Article Trunk



Posts Tagged ‘security breaches’

US Cyber Command has publicly posted malware linked to a North Korea hacking group

U.S. Cyber Command, the sister division of the National Security Agency focused on offensive hacking and security operations, has released a set of new samples of malware linked to North Korean hackers. The military unit tweeted Wednesday that it had uploaded the malware to VirusTotal, a widely used database for malware and security research. It’s not ...

Credit Karma glitch exposed users to other people’s accounts

Users of credit monitoring site Credit Karma have complained that they were served other people’s account information when they logged in. Many took to a Reddit thread and complained on Twitter about the apparent security lapse. “First time logging in it gave me my information, but as soon as I refreshed the screen, it gave ...

Clothing marketplace Poshmark confirms data breach

Poshmark, an online marketplace for buying and selling clothes, has reported a data breach. The company said in a brief blog post that user profile information, including names and usernames, gender and city data was taken by an “unauthorized third party.” Email addresses, size preferences, and scrambled passwords were also taken. Poshmark said it used ...

Capital One’s breach was inevitable, because we did nothing after Equifax

Another day, another massive data breach. This time it’s the financial giant and credit card issuer Capital One, which revealed on Monday a credit file breach affecting 100 million Americans and 6 million Canadians. Consumers and small businesses affected are those who obtained one of the company’s credit cards dating back to 2005. That includes ...

FTC hits Equifax with fine of up to $700M for 2017 data breach

Credit agency Equifax will pay up to $700 million in fines as part of a settlement with federal authorities over a data breach in 2017. The Federal Trade Commission said in a statement Monday that Equifax has agreed to initially pay at least $575 million in fines as part of the settlement with the federal ...

TrickBot malware learns how to spam, ensnares 250M email addresses

Old bot, new tricks. TrickBot, a financially motivated malware in wide circulation, has been observed infecting victims’ computers to steal email passwords and address books to spread malicious emails from their compromised email accounts. The TrickBot malware was first spotted in 2016 but has since developed new capabilities and techniques to spread and invade computers ...

What CISOs need to learn from WannaCry

In 2017 — for the first time in over a decade — a computer worm ran rampage across the internet, threatening to disrupt businesses, industries, governments and national infrastructure across several continents. The WannaCry ransomware attack became the biggest threat to the internet since the Mydoom worm in 2004. On May 12, 2017, the worm ...

Homeland Security has tested a working BlueKeep remote code execution exploit

Homeland Security’s cyber agency says it has tested a working exploit for the BlueKeep vulnerability, capable of achieving remote code execution on a vulnerable device. To date, most of the private exploits targeting BlueKeep would have triggered a denial-of-service condition, capable of knocking computers offline. But an exploit able to remotely run code or malware ...

In a rare advisory, NSA urges users to patch BlueKeep flaw

The National Security Agency has issued a rare advisory warning users to update their systems to protect against BlueKeep, a new security vulnerability with the capacity to rapidly spread between computers. The “critical”-rated bug affecting computers running Windows XP and later, can be exploited to remotely run malware at the system level, which has full ...

Microsoft warns users to patch as exploits for ‘wormable’ BlueKeep bug appear

Microsoft has issued its second advisory this month urging users to update their systems to prevent a re-run of attacks similar to WannaCry. The software giant said Thursday that the recently discovered “wormable” vulnerability in Remote Desktop Services for Windows can allow attackers to remotely run code on a vulnerable computer — such as malware ...