ICSI – Computer Security Articles

DEA Investigating Breach of Law Enforcement Data Portal

May 12, 2022 admin A Little Sunshine, data breaches, Department of Justice, domain block list, Doxbin, drug enforcement administration, el paso intelligence center, emergency data request, Epic, esp.usdoj.gov, FBI, ICSI, kt, lapsus$, law enforcement inquiry and alerts, leia, national seizure system, Ne'er-Do-Well News, Nicholas Weaver, nss, spamhaus, The Coming Storm, u.s. drug enforcement agency

Credit to Author: BrianKrebs| Date: Thu, 12 May 2022 11:00:30 +0000

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Independent Krebs

‘Petya’ Ransomware Outbreak Goes Global

June 27, 2017 admin bitcoin, DLA Piper, Eternal Blue, Group-IB, ICSI, ISACA, Legal Week, Maersk, microsoft windows, MS17-010, Nicholas Weaver, Other, Petya, ransomware, Shadow Brokers, Symantec, UC Berkeley

Credit to Author: BrianKrebs| Date: Tue, 27 Jun 2017 20:18:43 +0000

A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. The malware appears to be spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 — the same bug that was exploited by the recent and prolific WannaCry ransomware strain.

Independent Krebs

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

May 18, 2017 admin avivah litan, Equifax, Gartner Inc., ICSI, Identity Theft, International Computer Science Institute, knowledge-based authentication, Nicholas A. Oldham, Nicholas Weaver, Other, TALX, tax refund fraud, two-factor authentication

Credit to Author: BrianKrebs| Date: Thu, 18 May 2017 20:23:13 +0000

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees. In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017. Beyond that, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses.