No Jail Time for “WannaCry Hero”

Credit to Author: BrianKrebs| Date: Mon, 29 Jul 2019 22:07:31 +0000

Marcus Hutchins, the “accidental hero” who helped arrest the spread of the global WannaCry ransomware outbreak in 2017, will receive no jail time for his admitted role in authoring and selling malware that helped cyberthieves steal online bank account credentials from victims, a federal judge ruled Friday.

Read more

What’s Behind the Wolters Kluwer Tax Outage?

Credit to Author: BrianKrebs| Date: Tue, 07 May 2019 19:56:44 +0000

Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH, the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH’s software were open and writable by any anonymous user, and that there were suspicious files in those directories indicating some user(s) abused that access. Shortly after that report, the CCH file directory for tax software downloads was taken offline. As of this publication, several readers have reported outages affecting multiple CCH Web sites. These same readers reported being unable to access their clients’ tax data in CCH’s cloud because of the ongoing outages.

Read more

Happy 9th Birthday, KrebsOnSecurity!

Credit to Author: BrianKrebs| Date: Sat, 29 Dec 2018 15:51:25 +0000

Hard to believe we’ve gone another revolution around the Sun: Today marks the 9th anniversary of! This past year featured some 150 blog posts, but as usual the biggest contribution to this site came from the amazing community of readers here who have generously contributed their knowledge, wit and wisdom in more than 10,000 […]

Read more

Financial Cyber Threat Sharing Group Phished

Credit to Author: BrianKrebs| Date: Thu, 01 Mar 2018 19:04:34 +0000

The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, said today that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members. The fallout from the back-to-back phishing attacks appears to have been limited and contained, as many FS-ISAC members who received the phishing attack quickly detected and reported it as suspicious. But the incident is a good reminder to be on your guard, remember that anyone can get phished, and that most phishing attacks succeed by abusing the sense of trust already established between the sender and recipient.

Read more

MacOS High Sierra Users: Change Root Password Now

Credit to Author: BrianKrebs| Date: Tue, 28 Nov 2017 22:34:22 +0000

A newly-discovered flaw in macOS High Sierra — Apple’s latest iteration of its operating system — allows anyone with local (and, apparently in some cases, remote) access to the machine to log in as the all-powerful “root” user without supplying a password. Fortunately, there is a simple fix for this until Apple patches this inexplicable bug: Change the root account’s password now.

Read more