hacking   65471

« earlier    

Equifax IT staff had to rerun hackers' database queries to work out what was nicked – audit • The Register
John Dunn:
<p>Equifax was so unsure how much data had been stolen during its 2017 mega-hack that its IT staff spent weeks rerunning the hackers' database queries on a test system to find out.

That's just one intriguing info-nugget from the US Government Accountability Office's (GAO) report, <a href="https://www.gao.gov/assets/700/694158.pdf">Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach</a>, dated August but publicly released this month.

During that attack, hackers broke into the credit check agency's systems, getting sight of highly personal information on roughly 150 million people in America plus 15 million Brits, and others.

Computer security breaches are rarely examined in this much detail, however, several departments of the US government are Equifax customers, which meant the Feds wanted the GAO to convince them it's not going to happen again.

The cyber-break-in happened on May 13 when criminals started exploiting a vulnerability in the Apache Struts 2 framework running on Equifax's online portal. The company didn't clock it until July 29. However, the report confirmed that failing to patch this flaw earlier was not the only screw-up.</p>

And yet they still had the chutzpah to offer people "one year's free protection" on their accounts, chargeable after that. A great way to drum up business. (That bit wasn't a screw-up. It was intentional greed.)
equifax  hacking 
23 hours ago by charlesarthur
The Mirai botnet architects are now fighting crime with the FBI • WIRED
Garrett Graff:
<p>Josiah White, Paras Jha, and Dalton Norman, who were all between 18 and 20 years old when they built and launched Mirai, pleaded guilty last December to creating the malware. Mirai, which hijacked hundreds of thousands of internet-of-things devices and united them as a digital army, began as a way to attack rival Minecraft videogame hosts, but it evolved into an online tsunami of nefarious traffic that knocked entire web-hosting companies offline. At the time, the attacks raised fears amid a presidential election targeted online by Russia that an unknown adversary was preparing to lay waste to the internet…

…In a separate eight-page document, the government lays out how, over the 18 months since the FBI first made contact with the trio, they have worked extensively behind the scenes with the agency and the broader cybersecurity community to put their advanced computer skills to noncriminal uses. “Prior to even being charged, the defendants have engaged in extensive, exceptional cooperation with the United States Government,” prosecutors wrote, saying that their cooperation was “noteworthy in both its scale and its impact.”

As it turns out, the trio have contributed to a dozen or more different law enforcement and security research efforts around the country and, indeed, around the globe. In one instance, they helped private-sector researchers chase what they believed was an “advanced persistent threat” from a nation-state hacking group; in another, they worked with the FBI in advance of last year’s Christmas holiday to help mitigate an onslaught of DDoS attacks. Court documents also hint that the trio have been engaged in undercover work both online and offline, including traveling to “surreptitiously record the activities of known investigative subjects,” and at one point working with a foreign law enforcement agency to “ensur[e] a given target was actively utilizing a computer during the execution of a physical search.”

The government estimates that the trio have already collectively logged more than 1,000 hours of assistance, the equivalent of half a year of full-time employment.</p>

So that's positive, sort of. <a href="https://www.justice.gov/usao-ak/pr/hackers-cooperation-fbi-leads-substantial-assistance-other-complex-cybercrime">More details at the US Justice Department site</a>.
botnet  alaska  mirai  hacking  fbi 
yesterday by charlesarthur
Spike in fraud cases as criminals adopt illegal software - Chinadaily.com.cn
A report released Monday by the SPC's China Justice Big Data Service Platform said the number of online and telecom fraud cases concluded by Chinese courts rose more than 70 percent year-on-year in 2017. - SPC is China's Supreme People's Court

The report did not include exact figures on how many cases were heard in 2016 and 2017.

"Not content with cheating people out of money with spam calls or texts, fraudsters have started using WeChat and illegal number-disguising software to deceive victims," it said
china  informationsecurity  privacy  hacking  totwitter 
2 days ago by renaissancechambara
Altaba to settle lawsuits relating to Yahoo data breach for $47m • TechCrunch
Zack Whittaker:
<p>Altaba, the holding company of what Verizon left behind after its acquisition of Yahoo, said it has settled three ongoing legal cases relating to Yahoo’s previously disclosed data breaches.

In a Monday filing with the Securities and Exchange Commission, the former web giant turned investment company said it has agreed to end litigation for $47m, which the company said will “mark a significant milestone” in cleaning up its remaining liabilities.

The deal is subject to court approval, which attorneys for both sides asked the court to approve the deal within 45 days, according to a filing submitted Friday.

In case you missed it, Yahoo had two data breaches — one in mid-2013, where data on all of the company’s three billion users was stolen, and another breach a year later of 500 million accounts, including email addresses and passwords. The company blamed the attack on state-sponsored hackers, without citing any evidence or pointing any fingers.

Muddying the waters, the breach was discovered during Verizon’s bid to acquire the web giant and its assets for $4.83bn. Verizon dropped its offer price by some $350m after the scope of the breach was fully realized, and created Oath. (Disclosure: TechCrunch is also owned by Oath.)</p>

This is a desultory amount of money per user. Even on the smaller hack of 500 million, it's just 9 cents per person. On the 3 billion, it's 1.5 cents.
yahoo  hacking 
3 days ago by charlesarthur

« earlier    

related tags

00000  2fa  aadhaar  abuse  accesscard  active  ad  after  alaska  allows  appdev  apple  appletv  archive  arm  art  articles  aslr  assembly  attack  aws  badtech  batch  bestpractices  bios  blogit  botnet  botnets  brigade  britishairways  browser  businesswire  bypass  c  caf  car  cars  china  chrome  cis3360  cis4615  civic  cli  clone  code  codeforamerica  codeforphilly  command  community  compilers  cpu  crime  critcode  crypto  cs  csp  ctf  culture  cve  cyber-warfare  cybersecurity  darkweb  database  dataprotection  ddos  debate  defcon  despite  development  directory  diy  domain  e-voting  elections  electricity  electronics  email  emoji  encryption  engine  equifax  exploit  extension  facial_recognition  family  fbi  fears  file  finance  firmware/os  firmware  font  format  fuzzing  games  georgia  goes  gone  google  guide  hack  hackathons  hackers  hardware  history  howto-osx  humor  hypervisor  important  in  india  industry  informationsecurity  infosec  infrastructure  intel  interesting  internet  internetofthings  ios  iot  j1939  jailbreak  javascript  jk-analyst  jk-anon  jk-engineer  jpeg  judge  kahoot  keyboard  kids  korg  kronos  kubernetes  lawenforcement  learning  linklist  linux  lolwut  longreads  macos  mail  mh  microcode  military  minimalism  mirai  muas  music_resources  netart  network  newyorkmagazine  notmuch  nudity  online  opensource  password  payments  pdf  pentest  pentesting  people  persistence  personaldata  phishing  pocket  politics  polygot  practical  pressreleases  prison  privacy  product  programming  project  quinnnorton  raspberrypi  recon  reference  resources  restore  restores  reversing  rfid  russia  russian  safari  sbc  scam  scammers  search  searchengine  security  securityaffairs  seguridad  servers  service  smm  software  spear-phishing  spyware  ssl  sup  synth  systems  technology  tesla  theft  timeline  tool  tools  tootme  top  totwitter  toys  truck  truetype  tutorial  uefi  umich.edu  unicode  unix  us  usenix  user  utilities  vmware  voting  vulnerability  war  wargames  webkit  when  wiki  will  windows  wrong  xss  yahoo  yubikey 

Copy this bookmark: