In-depth security news and investigation
  1. Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

    On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy.
  2. Microsoft Patch Tuesday, April 2021 Edition

    Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server -- the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windows flaw that is actively being exploited in the wild.
  3. ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

    Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that's popular in North America. The stolen data includes customer email addresses, phone numbers, license plate numbers, hashed passwords and mailing addresses.
  4. Are You One of the 533M People Who Got Facebooked?

    Ne'er-do-wells leaked personal data -- including phone numbers -- for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Meanwhile, if you're a Facebook product user and want to learn if your data was leaked, there are easy ways to find out.
  5. Ransom Gangs Emailing Victim Customers for Leverage

    Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim's customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.
  6. Ubiquiti All But Confirms Breach Response Iniquity

    For four days this past week, Internet-of-Things giant Ubiquiti failed to respond to requests for comment on a whistleblower's allegations that the company had massively downplayed a "catastrophic" two-month breach ending in January to save its stock price, and that Ubiquiti's insinuation that a third-party was to blame was a fabrication. I was happy to add their eventual public response to the top of Tuesday's story on the whistleblower's claims, but their statement deserves a post of its own because it actually confirms and reinforces those claims.
  7. New KrebsOnSecurity Mobile-Friendly Site

    Dear Readers, this has been long overdue, but at last I give you a more responsive, mobile-friendly version of KrebsOnSecurity. We tried to keep the visual changes to a minimum and focus on a simple theme that presents information in a straightforward, easy-to-read format. Please bear with us over the next few days as we hunt down the gremlins in the gears.
  8. Whistleblower: Ubiquiti Breach “Catastrophic”

    On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the incident response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.
  9. No, I Did Not Hack Your MS Exchange Server

    New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Let's just get this out of the way right now: It wasn't me.
  10. Phish Leads to Breach at Calif. State Controller

    A phishing attack last week gave attackers access to email and files at the California State Controller's Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.

Copyright © 2021 • All Rights Reserved.Sensible Voice, LLC
1 High Street • Brandon, VT 05733 • Contact Us • Privacy Policy