Note to Self: Create Non-Exhaustive List of Competitors

Credit to Author: BrianKrebs| Date: Tue, 20 Apr 2021 21:46:52 +0000

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. [NYSE:IT] — a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry.

Read more

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

Credit to Author: BrianKrebs| Date: Fri, 16 Apr 2021 12:57:19 +0000

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy.

Read more

Microsoft Patch Tuesday, April 2021 Edition

Credit to Author: BrianKrebs| Date: Tue, 13 Apr 2021 23:12:19 +0000

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server — the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windows flaw that is actively being exploited in the wild.

Read more

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Credit to Author: BrianKrebs| Date: Mon, 12 Apr 2021 22:18:59 +0000

Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, phone numbers, license plate numbers, hashed passwords and mailing addresses.

Read more

Are You One of the 533M People Who Got Facebooked?

Credit to Author: BrianKrebs| Date: Tue, 06 Apr 2021 18:55:53 +0000

Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Meanwhile, if you’re a Facebook product user and want to learn if your data was leaked, there are easy ways to find out.

Read more

Ransom Gangs Emailing Victim Customers for Leverage

Credit to Author: BrianKrebs| Date: Mon, 05 Apr 2021 21:38:38 +0000

Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.

Read more

Ubiquiti All But Confirms Breach Response Iniquity

Credit to Author: BrianKrebs| Date: Sun, 04 Apr 2021 19:22:03 +0000

For four days this past week, Internet-of-Things giant Ubiquiti failed to respond to requests for comment on a whistleblower’s allegations that the company had massively downplayed a “catastrophic” two-month breach ending in January to save its stock price, and that Ubiquiti’s insinuation that a third-party was to blame was a fabrication. I was happy to add their eventual public response to the top of Tuesday’s story on the whistleblower’s claims, but their statement deserves a post of its own because it actually confirms and reinforces those claims.

Read more

New KrebsOnSecurity Mobile-Friendly Site

Credit to Author: BrianKrebs| Date: Thu, 01 Apr 2021 20:19:23 +0000

Dear Readers, this has been long overdue, but at last I give you a more responsive, mobile-friendly version of KrebsOnSecurity. We tried to keep the visual changes to a minimum and focus on a simple theme that presents information in a straightforward, easy-to-read format. Please bear with us over the next few days as we hunt down the gremlins in the gears.

Read more