94 matches found
SUSE CVE-2018-19358
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms involving the busconf...
Biden Cybersecurity Executive Order: Ex-USSS Reflects
Ed Cabrera, former CISO of the US Secret Service and current Chief Cybersecurity Officer for Trend Micro, reflects on the effectiveness of Biden’s executive order and what organizations of all sizes can learn from it...
The January 6 Secret Service Text Scandal Turns Criminal
Plus: The FCC cracks down on car warranty robocalls, Thai activists get targeted by NSO's Pegasus, and the Russia-Ukraine cyberwar continues...
The Fake Federal Agents Case Baffling US Intelligence Experts
Guns. Luxury apartments. Duped Secret Service personnel. Did the FBI uncover a foreign plot, or something more ridiculous?...
BlackByte Tackles the SF 49ers & US Critical Infrastructure
The San Francisco 49ers were recently kneecapped by a BlackByte ransomware attack that temporarily discombobulated the NFL team’s corporate IT network on the Big Buffalo Wing-Snarfing Day itself: Superbowl Sunday. BlackByte – a ransomware-as-a-service RaaS gang that leases its ransomware to...
Advisory ROSA-SA-2021-1845
Software: gnome-keyring 3.28.2 OS: Cobalt 7.9 CVE-ID: CVE-2018-19358 CVE-Crit: HIGH CVE-DESC: The GNOME keyring up to version 3.28.2 allows local users to obtain login credentials through the Secret Service API call and the D-Bus interface if the keyring is unlocked, similar to CVE-2008-7320. On...
How Cyber Sleuths Cracked an ATM Shimmer Gang
In 2015, police departments worldwide started finding ATMs compromised with advanced new "shimming" devices made to steal data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldnt decrypt the data on the devices. This is...
Compromise of U.S. Water Treatment Facility
Summary On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition SCADA system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also...
Hackers try to poison Florida City’s drinking water
The FBI, the Secret Service, and the Pinellas County Sheriffs Office are currently investigating an attempted poisoning of a city by an individual or group of hackers that occurred Friday last week. If it hadnt been caught in time, at least 15,000 people could have been affected. In a Monday pres...
Hacker Tries to Poison Water Supply of Florida Town
A threat actor hacked into the computer system of the water treatment facility in Oldsmar, Fla., and tried to poison the town’s water supply by raising the levels of sodium hydroxide, or lye, in the water supply. The attack happened just two days before NFL’s Super Bowl LV was held nearby in Tamp...
New Charges Derail COVID Release for Hacker Who Aided ISIS
A hacker serving a 20-year sentence for stealing personal data on 1,300 U.S. military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft. The new charges have derailed plans to deport him under compassionate...
Police Vouch for Hacker Who Guessed Trump’s Twitter Password
When Dutch ethical hacker Victor Gevers tried to alert Secret Service that he was able to guess the password to President Donald Trump’s Twitter handle last October, there were plenty of skeptics, most notably at the White House. Now, Dutch prosecutors have determined Gevers did, in fact, guess t...
Secret Service Investigates 700 Cases of Covid Relief Fraud
Ransomware as a service, exposed SMS photos, and more of the week's top security news...
Researcher: I Hacked Trump’s Twitter by Guessing Password
Dutch ethical hacker Victor Gevers claims it only took five attempts to guess the password to President Donald Trump’s Twitter account — “maga2020!”. That’s all he needed to hijack the @realdonaldtrump handle, according a report from Dutch newspaper de Volksrant, because it lacked even the most...
Confessions of an ID Theft Kingpin, Part II
Yesterdays piece told the tale of Hieu Minh Ngo, a hacker the U.S. Secret Service described as someone who caused more material financial harm to more Americans than any other convicted cybercriminal. Ngo was recently deported back to his home country after serving more than seven years in prison...
Confessions of an ID Theft Kingpin, Part I
At the height of his cybercriminal career, the hacker known as "Hieupc" was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the worlds top data brokers. That is, until his greed and ambition played straight into an elaborate snare se...
US Secret Service used ‘Locate X’ to track user location without warrant
By Zara Khan Locate X collects location data from smartphone apps. This is a post from HackRead.com Read the original post: US Secret Service used Locate X to track user location without warrant...
Twitter Hacker Arrested
A 17-year-old Florida boy was arrested and charged with last week's Twitter hack. News articles. Boing Boing post. Florida state attorney press release. This is a developing story. Post any additional news in the comments. EDITED TO ADD 8/1: Two others have been charged as well. EDITED TO ADD 8/1...
Secret Service Creates Cyber Fraud Task Forces
The U.S. Secret Service has created the Cyber Fraud Task Forces CFTFs, aimed at preventing, detecting and mitigating complex cyber-enabled financial crime – including making arrests and convictions. The CFTF is the result of a formal merging of two of the Secret Service’s existing units into a...
Riding the State Unemployment Fraud ‘Wave’
When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that's exactly what appears to be going on right now as multiple U.S...