Insights

07 Feb

KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

Information, Insights

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. While I can’t predict what the producers will do with the video interviews we shot, it’s fair to say the series will explore compelling new clues as to who may have been responsible for the attack. The new docuseries produced by ABC News Studios and Wall to Wall Media…

Read More
05 Feb

Finland’s Most-Wanted Hacker Nabbed in France

Information, Insights

Julius “Zeekill” Kivimäki, a 25-year-old Finnish man charged with extorting a local online psychotherapy practice and leaking therapy notes for more than 22,000 patients online, was arrested this week in France. A notorious hacker convicted of perpetrating tens of thousands of cybercrimes, Kivimäki had been in hiding since October 2022, when he failed to show up in court and Finland issued an international warrant for his arrest. In late October 2022, Kivimäki was charged (and…

Read More
02 Feb

Cisco Releases Security Advisories for Multiple Products

Attacks, Insights, Malware

Original release date: February 2, 2023 Cisco released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
02 Feb

Drupal Releases Security Update to Address a Vulnerability in Apigee Edge

Attacks, Insights, Malware

Original release date: February 2, 2023 Drupal released a security update to address a vulnerability affecting the Apigee Edge module for Drupal 9.x. An attacker could exploit this vulnerability to bypass access authorization or disclose sensitive information. CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB- 2023-005 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
01 Feb

VMware Releases Security Update for VMware vRealize Operations

Attacks, Insights, Malware

Original release date: February 1, 2023 VMware released a security update that addresses a cross-site request forgery bypass vulnerability affecting VMware vRealize Operations. A malicious user could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0002 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
01 Feb

Phishing Resistance – Protecting the Keys to Your Kingdom

Insights

Credit: Shutterstock If you own a computer, watch the news, or spend virtually any time online these days you have probably heard the term “phishing.” Never in a positive context…and possibly because you have been a victim yourself. Phishing refers to a variety of attacks that are intended to convince you to forfeit sensitive data to an imposter. These attacks can take a number of different forms; from spear-phishing (which targets a specific individual within…

Read More
27 Jan

ISC Releases Security Advisories for Multiple Versions of BIND 9

Attacks, Insights, Malware

Original release date: January 27, 2023 The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures. CISA encourages users and administrators to review the following ISC advisories CVE-2022-3094, CVE-2022-3488, CVE-2022-3736, and CVE-2022-3924 and apply the necessary mitigations. This product is provided subject to this Notification and…

Read More
27 Jan

Data Analytics for Small Businesses: How to Manage Privacy Risks

Insights

Perhaps you’ve been hearing about data analytics, which is being promoted as a way for even small businesses to analyze communications with customers, enhance customer experience, save money, and ultimately improve your brand. However, data analytics can have big privacy implications. You may think of managing privacy risk as protecting sensitive customer information, such as credit cards. As the Venn diagram to the right demonstrates, data security is certainly one aspect of privacy risk, but…

Read More
26 Jan

JCDC Announces 2023 Planning Agenda

Attacks, Insights, Malware

Original release date: January 26, 2023 Today, the Joint Cyber Defense Collaborative (JCDC) announced its 2023 Planning Agenda. This release marks a major milestone in the continued evolution and maturation of the collaborative’s planning efforts. JCDC’s Planning Agenda brings together government and private sector partners to develop and execute cyber defense plans that achieve specific risk reduction goals focused on systemic risk, collective cyber response, and high-risk communities. Through this effort, CISA and partners across…

Read More
25 Jan

Experian Glitch Exposing Credit Files Lasted 47 Days

Data Breaches, Information, Insights

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month. This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between…

Read More