Security News

Amazon textbook rental service scammed for $1.5m
2021-10-15 23:24

From January 2016 through March 2021, according to the indictment, Talsma rented textbooks from the Amazon Rental program in order to sell them for a profit. He supposedly did so to bypass the 15 book limit Amazon placed on textbook rentals.

Friday Squid Blogging: New Giant Squid Video
2021-10-15 21:18

New video of a large squid in the Red Sea at about 2,800 feet. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

The Week in Ransomware - October 15th 2021 - Disrupting ransoms
2021-10-15 20:35

October 11th 2021 Pacific City Bank discloses ransomware attack claimed by AvosLocker. The White House National Security Council facilitates virtual meetings this week with senior officials and ministers from more than 30 countries in a virtual international counter-ransomware event to rally allies in the fight against the ransomware threat.

TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates
2021-10-15 18:05

The development also speaks to the TrickBot gang's increasing sophistication and standing in the cybercrime underground, IBM researchers said: "This latest development demonstrates the strength of its connections within the cybercriminal ecosystem and its ability to leverage these relationships to expand the number of organizations infected with its malware." According to IBM, the TrickBot gang has now added powerful additional distribution tactics to its bag of tricks, thanks to the two new affiliates.

Missouri Vows to Prosecute ‘Hacker’ Who Informed State About Data Leak
2021-10-15 17:44

The St. Louis Post-Dispatch newspaper recently found a huge security blunder: The Missouri educational agency's site was displaying 100,000+ clearly visible Social-Security numbers for school teachers, administrators and counselors in its HTML source code. Through a multi-step process, an individual took the records of at least three educators, decoded the HTML source code, and viewed the SSN of those specific educators.

US links $5.2 billion worth of Bitcoin transactions to ransomware
2021-10-15 17:40

Based on blockchain analysis of transactions tied to the 177 CVC wallets, FinCEN identified roughly $5.2 billion in outgoing BTC transactions potentially tied to ransomware payments. FinCEN also linked these transactions to a total of $590 million exposed by 458 transactions reported and 635 SARs filed by financial institutions this year, between January 2021 and June 2021.

LANtenna hack spies on your data from across the room! (Sort of)
2021-10-15 16:58

Mordechai Guri from the abovementioned Ben Gurion University of the Negev in Israel has recently published a new 'data exfiltration' paper detailing an unexpectedly effective way of sneaking very small amounts of data out of a cabled network without using any obvious sort of interconnection. How to split a network into two parts, running at different security levels, that can nevertheless co-operate and even exchange data when needed, but only in strictly controlled and well-monitored ways.

The White House's international summit on ransomware: Biggest cybersecurity takeaways
2021-10-15 16:57

This week the White House held a summit with various nations to address the threat of ransomware. The White House held a virtual ransomware summit this week with over 30 countries in attendance-although a few notable nations were excluded, such as China, Russia and North Korea.

New Windows 10 KB5006670 update breaks network printing
2021-10-15 16:13

Windows 10 users and administrators report widescale network printing issues after installing the KB5006670 cumulative update and other updates released this week. Since installing the KB5006670 update, users are reporting that they cannot print to network print servers, with some users receiving 0x00000709 or 'Element not found' errors when attempting to print.

Twitch downplays this month's hack, says it had minimal impact
2021-10-15 15:37

In an update regarding this month's security incident, Twitch downplayed the breach saying that it had minimal impact and only affected a small number of users. "We've undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly," Twitch said.