Vinny Troia – WindowsTechs.com

Hackers fire off hoax email messages from FBI account after exploiting misconfigured server

Posted on November 15, 2021 by Tim Starks

Hackers sent a barrage of fake emails over the weekend using an FBI email account, the agency acknowledged, to falsely warn recipients that an attacker stole their information. The nonprofit spam-tracking service Spamhaus Project estimated that the hoax email campaign comprised as many as 100,000 messages. The FBI said that the hackers temporarily broke in via a software misconfiguration for its Law Enforcement Enterprise Portal that the bureau uses to communicate with state and local law enforcement agencies. “While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service,” the FBI said in a Sunday update. “No actor was able to access or compromise any data or PII on the FBI’s network.” The email campaign sought to smear Vinny Troia, a cybersecurity author and CEO of Night Lion Security, as the party […]

The post Hackers fire off hoax email messages from FBI account after exploiting misconfigured server appeared first on CyberScoop.

Continue reading Hackers fire off hoax email messages from FBI account after exploiting misconfigured server→

Hoax Email Blast Abused Poor Coding in FBI Website

Posted on November 13, 2021 by BrianKrebs

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities. Continue reading Hoax Email Blast Abused Poor Coding in FBI Website→

Breached Data Indexer ‘Data Viper’ Hacked

Posted on July 13, 2020 by BrianKrebs

Data Viper, a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion.

The apparent breach at St. Louis, Mo. based Data Viper offers a cautionary and twisted tale of what can happen when security researchers seeking to gather intelligence about illegal activity online get too close to their prey or lose sight of their purported mission. The incident also highlights the often murky area between what’s legal and ethical in combating cybercrime. Continue reading Breached Data Indexer ‘Data Viper’ Hacked→

Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak

Posted on November 22, 2019 by Tara Seals

Although the data was legitimately scraped by legally operating firms, the security and privacy implications are numerous. Continue reading Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak→

When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference?

Posted on October 2, 2018 by BrianKrebs

A ridiculous number of companies are exposing some or all of their proprietary and customer data by putting it in the cloud without any kind of authentication needed to read, alter or destroy it. When cybercriminals are the first to discover these missteps, usually the outcome is a demand for money in return for the stolen data. But when these screw-ups are unearthed by security professionals seeking to make a name for themselves, the resulting publicity often can leave the breached organization wishing they’d instead been quietly extorted by anonymous crooks. Continue reading When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference?→