Teri Robinson SC Media | Page 3 of 213
Teri Robinson

Teri Robinson

Executive Editor

Most recent articles by Teri Robinson

Hidden Cobra built global exfiltration network for Magecart skimming scheme

Hidden Cobra threat actors are behind a series of attacks aimed at U.S. and European shoppers, using Magecart to skim credit card information from retailers. “Researchers have attributed the activity to HIDDEN COBRA because infrastructure from previous operations was reused,” according to a report from Sansec, which also identified distinctive patterns in the malware code…

EARN IT passes Senate Judiciary, stokes concerns over erosion of end-to-end encryption

Proponents of the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARNIT) might tout its tough stance on online child sexual abuse material but privacy and digital rights advocates contend the bill, just passed by the Senate Judiciary Committee, will erode end-to-end encryption. EARN IT revokes Section 230 protection for internet intermediaries for what…

Running in infosec

Open S3 bucket exposes one million files of fitness brand V Shred

A misconfigured AWS S3 bucket at V Shred exposed more that one million files, including PII on 99,000 people associated with the fitness brand’s customers. Researchers at vpnMentor led by Noam Rotem and Ran Locar discovered the open server and alerted the company, which apparently removed the file containing the most PII, but kept the…

BMW issues security patch for bug allowing attackers physical access into vehicles

BMW customer database for sale on dark web

A database of 384,319 BMW car owners in the U.K. is being offered for sale on an underground forum by the KelvinSecurity Team hacking group, according to KELA, a darknet threat intelligence firm, based in Tel Aviv. The hacking group, which last week tried to sell databases related to U.S. business consulting firm Frost & Sullivan,…

Microsoft issues two out-of-band patches for RCE flaws, one critical

In a pair of out-of-band updates, Microsoft patched RCE vulnerabilities, one rated critical, the other important. Microsoft said the two vulnerabilities, CVE-2020-1425 (critical) and CVE-2020-1457 (important), fixed prior to the company’s monthly Patch Tuesday updates, are not likely to be exploited. “To successfully exploit this vulnerability, an attacker would need to deliver a specially crafted image…

Ransomware Threat

Xerox apparent victim of Maze attack

It appears that Xerox is among the victims of Maze ransomware attackers, if screenshots posted by the ransomware’s operators are legitimate. The hackers pilfered more than 100GB of information and are threatening to publish it, according to a report in BleepingComputer, which cited the ransom note as saying, “After the payment the data will be…

Resilience improved, but response dragged down by too many tools, too few playbooks, report says

While cybersecurity resilience has largely improved over five years, most organizations – 74 percent – say their security response plans are ad-hoc, applied inconsistently or are non-existent even as 13 percent say their ability to contain an attack has declined, a report on resiliency found. Organizations have too many security tools and not enough specific…

IoT adds value, risk but management within reach

Along with the tremendous opportunity brought to the enterprise by the gadgets that hang off of the Internet of Things (IoT) comes sizable risk that organizations must assess and manage. “Value should be considered while determining risk,” said Paul Rohmeyer, associate industry professors at the Stevens Institute of Technology, who led the “Managing Cybersecurity and…

UCSF paid $1.4 million ransom in NetWalker attack

The University of California, San Francisco (UCSF) ponied up $1.4 million to hackers to retrieve data encrypted during a NetWalker ransomware attack disclosed in early June.  “The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” according to a  statement from UCSF, which said…

Next post in Security News