s what funds most of the mobile apps in existence and, for that matter, many of the websites around the world. That’s the economics of the digital world. What is more sinister is the collection of data for surveillance, or the censoring of messages that pass through those apps.

Continue reading

Three Arrests Made Following Twitter Hack

By Dave McKay in cybercrime

August 1, 2020

It Was Those Pesky Kids Mason Sheppard, 19, of Bognor Regis has had felony charges filed against him, for his participation in the recent Twitter hack. Nima Fazeli, 22, from Florida and an unnamed juvenile (suspected to be 17-year-old teen Graham Clark of Tampa) were also charged this week with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer. In its statement, Twitter also revealed that some of its employees were targeted using a spear-phishing attack via phone calls, which mislead “certain employees and exploited human vulnerabilities to gain access to our internal systems.

Continue reading

Categories

Tags