Jeff Stone – Page 20 – WindowsTechs.com

Home Chef food delivery service confirms breach, two weeks after stolen data went for sale

Posted on May 20, 2020 by Jeff Stone

Customers who used the Home Chef delivery service won’t be the first to know their data was stolen and put up for sale. Nearly two weeks after security researchers said they found usernames and passwords belonging to Home Chef users for sale, the Chicago-based company said a security incident has resulted in the compromise of information about an undisclosed number of its customers. The announcement confirms prior claims from a hacking group, known only at Shiny Hunters, which alleged it had breached a number of seemingly random companies, then posted the stolen data for sale on forums frequented by cybercriminals. “We recently learned of a data security incident impacting select customer information, including names and emails, as well as limited customer account information and encrypted passwords,” the company said in a statement. “We are taking action to investigate this situation and to strengthen our information security defenses to prevent similar incidents […]

The post Home Chef food delivery service confirms breach, two weeks after stolen data went for sale appeared first on CyberScoop.

Continue reading Home Chef food delivery service confirms breach, two weeks after stolen data went for sale→

US will try Joshua Schulte again for allegedly leaking CIA hacking tools

Posted on May 19, 2020 by Jeff Stone

U.S. prosecutors will retry ex-CIA employee Joshua Schulte on espionage-related charges after a jury couldn’t come to a decision in his first trial. Assistant U.S. Attorney David Denton on Monday told a judge in the Southern District of New York that the Department of Justice “does intend to retry Mr. Schulte on the espionage charges.” The update comes more than two months after a jury found Schulte, 31, guilty of lying to the FBI and contempt of court, though they remained deadlocked on eight counts, including the illegal transmission of national defense information. Prosecutors will “clarify” the charges, Denton said, but not add any new criminal counts. While a trial date remains unclear, Judge Paul Crotty said jury selection would not begin before September, amid ongoing concerns connected to the coronavirus pandemic. “It’s difficult to predict when things are going to approach normal again,” he said. The teleconference came after […]

The post US will try Joshua Schulte again for allegedly leaking CIA hacking tools appeared first on CyberScoop.

Continue reading US will try Joshua Schulte again for allegedly leaking CIA hacking tools→

Money is still the main motivating factor for hackers, Verizon report finds

Posted on May 19, 2020 by Jeff Stone

It’s a fact that seems obvious at first, but jarring when put into context: cybercrime is a lucrative business that continues to grow at a remarkable rate, according to the authors of a sweeping overview of major security incidents over the past year. Eighty-six percent of the data breaches in 2019 were motivated by money, according to Verizon’s annual Data Breach Investigation Report, which was released Tuesday. While the techniques have shifted, the figure is a significant uptick from the 71% of breaches that were financially motivated in 2018. “Attackers are going to look anywhere they can to generate revenue,” said Gabriel Bassett, senior information security data scientist at Verizon, adding that scammers are going about this tactic by re-using stolen usernames and passwords, and experimenting with email scams. Verizon’s DBIR has emerged as a reliable benchmark in assessing corporate cybersecurity threats and defenses. This year’s iteration analyzed roughly 157,000 […]

The post Money is still the main motivating factor for hackers, Verizon report finds appeared first on CyberScoop.

Continue reading Money is still the main motivating factor for hackers, Verizon report finds→

Someone is trying to catfish women by pretending to be Paul Nakasone

Posted on May 15, 2020 by Jeff Stone

Gen. Paul Nakasone, the director of the National Security Agency and head of U.S. Cyber Command, is a busy man. He oversees vast, technical surveillance efforts in the U.S. and abroad, while also commanding a military outfit charged with launching cyberattacks. Emailing random women from an outpost in Syria is probably not on his to-do list. So when, Susan, a woman from the New York City area, started receiving correspondence from a “Paul Nakasone” this week, she wondered why the self-proclaimed “head of U.S. Army Cyber Command” was trying to flirt with her. “I Googled this guy and I’m like, ‘Are you kidding me?’” Susan, who asked to be identified by only her first name, told CyberScoop. “And it was very flirtatious, but I’m a married woman.” Susan ultimately realized, that, no, she was not talking to the real Paul Nakasone. She and her friend were actually dealing with scammers who were posing as top […]

The post Someone is trying to catfish women by pretending to be Paul Nakasone appeared first on CyberScoop.

Continue reading Someone is trying to catfish women by pretending to be Paul Nakasone→

Scammers steal $10 million from Norfund, the largest sovereign wealth fund

Posted on May 14, 2020 by Jeff Stone

Thieves spent months inside the networks of the world’s largest sovereign wealth fund before stealing $10 million in what the enterprise is describing as “a serious case of fraud.” The Norwegian Investment Fund, more commonly known as Norfund, announced Wednesday that scammers stole £8.2 million ($10 million) by spoofing an email address, then fabricating payment information and directing cash into their own account. In a statement, Norfund said the incident is still under investigation, though it acknowledged “that our existing systems and routines were not secure enough.” Norfund is a Norway state-owned private equity firm which invests in developing countries throughout the world by supporting renewable energy infrastructure and scalable businesses, particularly in the manufacturing and agricultural sectors. This financial heist only is the latest to affect large international firms, following a $29 million scam affecting the publishing conglomerate Nikkei and the attempted theft of $951 million from Bangladesh’s central […]

The post Scammers steal $10 million from Norfund, the largest sovereign wealth fund appeared first on CyberScoop.

Continue reading Scammers steal $10 million from Norfund, the largest sovereign wealth fund→

Zero-day broker: Stop sending us Apple bugs, we have enough already

Posted on May 13, 2020 by Jeff Stone

A company that pays hackers to submit serious security vulnerabilities says it’s made aware of so many flaws in various Apple operating systems that it will temporarily stop acquiring new attack techniques. In a tweet Wednesday, Zerodium said it will stop accepting Apple iOS bugs that lead to “local privilege escalation,” which attackers use to dig deeper into an infected device, remote code execution bugs in the the company’s Safari web browser, or “sandbox escape” tools, which enable attackers to move from an app to other areas of a device. We will NOT be acquiring any new Apple iOS LPE, Safari RCE, or sandbox escapes for the next 2 to 3 months due to a high number of submissions related to these vectors. Prices for iOS one-click chains (e.g. via Safari) without persistence will likely drop in the near future. — Zerodium (@Zerodium) May 13, 2020 In a follow-up tweet, […]

The post Zero-day broker: Stop sending us Apple bugs, we have enough already appeared first on CyberScoop.

Continue reading Zero-day broker: Stop sending us Apple bugs, we have enough already→

Microsoft’s May ‘Patch Tuesday’ remedies 111 vulnerabilities

Posted on May 12, 2020 by Jeff Stone

Microsoft has released a set of software upgrades meant to address more than 100 vulnerabilities in the company’s products, the latest in a series of scheduled updates that comes as many corporate security executives are working remotely. The announcement comes as part of Microsoft’s “Patch Tuesday” release, the batch of security updates that the company publishes each month to mitigate known vulnerabilities. The May 2020 list includes 111 vulnerabilities, including 13 “critical” issues, 91 classified as “important,” three “moderate” bugs and four “low” priority. Hackers don’t appear to be exploiting any of the vulnerabilities, according to the advisory. The updates pertain to vulnerabilities in Microsoft Edge, the Windows Defender security software, Microsoft Office, Internet Explorer, and a number of other products. Among the most urgent patches are meant to repair flaws in Microsoft SharePoint that could enable hackers to executive arbitrary code on a victim’s machine. One of the SharePoint vulnerabilities […]

The post Microsoft’s May ‘Patch Tuesday’ remedies 111 vulnerabilities appeared first on CyberScoop.

Continue reading Microsoft’s May ‘Patch Tuesday’ remedies 111 vulnerabilities→

Twitter will flag tweets that contradict public health officials on coronavirus

Posted on May 11, 2020 by Jeff Stone

Tweets containing false information about COVID-19 will now include a label or warning that the message contradicts messaging from public health experts, the company said Monday in its latest effort to slow disinformation around the pandemic. In a blog post, Twitter’s head of site integrity, Yoel Roth, and director of public policy strategy, Nick Pickles, said that depending on the severity of the erroneous information, tweets will be accompanied by a link encouraging readers to “Get the facts about COVID-19.” More obvious examples of wrong information will be hidden entirely behind a note saying “Some or all of the content shared in this Tweet conflicts with guidance from public health experts regarding COVID-19.” Here’s Twitter’s criteria for flagging specific claims. This announcement comes amid ongoing disinformation surrounding the coronavirus and its fallout. Conspiracy theorists affiliated with the pro-Trump group QAnon and Reopen America, a movement that’s used inauthentic techniques to […]

The post Twitter will flag tweets that contradict public health officials on coronavirus appeared first on CyberScoop.

Continue reading Twitter will flag tweets that contradict public health officials on coronavirus→

Chatbooks photo service confirms breach, days after ‘Shiny Hunters’ hacking claims went public

Posted on May 11, 2020 by Jeff Stone

A photo-printing startup is alerting its users about a data breach in which hackers stole some customers’ personal information. Chatbooks, a Utah-based company that sells albums of digital photos, told customers on May 8 it was victimized on March 26 by attackers who accessed Chatbooks login credentials, including names, email addresses and individually salted and hashed passwords, and, for some customers, phone numbers and Facebook ID data. “We’ve hired a digital forensics firm and our investigation is ongoing, but as we learn more we will continue to communicate with our community and other stakeholders,” CEO Nate Quigley wrote in an email to CyberScoop. Chatbooks appears to be just one of a growing number of international companies victimized by a hacking group which calls itself “Shiny Hunters.” The same group of scammers claimed to steal 91 million usernames and passwords from Tokopedia, an Indonesian e-commerce company, as well as the food […]

The post Chatbooks photo service confirms breach, days after ‘Shiny Hunters’ hacking claims went public appeared first on CyberScoop.

Continue reading Chatbooks photo service confirms breach, days after ‘Shiny Hunters’ hacking claims went public→