breaches – Page 4 – WindowsTechs.com

More on the SolarWinds Breach

Posted on December 17, 2020 by Bruce Schneier

The New York Times has more details.

About 18,000 private and government users downloaded a Russian tainted software update – a Trojan horse of sorts – that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised.

Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies. While the presence of the software is not by itself evidence that each network was compromised and information was stolen, investigators spent Monday trying to understand the extent of the damage in what could be a significant loss of American data to a foreign attacker…

Continue reading More on the SolarWinds Breach→

How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication

Posted on December 15, 2020 by Bruce Schneier

This is interesting:

Toward the end of the second incident that Volexity worked involving Dark Halo, the actor was observed accessing the e-mail account of a user via OWA. This was unexpected for a few reasons, not least of which was the targeted mail… Continue reading How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication→

Twitter fined nearly $550,000 in Europe for response to bug that exposed private tweets

Posted on December 15, 2020 by Joe Warminsky

Regulators in Ireland have fined Twitter for failing to report a data breach promptly and not adequately documenting the incident, marking the first time the regulator has penalized a “big tech” company for violations of Europe’s data protection law. The fine of 450,000 euros, or about $550,000, stems from a bug that allowed thousands of people’s private tweets to be made public between late 2014 and early 2019, when Twitter reported the problem to European authorities. The social media company said it could only identify specific users affected by the breach from September 2017 onward — about 89,000 total over that stretch. The bug only affected users of Twitter’s Android app. Ireland’s Data Protection Commission issued the decision Tuesday on behalf of the European Union, under the EU’s General Data Protection Regulation (GDPR). Twitter’s European headquarters are in Ireland, as are those of Google, Facebook and several other multibillion-dollar U.S. […]

The post Twitter fined nearly $550,000 in Europe for response to bug that exposed private tweets appeared first on CyberScoop.

Continue reading Twitter fined nearly $550,000 in Europe for response to bug that exposed private tweets→

FireEye Hacked

Posted on December 9, 2020 by Bruce Schneier

FireEye was hacked by — they believe — “a nation with top-tier offensive capabilities”:

During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security. These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers. None of the tools contain zero-day exploits. Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools…

Continue reading FireEye Hacked→

Twitter Hack—Old Dog, New Tricks

Posted on August 17, 2020 by Atif Mushtaq

The recent Twitter breach involving Bitcoin transfer scams is not a new concept. SlashNext’s Threat Lab sees dozens of phishing sites each day because cybercriminals see it as an easy way to make money. Here are a few examples.
The post Twitter Hack—Ol… Continue reading Twitter Hack—Old Dog, New Tricks→

Billions of Leaked Credentials Available on the Dark Web

Posted on July 9, 2020 by Silviu STAHIE

Researchers have found over 15 billion credentials from more than 100,000 data breaches on the dark web, including access to everything from streaming services to banking accounts and financial services. Despite what people might think about data breac… Continue reading Billions of Leaked Credentials Available on the Dark Web→

Theft of CIA’s "Vault Seven" Hacking Tools Due to Its Own Lousy Security

Posted on June 18, 2020 by Bruce Schneier

The Washington Post is reporting on an internal CIA report about its "Vault 7" security breach: The breach — allegedly committed by a CIA employee — was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release "Vault 7," and U.S. officials have said it was the biggest… Continue reading Theft of CIA’s "Vault Seven" Hacking Tools Due to Its Own Lousy Security→

Bank Card "Master Key" Stolen

Posted on June 17, 2020 by Bruce Schneier

South Africa’s Postbank experienced a catastrophic security failure. The bank’s master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank’s encrypted master key in plain, unencrypted digital language at the Postbank’s old data centre in the Pretoria city centre. According to a number of internal Postbank… Continue reading Bank Card "Master Key" Stolen→

Password Changing After a Breach

Posted on June 1, 2020 by Bruce Schneier

This study shows that most people don’t change their passwords after a breach, and if they do they change it to a weaker password. Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passw… Continue reading Password Changing After a Breach→