CyberSecure Specialist

19 Jul

Child identity theft: how do I keep my kids’ personal data safe?

Information

Why is kids’ personal information in high demand, how do criminals steal it, and what can parents do to help prevent child identity theft? Total identity fraud losses in the US were estimated at a whopping $43bn last year. While many of us are getting savvier about how we protect our personal information online, can we say the same about our children’s data? Child identity theft is more common than you might think. Almost a…

Read More
19 Jul

Google Virus Total leaks list of spooky email addresses

Information

by Paul Ducklin Early disclaimer: this isn’t quite the mother of all data breaches, nor even perhaps a younger cousin, so you can stand down from Blue Alert right away. As far as we can tell, only names, email addresses and employers were leaked in the wrongly shared document. But what names they were! The leaked list apparently made up a handy email Who’s Who list of global cybersecurity experts from intelligence agencies, law enforcement…

Read More
19 Jul

Microsoft hit by Storm season – a tale of two semi-zero days

Information

by Paul Ducklin At the tail-end of last week, Microsoft published a report entitled Analysis of Storm-0558 techniques for unauthorized email access. In this rather dramatic document, the company’s security team revealed the background to a previously unexplained hack in which data including email text, attachments and more were accessed: from approximately 25 organizations, including government agencies and related consumer accounts in the public cloud. The bad news, even though only 25 organisations were apparently…

Read More
19 Jul

Recycling Giant Tomra Takes Systems Offline Following Cyberattack

Information, News

Norwegian recycling giant Tomra has taken some of its systems offline after falling victim to what it describes as “an extensive cyberattack”. A multinational company, Tomra manufactures waste collection and sorting products, including reverse vending machines and food sorters. The company operates close to 100,000 recycling systems worldwide. On Monday, Tomra announced that some of its data systems were impacted by a cyberattack that was discovered on July 16, and that it immediately disconnected some…

Read More
18 Jul

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Data Breaches, Information, Insights

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of passwords and other data exposed in countless data breaches. KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom, was hired in…

Read More
18 Jul

Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme

Information, News

A Nigerian national who had been living in the United Arab Emirates has been sentenced to more than eight years in a US prison for his role in an $8 million cybercrime scheme. The man, 31-year-old Olalekan Jacob Ponle, aka Mark Kain and Mr Woodbery, was involved in a business email compromise (BEC) scheme for at least nine months in 2019, while he was living in the UAE. He was arrested in the UAE in…

Read More
18 Jul

Adobe Releases Security Updates for ColdFusion

Attacks, Insights, Malware

Adobe has released security updates to address a critical vulnerability (CVE-2023-38203) affecting ColdFusion. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Adobe security release APSB23-41 and apply the necessary updates.

Read More
18 Jul

Oracle Releases Security Updates

Attacks, Insights, Malware

Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for July 2023 to address vulnerabilities affecting multiple products. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Oracle’s July 2023 Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin and apply the necessary updates.

Read More
18 Jul

Citrix Releases Security Updates for NetScaler ADC and Gateway

Attacks, Insights, Malware

Citrix has released security updates to address vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467) affecting NetScaler ADC and NetScaler Gateway. An attacker can exploit one of these vulnerabilities to take control of an affected system. According to Citrix, CVE-2023-3519 is being exploited on unmitigated appliances. CISA encourages users and administrators to review the Citrix security bulletin and apply the necessary updates.

Read More
18 Jul

International Engagement – Brussels and Beyond

Insights

International engagement is an integral part of many ongoing NIST efforts, including the Journey to the Cybersecurity Framework (CSF 2.0) update, our update to the digital identity guidelines, and increasing awareness of the NIST Privacy Framework and IoT cybersecurity work. In the update to NIST CSF 2.0, NIST continues to work with the international community. At NIST’s February 2023 virtual workshop on the CSF 2.0 update, participants from Italian and New Zealand governments and Mexican…

Read More