cybercrime

Warner Music Group Hacked Personal Data Leaked

By Dave McKay in cybersecurity

September 6, 2020

Warner Music Group (WMG) has suffered a data breach that has compromised the personal and financial information of thousands of its customers. Its e-commerce sites have been attacked and breached by a group of alleged Magecart operators. Magecart attacks are based on injecting malicious scripts into JavaScript-based websites in order to “skim” sensitive information such as financial and payment details. WMG has c. 4,000 employees and operates in 70 countries, so the number of affected data subjects could run into the millions.

Continue reading

Intel Data Breach and Poor Passwords

By Dave McKay in privacy

August 8, 2020

Intel Data Protected By Worthless Passwords Intel: “We believe an individual with access downloaded and shared this data” McKay Consulting: No shock, Sherlock. Intel has suffered a data breach of sensitive and company-confidential information related to its as yet unlreased Tiger Lake platform. This is design level data including source code, development and debugging tools, schematics, roadmaps and other similar information. A misconfigured Akamai content delivery network (CDN) server seems to have been the entry point for the hackers.

Continue reading

Three Arrests Made Following Twitter Hack

By Dave McKay in cybercrime

August 1, 2020

It Was Those Pesky Kids Mason Sheppard, 19, of Bognor Regis has had felony charges filed against him, for his participation in the recent Twitter hack. Nima Fazeli, 22, from Florida and an unnamed juvenile (suspected to be 17-year-old teen Graham Clark of Tampa) were also charged this week with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer. In its statement, Twitter also revealed that some of its employees were targeted using a spear-phishing attack via phone calls, which mislead “certain employees and exploited human vulnerabilities to gain access to our internal systems.

Continue reading

Twitter Hack Was the Result of Social Engineering

By Dave McKay in cybersecurity

July 31, 2020

Social Engineering Attack Vector Twitter have declared that the route taken by the threat actors who pulled off this month’s Twitter hack and Bitcoin scam was social engineering. They made convincing but bogus phone calls to Twitter employees and managed to convince them to reveal their credentials. According to Twitter, the social engineering attack gave the threat actors the credentials of a limited set of employees, making it possible for the bad guys to access Twitter’s internal network and support tools.

Continue reading

386 Million User Records Offered for Free

By Dave McKay in cybersecurity

July 29, 2020

Personal Data from 18 Data Breaches Offered to Hackers - At no cost! A threat actor has offered the databases from 18 breaches to other hackers without cost. The figures are mind-boggling—386 million personal records. Usually the data is sold to other cybercriminals. They buy it to perpetrate identity and fraud based crimes, and to use it in phishing campaigns and other email-based scams. The databases came from breaches at these companies:

Continue reading

No More Ransom

By Dave McKay in cybercrime

July 28, 2020

Garmin Hit by WastedLocker Ransomware Garmin has been hit by a four day outage due to a ransomware attack. Today it was announced that Garmin have obtained the decryption key, although how has not been revealed. Perhaps they paid the ransom, although the US Treasury placed sanctions against the probable culprits, EvilCorp, making it illegal to pay them a ransom. Ransomware is a type of malware that infects victims’ computers and encrypts their data.

Continue reading

Blackbaud Breach Affects 20 UK Universities

By Dave McKay in cybersecurity

July 25, 2020

Why Choosing Data Processors Needs Due Care and Attention Blackbaud, the world’s largest supplier of “education administration, fundraising, and financial management software” has suffered a breach in May, 2020. There are over 20 UK Universities and other organizations affected by the breach. And, because under the General Data Protection Regulations (GDPR) regulations you are jointly responsible for breaches that occur at your data processors, those customers are now facing fines from the Information Commissioner’s Office.

Continue reading

UK Second Most Targeted Country for Cyberattacks

By Dave McKay in cybercrime

July 21, 2020

Number Two for Serious Cyberattacks The UK is the second most frequent target of serious cyberattacks, according to a new report. Attacks classified as serious are ones attacking a country’s government agencies, critical infrastructure and high-tech companies, or financially inspired crimes that have netted proceeds to the value of one million dollars or more. There were 47 attacks of this type from May 2006 to June 2020, including the attack on the Labour Party’s during the 2019 general election.

Continue reading

Emotet Botnet Rides Again

By Dave McKay in cybercrime

July 18, 2020

Emotet Cybercrime Gang Back in the Saddle New attacks have been detected, launched from the Emotet botnet. Emotet was last used in anger in Feburary 2020. Emotet is sending out spam emails in an attemp to infect users with its malware payload. “Today’s campaign so far has recipients primarily in the US and UK with the lure being sent in English,” said Sherrod DeGrippo, Senior Director, Threat Research at Proofpoint

Continue reading

Update on Major Twitter Hack

By Dave McKay in cybercrime

July 18, 2020

Where’s Captain Kirk? Four participants in the Twitter hack that breached high-profile and verified Twitter accounts in a Bitcoin grabbing scam have given interviews to the New York Times. Their stories suggest that this was not an attack from a state-sponsored offensive cyber division, nor the work of organised crime. It was a group of 19 and 20 year olds who met online on a website/forum ostensibly for people who like to get in first on new platforms and register unusual, significant, or very short user names, (yes, that’s a thing), but actuall a website dedicated to hijacking accounts.

Continue reading

Categories

Tags