Smashing Security podcast #278: Tim Hortons, avoiding sanctions, and good faith security research

Trouble brews with the Tim Hortons app, Mandiant gets in a tussle with a Russian ransomware gang, and should good faith security researchers be at risk of prosecution?

All this and much more is discussed in the latest edition of the award-winning “S… Continue reading Smashing Security podcast #278: Tim Hortons, avoiding sanctions, and good faith security research

Smashing Security podcast #207: Cyber biowarfare, giant ladybugs, and strippers

Fears are raised about cyber bioterrorists, there’s a widespread blackout for IoT devices caused by a cloud cock-up, and what role do strippers play in a revamp of the United States’s computer crime laws?

All this and much more is discussed in the l… Continue reading Smashing Security podcast #207: Cyber biowarfare, giant ladybugs, and strippers

Federal officials have arrested another accused FIN7 hacker

A Ukrainian national was arrested last week in Seattle for his alleged involvement in hacking operations run by FIN7, a syndicate known for stealing approximately $1 billion from its victims in the United States. According to court documents obtained by CyberScoop, Denys Iarmak has been charged with conspiracy to commit computer hacking, accessing a protected computer to commit fraud, intentional damage to a protected computer, access device fraud, conspiracy to commit wire and bank fraud, wire fraud, and aggravated identity theft. The arrest is a significant move against financially motivated FIN7, which has targeted the hospitality and gaming industries in the last several years.  FIN7 has gone after restaurants including Chipotle, Red Robin, Taco John, as well as a credit union and a casino. According to the court documents, Iarmak was part of a scheme where operators allegedly ran spearphishing campaigns to gain unauthorized access to victim computers, deploy malware, conduct […]

The post Federal officials have arrested another accused FIN7 hacker appeared first on CyberScoop.

Continue reading Federal officials have arrested another accused FIN7 hacker

Facebook, Google, YouTube order Clearview to stop scraping faceprints

It’s my First Amendment right to scrape publicly available face images, its CEO says. Besides, we’re just doing what Google Search does. Continue reading Facebook, Google, YouTube order Clearview to stop scraping faceprints

Ubisoft sues DDoS-for-hire operators for ruining game play

The network of sites and services run by the alleged operators target the Rainbow Six Siege game, selling attacks to cheating players. Continue reading Ubisoft sues DDoS-for-hire operators for ruining game play

Capital One cryptojacking suspect indicted

The former software engineer allegedly created scanners to look for misconfigured servers rented from a cloud computing company. Continue reading Capital One cryptojacking suspect indicted

More than 2m AT&T phones illegally unlocked by bribed insiders

The alleged, now indicted ringleader paid more than $1m in bribes to insiders who planted malware and hardware for remote unlocking. Continue reading More than 2m AT&T phones illegally unlocked by bribed insiders

Congress to take another stab at hack back legislation

The concept of “hacking back” — which has often been referred to as “the worst idea in cybersecurity” — has resurfaced again in Washington. Rep. Tom Graves, R-Ga., is reintroducing a bill Thursday that would allow companies to go outside of their own networks to identify their attackers and possibly disrupt their activities. While Graves has made previous attempts to legalize the practice, “hacking back” would currently be a violation of the Computer Fraud and Abuse Act. The CFAA, enacted in 1986, makes it illegal to access computers without authorization. Graves told CyberScoop the bill is necessary in part because companies are left without recourse when they are attacked. “Where do they turn — can they call 911? What do they do?” Graves said. “They have nowhere to turn.” The incentive to pass this bill, Graves says, also stems in part from the fact that there are no guidelines right now for companies that […]

The post Congress to take another stab at hack back legislation appeared first on CyberScoop.

Continue reading Congress to take another stab at hack back legislation