Daily NCSC-FI news followup 2019-07-21

Russia’s Secret Intelligence Agency Hacked: ‘Largest Data Breach In Its History’

www.forbes.com/sites/zakdoffman/2019/07/20/russian-intelligence-has-been-hacked-with-social-media-and-tor-projects-exposed/#56b83da66b11 Red faces in Moscow this weekend, with the news that hackers have successfully targeted FSBRussia’s Federal Security Service. The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world. The data was passed to mainstream media outlets for publishing. Also:

www.bleepingcomputer.com/news/security/russian-fsb-intel-agency-contractor-hacked-secret-projects-exposed/

Hackers breach 62 US colleges by exploiting ERP vulnerability

www.zdnet.com/article/hackers-breach-62-us-colleges-by-exploiting-erp-vulnerability/ Hackers have breached the systems of 62 colleges and universities by exploiting a vulnerability in an enterprise resource planning (ERP) web app, the US Department of Education said in a security alert sent out this week. The vulnerability is in Ellucian Banner Web Tailor, a module of the Ellucian Banner ERP that lets universities customize their front-facing web applications. The vulnerability also impacts Ellucian Banner Enterprise Identity Services, a module for managing user accounts.

New ‘US State Police’ Extortion Scam Includes Contact Numbers

www.bleepingcomputer.com/news/security/new-us-state-police-extortion-scam-includes-contact-numbers/ A new extortion scam is underway that pretends to be from a US State Police detective who is willing to delete child porn evidence if you send them $2,000 in bitcoins. Pretending to be from a state police detective is a new twist, but what really stands out is that they also include a contact phone number that can be used to call the scammer. We all know, or should know, about the sextortion emails people are receiving where the sender states they have hacked the recipient’s computer and taped them doing things while on adult sites. Since then, we have seen further extortion scams that pretend to be the CIA, bomb threats, threats to ruin a website’s reputation, and even from hitmen asking you to pay them to call off a hit.

When Harry met celly: NSA hoarder thrown in the clink for 9 years after taking classified work home for decades

www.theregister.co.uk/2019/07/19/nsa_hoarder_jailed/ An ex-NSA contractor who admitted stashing some 50TB of secret US government documents and exploit code at his home was today sentenced to nine years behind bars. Harold Martin, 54, was given the nine-year term along with an additional three years of supervised release by Judge Richard Bennett in a US federal district court in Maryland.

You might be interested in …

Daily NCSC-FI news followup 2020-07-18

Cloudflare outage takes down Discord, BleepingComputer, and other sites www.bleepingcomputer.com/news/technology/cloudflare-outage-takes-down-discord-bleepingcomputer-and-other-sites/ Cloudflare is having an outage that is affecting many sites including Discord, BleepingComputer, and others. It is not known what is causing the outage, but users will not be able to connect to the sites depending on the region you are located. Read also: www.forbes.com/sites/daveywinder/2020/07/18/internet-down-human-error-not-cyber-attack-to-blame-says-cloudflare/ […]

Read More

Daily NCSC-FI news followup 2021-05-09

Twitter scammers impersonate SNL in Elon Musk cryptocurrency scams www.bleepingcomputer.com/news/security/twitter-scammers-impersonate-snl-in-elon-musk-cryptocurrency-scams/ Twitter scammers are jumping on Elon Musk’s hosting of Saturday Night Live to push cryptocurrency scams to steal people’s Bitcoin, Ethereum, and Dogecoin. For the past year, we have been reporting how scammers have been raking in hundreds of thousands of dollars by promoting fake […]

Read More

Daily NCSC-FI news followup 2021-06-28

Critical vulnerability security incident alert and mitigation firmware update support.zyxel.eu/hc/en-us/articles/4402786248466-Security-Incident-Alert-Firewall-Series Zyxel devices with remote management are being targeted and there is active exploitation of the vulnerability. No CVE has been issued. Hotfix is being worked on. Mitigation is to separate remote management from other functions and restrict access to the remote management port. Mitigation firmware […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.