Dan Goodin – Computer Security Articles

Microsoft Patch Tuesday, July 2022 Edition

July 12, 2022 admin cve-2022-22022, cve-2022-22029, cve-2022-22038, cve-2022-22039, cve-2022-22041, cve-2022-22047, cve-2022-30206, cve-2022-30221, cve-2022-30226, Dan Goodin, Greg Wiseman, immersive labs, kevin breen, microsoft patch tuesday july 2022, Rapid7, Security Tools, sergiu gatlan, Tenable, Time to Patch

Credit to Author: BrianKrebs| Date: Wed, 13 Jul 2022 01:02:49 +0000

Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.

Independent Krebs

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

April 22, 2022 admin A Little Sunshine, amtrak, apple, bitbucket, Breadcrumbs, Dan Goodin, Doxbin, Electronic Arts, emergency data request, everlynn, Flashpoint, genesis, globant, iqor, kt, lapsus$, lapsus$ jobs, michelin, microsoft, Mobile Device Management, mox, Ne'er-Do-Well News, nvidia, recursion team, russian market, Samsung, sascar, SIM swapping, slack, source code theft, SWATting, T-Mobile, t-mobile atlas, whitedoxbin

Credit to Author: BrianKrebs| Date: Fri, 22 Apr 2022 13:09:39 +0000

KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion. LAPSUS$ is known for stealing data and then demanding a ransom not to publish or sell it. But the leaked chats indicate this mercenary activity was of little interest to the tyrannical teenage leader of LAPSUS$, whose obsession with stealing and leaking proprietary computer source code from the world’s largest tech companies ultimately led to the group’s undoing.

Independent Krebs

Actions Target Russian Govt. Botnet, Hydra Dark Market

April 7, 2022 admin Ars Technica, ASUS, beserk bear, cyclops blink, Dan Goodin, dragonfly 2.0, FBI, federal security service, garantex, german federal criminal police office, gru, hydra market, main intelligence directorate, Ne'er-Do-Well News, NotPetya, ransomware, russian fsb, sandworm, trisis, triton, u.s. department of justice, u.s. department of treasury, voodoo bear, VPNFilter, watchguard, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 07 Apr 2022 22:03:45 +0000

The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate “Hydra,” a billion-dollar Russian darknet drug bazaar that also helped to launder the profits of multiple Russian ransomware groups.

Independent Krebs

Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security

January 31, 2020 admin A Little Sunshine, Ars Technica, chad leonard, chris nickerson, coalfire, dallas county, dallas county attorney charles sinnard, Dan Goodin, gary demercurio, justin wynn, matthew linholm, sen. zach whiting, state sen. amy sinclair, tom mcandrew

Credit to Author: BrianKrebs| Date: Fri, 31 Jan 2020 21:06:18 +0000

On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumpsuits, charged with burglary, and held on $100,000 bail. On Thursday Jan. 30, prosecutors in Iowa announced they had dropped the criminal charges. The news came while KrebsOnSecurity was conducting a video interview with the two accused (featured below).

Independent Krebs

Equifax Credit Assistance Site Served Spyware

October 16, 2017 admin Ars Technica, Dan Goodin, Equifax adware, Equifax breach, Flash Player, Other, Randy Abrams

Credit to Author: BrianKrebs| Date: Thu, 12 Oct 2017 21:03:46 +0000

Big-three consumer credit bureau Equifax says it has removed third-party code from its credit report assistance Web site that prompted visitors to download malicious software disguised as an update for Adobe’s Flash Player software.

Independent Krebs

How Google Took on Mirai, KrebsOnSecurity

February 3, 2017 admin anna-senpai, Ars Technica, Damian Menscher, Dan Goodin, ddos, denial-of-service attacks, google, IoT, Mirai worm, Other, Project Shield

The third week of September 2016 was a dark and stormy one for KrebsOnSecurity. Wave after wave of huge denial-of-service attacks flooded this site, forcing me to pull the plug on it until I could secure protection from further assault. The site resurfaced three days later under the aegis of Google’s Project Shield, an initiative which seeks to protect journalists and news sites from being censored by these crippling digital sieges. Damian Menscher, a Google security engineer with whom I worked very closely on the migration to Project Shield, spoke publicly for the first time this week about the unique challenges involved in protecting a small site like this one from very large, sustained and constantly morphing attacks.