Social Engineering Attack Enabled Hackers to Penetrate Twitter’s Administrative Systems and Hijack High-Profile Accounts

In one of the most extraordinary and high-profile cyberattacks ever made public, hackers on July 15 compromised Twitter’s administrative systems and hijacked the social media accounts of prominent politicians and business leaders. The attackers then used those accounts to masquerade as the victims and request donations in bitcoin. Twitter said it was the victim of “a coordinated social engineering attack by people who successfully targeted some of our employees with access...

Read More
FireEye M-Trends 2019: Hidden Phishing Risks During Mergers and Acquisitions

FireEye M-Trends 2019: Hidden Phishing Risks During Mergers and Acquisitions

Partner, FireEye has released their most recent M-Trends report which looks at some of the significant trends and shifts of 2019, including the Hidden Phishing Risks During Mergers and Acquisitions. FireEye had previously discussed the risks of integrating a compromised organization into a parent organization back in their M-Trends 2012 report and this issue remains a large threat to organizations today. During a merger or acquisition, tight deadlines are in...

Read More

Mongodb Attacks Jump From Hundreds to Twenty-Eight Thousand in Days

Security researchers report a massive uptick in the number of MongoDB databases hijacked and held for ransom. On Monday, researcher Niall Merrigan reported 28,000 misconfigured MongoDB were attacked by more than a dozen hacker groups. That’s sharp increase from last week when 2,000 MongoDB had been hijacked by two or three criminals. A wave attack was first spotted on Dec. 27 by Victor Gevers, an ethical hacker, and founder of GDI Foundation. That’s...

Read More

What really is Ransomware?

We're writing this post specifically for the people who have absolutely no idea what ransomware is, or those who have heard the buzz word but don't really know what it means. It's easy to read the word, and assume a definition, but can you really sit there and say you know EXACTLY what ransomware is? Don't fret. We will explain in a practical, not technical language that you can easily understand,...

Read More

New ‘nasty’ Ransomware Encourages Victims to Attack Other Computers

Popcorn Time malware offers users free removal if they get two other people to install link and pay. A new ransomware variant has been discovered using an innovative system to increase infections: the software turns victims into attackers by offering a pyramid scheme-style discount. Any user who finds themselves infected with the Popcorn Time malware (named after, but unrelated to, the bittorrent client) is offered the ability to unlock their files for...

Read More

Brandon Bourret, Photobucket Hacker Sent To Prison for Computer Fraud

Creator of Software to Facilitate Privacy Invasion and Online Extortion Sentenced to Federal Prison for Conspiracy to Commit Computer Fraud. Photobucket was the victim of a bizarre cybercrime case, outlined by the US Department of Justice yesterday. Brandon Bourret of Colorado has been given a 29-month jail term in the case for computer fraud that involved intrusion into the privacy of his victims and online extortion. His accomplice Athanasios Andrianakis was earlier given...

Read More

Hackers Hold Investment Bank To Ransom

Hackers who call themselves TheDarkOverlord recently tried to extort a series of health care organizations into paying hefty ransoms. Their most recent target is WestPark Capital. The hackers have stolen apparent internal documents from a Californian investment bank and published them online, likely in an effort to extort money from the victim company. Jamie Moles, security consultant at cyber security firm Lastline commented below why this story differs from other high profile hacks, including the traditional techniques and language...

Read More

Anti-DDoS Firm Target of DDoS Attack

Irony- the expression of one’s meaning by using language that normally signifies the opposite, or in this case, a company who falls victim to the very thing they exist to defend against. On March 10, 2016 global DDoS protection company, Staminus, was the recipient of a DDoS attack. This distributed denial of service attacks rendered their network inoperable for over 20 hours. Staminus released a statement confirming that issue was a result...

Read More

Proof Reading: The Difference Between $80 Million and $850 Million

Foundation. One relatively average word that brought down a scam worth nearly $1 billion. On February 5, 2016, the Federal Reserve Bank of New York received a succession of requests seemingly from the Bangladesh Central Bank in Dhaka. If the 35 requests had gone unchallenged by the New York bank, just over $850 million would have been lost in a single weekend. The Federal Bank released a statement that the requests...

Read More

This Week in Breaches: The US IRS

On February 9, 2016 the United States Internal Revenue Services released a statement that they had ‘identified and halted an automated attack’ on their website with the Electronic Filing PIN application. This application can be used to electronically file taxes. The IRS noted that it was personal information stolen from outside the agency and that identity thieves used malware in an attempt to generate E-file PINs for stolen social security numbers....

Read More