Month: September 2020

by Paul Ducklin We do a show on Facebook every week in our Naked Security Live video series, where we discuss one of the big security concerns of the week. We’d love you to join in if you can – just keep an eye on the @NakedSecurity Twitter feed or check our Facebook page on

The owner of a Bitcoin exchange has become the seventeenth person to be convicted in the United States in connection with a transnational multi-million-dollar online auction fraud scheme that victimized over 900 Americans. Rossen Iossifov was found guilty yesterday by a federal jury in Frankfort, Kentucky, of one count of conspiracy to commit racketeering and one count

by Paul Ducklin Sadly, we’ve written many times before about RaaS, short for Ransomware-as-a-Service: That’s where the crooks who actually write the ransomware keep themselves out of the limelight by hiring in other crooks to identify victims, get into their networks, spread the malware and trigger the damage: The operators themselves then collect the ransom

A health insurance company in Washington state has been slapped with the second-largest ever HIPAA violation penalty. The Department of Health and Human Services’ Office for Civil Rights (OCR) has imposed a $6.85m penalty on Premera Blue Cross to resolve potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Premera Blue Cross is a

A 13-year-old boy has been arrested in the United States after allegedly hacking into an Indiana school district’s computer system.  The unnamed teen was arrested after repeated cyber-attacks were launched against Valparaiso Community Schools.  School officials reported regular assaults on the district’s e-learning systems that disrupted instruction by causing students to become disconnected from their

A warning has been issued by America’s Cybersecurity and Infrastructure Security Agency (CISA) after a malicious cyber-actor compromised a United States federal agency.  The attacker used valid log-in credentials for multiple users’ Microsoft Office 365 accounts and domain administrator accounts to gain access to the agency’s enterprise network. Once inside, the bad actor infected the network with

by Paul Ducklin We saw it in a tweet. How about you? pic.twitter.com/aNYt07qKsI — DEY! (@RoninDey) September 24, 2020 If the reports are to be believed, someone has just leaked a mega-torrent (pun intended – allegedly some of the files have also been uploaded to Kiwi file-sharing service Mega) of Microsoft source code going all

A cyber-attack has struck a Texas company that provides software services to schools and state and local governments across the United States. Tyler Technologies notified customers on September 23 that its phone and computer systems had been compromised by a bad actor.  Since the incident, the website of the company has carried the message: “Our

by Paul Ducklin Aren’t SMSes dead? Aren’t they just plain old text anyway? Surely they’re of no interest to cybercriminals any more? Well, SMSes aren’t dead at all – they’re still widely used because of their simplicity and convenience. Indeed, as a general-purpose short message service – which is literally what the letters SMS stand

New research published today by Kaspersky examines a rise in the number of cyber-attacks on industrial control system (ICS) computers used by the oil and gas industry. Over the first six months of 2020, the percentage of systems attacked in the oil and gas industry increased when compared to the same time period last year. The same trend was

Cyber-criminals hoping to profit from the theft of Bruce Springsteen’s legal documents were left disappointed when an online auction of the data attracted no buyers. The singer’s documents were among a 756GB cache of data swiped from New York City law firm Grubman Shire Meiselas & Sacks in a cyber-attack carried out in May this year.  Other high-profile entertainers

A global sting operation targeting drug trafficking on the darknet has led to 179 arrests and the seizure of weapons, drugs, and millions of dollars in cash and virtual currencies. Operation DisrupTor was conducted across the United States and Europe and was a collaborative effort between the law enforcement and judicial authorities of Austria, Cyprus,

by Paul Ducklin We do a show on Facebook every week in our Naked Security Live video series, where we discuss one of the big security concerns of the week. We’d love you to join in if you can – just keep an eye on the @NakedSecurity Twitter feed or check our Facebook page on

The parent company of Dunkin’ Donuts has agreed to pay hundreds of thousands of dollars in costs and fines to settle a lawsuit that accused the company of glazing over multiple cyber-attacks.  The suit was filed against Dunkin’ Brands Group Inc. in state Supreme Court in Manhattan in September last year by the state of New York’s attorney general Letitia James.