zackwhittaker

zackwhittaker, 15 minutes ago to random

New, by me: U.S.-made consumer-grade spyware app pcTattletale has been hacked and its internal data published to its own website.

The hacker posted a message on pcTattletale's website late Friday, claiming to have hacked the servers containing pcTattletale’s operations. The spyware maker’s website briefly contained links containing files from its servers, which appeared to include some victims’ stolen data.

https://techcrunch.com/2024/05/25/spyware-app-pctattletale-was-hacked-and-its-website-defaced

zackwhittaker, 1 day ago (edited 1 day ago) to random

New, by me: U.S. pharma giant Cencora says Americans’ personal and health information were stolen in a Feb. data breach.

Cencora, previously AmerisourceBergen, said it obtained patients’ data through partnerships with drug makers, including Abbvie, Acadia, Bayer, Novartis, Regeneron.

Cencora's disclosures with U.S. states so far show at least half a million people are affected. But Cencora said it is unwilling to say if it knows how many people are affected.

More: https://techcrunch.com/2024/05/24/cencora-americans-health-data-stolen-breach-cyberattack/

jasonkoebler, 2 days ago to random

$60 million well spent

https://www.404media.co/google-is-paying-reddit-60-million-for-fucksmith-to-tell-its-users-to-eat-glue/

zackwhittaker, 2 days ago to random

Good to know that Google has a chaos specialist on staff.

https://security.googleblog.com/2024/05/on-fire-drills-and-phishing-tests.html

zackwhittaker, 3 days ago to random

NEW, by me: The check-in computers at several hotels around the U.S. are running a consumer-grade spyware app called pcTattletale.

pcTattletale was seen stealthily and continually capturing screenshots of the hotel booking systems, which contained guest information and reservation details.

This was discovered because a security researcher found a flaw in the spyware is exposing these screenshots to the internet, not just the spyware's intended users.

More: https://techcrunch.com/2024/05/22/spyware-found-on-hotel-check-in-computers/

zackwhittaker, 4 days ago to random

Area election denier Rudy Giuliani is now selling coffee beans. Looks like his new website's privacy policy left behind a few notes.

zackwhittaker, 6 days ago to random

A busy edition of ~ this week in security ~ is now out:

• FBI seizes BreachForums (again)
• CISA official breaks ranks on SS7 flaws
• May's Patch Tuesday fixes plenty of zero-days
• Jamaica's state-run agency hit by ransomware
• Australian prescription company hacked
• CSC ignores "free laundry" bug
• A brand new pair of cyber cats, and more.

Sign up/RSS: https://this.weekinsecurity.com

Read online: https://mailchi.mp/weekinsecurity/this-week-in-security-may-19-2024-edition

Donate/support: https://ko-fi.com/thisweekinsecurity

zackwhittaker, 8 days ago (edited 8 days ago) to random

New, by me: Two university students have uncovered a security bug that lets millions do their laundry for free.

CSC ServiceWorks provides internet-connected laundry machines to thousands of residential homes and universities around the U.S., Canada and Europe.

The students found that any security checks are done by the app on the user’s device and automatically trusted by CSC’s servers,

But CSC still hasn't fixed the isue — or acknowledged their findings.

More: https://techcrunch.com/2024/05/17/csc-serviceworks-free-laundry-million-machines

zackwhittaker, 8 days ago to random

We've spent years securing endpoints and network perimeters from external threats. And now the biggest threat to our data is coming from inside the house.
https://cloudisland.nz/@mugginsm/112453455988901949

zackwhittaker, 11 days ago to random

Found a power-up box in the wild.

zackwhittaker, 12 days ago to random

Some of the attacks recorded in Estate's database show efforts to carry out SIM swap attacks — one campaign was simply titled “ur getting sim swapped buddy” — and doxing victims.

The database also exposed information about Estate's founder, a Danish programmer in their early 20s, who claimed, “I do not operate the site anymore.”

Although the cybercrime site is hidden behind Cloudflare, Estate's founder misconfigured the site's server exposing its real-world location.

https://techcrunch.com/2024/05/13/cyber-criminals-stealing-one-time-passcodes-sim-swap-raiding-bank-accounts/

zackwhittaker, 12 days ago to random

A Jamaica state-run agency is recovering from a ransomware attack, reports the Jamaica Gleaner.

"BSJ, the statutory body established to promote and encourage standardisation in relation to commodities, processes and practices, confirmed that it suffered a ransomware attack in February and is still working to 'normalise' its operations."

Several other authorities are affected by the cyberattack.

More: https://jamaica-gleaner.com/article/lead-stories/20240511/bsj-hit-cyberattack

zackwhittaker, 12 days ago to random

NEW, by me: Since mid-2023, a cybercrime operation called Estate has allowed hundreds of members to carry out thousands of automated phone calls aimed at tricking victims into turning over their one-time passcodes.

Oftentimes, that one-time passcode is all the attacker needs to break into a victim’s online account.

But a bug in Estate's code exposed the site's backend database, which was not encrypted. A security researcher shared the database with TechCrunch.

https://techcrunch.com/2024/05/13/cyber-criminals-stealing-one-time-passcodes-sim-swap-raiding-bank-accounts/

zackwhittaker, 13 days ago to random

~ this week in security ~ is back after a week away, with:

• U.S. name and sanction LockBit ransomware leader
• U.K. Armed Forces' payroll hacked
• Ascension healthcare system hit by ransomware
• Research shows VPNs can leak data
• USPTO inadvertently leaked filers' addresses (again!)
• Plus: Someone scraped 49 million Dell customer addresses
• A brand new cyber cat, and more.

Sign up/RSS: https://this.weekinsecurity.com

Read online: https://mailchi.mp/weekinsecurity/this-week-in-security-may-12-2024-edition

Support/donate: https://ko-fi.com/thisweekinsecurity

zackwhittaker, 15 days ago to random

Scoop, by @lorenzofb: We spoke to the threat actor who allegedly stole the data of 49 million Dell customers, including physical addresses.

The threat actor said they scraped the data directly from Dell's servers over a three-week period before Dell noticed.

We verified that the data is authentic by checking leaked data with victims.

More: https://techcrunch.com/2024/05/10/threat-actor-scraped-49m-dell-customer-addresses-before-the-company-found-out/

zackwhittaker, 15 days ago to random

CNN's @snlyngaas reporting that the ransomware attack on Ascension's hospital chain is the work of the Black Basta gang, citing four sources with knowledge of the investigation. Ascension has 140 hospitals in 19 states. Black Basta has previously targeted healthcare organizations and other big corporations.

https://edition.cnn.com/2024/05/10/tech/cyberattack-ascension-ambulances-hospitals/index.html

zackwhittaker, 16 days ago to random

Even with end-to-end encrypted services, metadata matters.

https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist

zackwhittaker, 16 days ago to random

New, by me: U.S. Patent and Trademark Office confirmed it "inadvertently exposed" another 14,000 applicants' domicile addresses as a result of a second security spill in as many years.

I chatted with USPTO's deputy CIO about the incident, who explained that the agency fixed the issue (again) to prevent future spills.

https://techcrunch.com/2024/05/08/us-patent-and-trademark-office-confirms-another-leak-of-filers-address-data/

zackwhittaker, 17 days ago to random

New, by me: Brandywine Realty Trust, one of the largest real estate trusts in the United States, confirms data was stolen in a recent cyberattack, which it describes as ransomware.

https://techcrunch.com/2024/05/07/brandywine-realty-trust-cyberattack/

zackwhittaker, 17 days ago to random

UK defense minister Grant Shapps confirms cyberattack and data breach involving a payments system for the UK Armed Forces — names, bank account information, and some addresses of military personnel.

"This is an external system... operated by a contractor," says Shapps.

I think a big question here is why U.K. military personnel data was being handled by a third-party contractor? Government systems might not be much stronger, but another consequence of privatization?

https://www.gov.uk/government/speeches/defence-secretary-oral-statement-to-provide-a-defence-personnel-update-07-may-2024

zackwhittaker, 25 days ago to random

New, by me: The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company's systems that weren't protected by MFA, according to the CEO of its parent company UnitedHealth.

It’s not known why Change did not set up MFA on this system, but this will likely become a focus for investigators trying to understand potential deficiencies in the insurer’s systems.

More: https://techcrunch.com/2024/04/30/uhg-change-healthcare-ransomware-compromised-credentials-mfa/