Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

U.S. Court Sentences Russian Hacker to a Record-Setting 27 Years

On Friday, a Seattle Federal District Court judge sentenced 32 year old Roman Valerevich Seleznev  to 27 years in prison for running a vast credit card and identity theft operation, selling millions of credit card numbers on the black market. This was the longest sentence handed down for hacking-related charges in the United States.

Hacking Compromised Brazilian Bank Top To Bottom

Now here is an IT hacking horror story for you! Kaspersky's blog tells the tale of a bank in Brasil who lost their full online presense and had all of its 36 domains, corporate email and DNS seized by a criminal hacker group who then used the websites to drop malware on the unsuspecting bank customers. Ouch.

Verizon Wanted A 925 Million Discount Because Of Yahoo Hacking. CEO Mayer gets 23 Million Parachute

A newly filed Schedule A proxy statement at the Securities and Exchange Commission shows that Verizon requested a discount of 925 million dollar off the original 4.83 billion purchase price because of the massive hacking scandal. The Yahoo hacking incident(s) exfiltrated the credentials of 1.5 billion users over the last years. 

Survey: Most Hackers Break In Within Six Hours

A recent survey of 70 professional hackers and penetration testers found that 60% of them take a maximum of just six hours to compromise a target. The research titled The Black Report, was done at the 2016 Black Hat USA and Defcon by Australian technology company Nuix.

Is A Hacking Victim? They Lost 55K Records Somehow..., the online learning unit of LinkedIn, has reset passwords for some of its users after it discovered recently that an unauthorized external party had accessed a database containing user data.

The passwords of close to 55,000 affected users were reset as a precautionary measure and they have been notified of the issue, LinkedIn said in a statement over the weekend.

The professional network is also notifying about 9.5 million users who “had learner data, but no protected password information,” in the breached database. “We have no evidence that any of this data has been made publicly available and we have taken additional steps to secure accounts,” according to the statement. Here is the email that was sent: 

The 7 Levels Of Hackers

Eric Chabrow over at the Government Info Security blog found an interesting post by Stuart Coulson, who is a director of a hosting provider in the U.K. Coulson wrote a somewhat longish post where he identifies seven levels of hackers, the higher the number, the greater the threat they pose. Eric summarized the levels, and provided a link to the original longer article. Here they are:

Uh oh, Yahoo May Have Been COMPLETELY Pwned

We predicted that this would happen on September 23rd when the news broke that Yahoo lost "at least" 500 Million credentials. Just for a change I'm quoting myself here:   :-D

"Right, that is how it usually goes. This whole disclosure smells like a professional crisis-handling exercise.  Later, after more breach-investigation, they disclose that more credentials were stolen and that more data (credit cards) was exfiltrated than was known at the time of the discovery."

Well, as expected it's worse. Much worse. 

InfoArmor: The Yahoo Hackers Were Not State-sponsored

Eastern European organized crime, not state-sponsored hackers, were behind the record breaking 2014 Yahoo data breach that exposed information about hundreds of millions of Yahoo user accounts, InfoArmor said Wednesday.

The security firm found the stolen database while investigating into "Group E," a team of five professional hackers. 

InfoArmor's claims dispute Yahoo's claim that a "state-sponsored actor" was behind the 500 million-record data breach. Day one, several security experts (including yours truly) were skeptical of Yahoo's claim and were disappointed that the company isn't offering more details.

PAYCHEX: 60% Of Hacked SMBs Are Out Of Business 6 Months Later

Paychex wrote a great article about the urgency of creating a cyber security culture in your business. This is excellent ammo to send to your C-level execs:

"Creating a cyber security culture in your business involves more than providing tools like firewalls and virus protection software. Experts uniformly agree that educating employees about the threats of data breaches and cyber theft is a critical step in protecting your company's invaluable data.

But while most small businesses understand the need for a comprehensive data security program, many still believe hackers are only interested in going after big companies, and therefore may not take all the precautions that they should.

In fact, statistics compiled by the National Cyber Security Alliance paint a disturbing portrait of small business vulnerability:

TalkTalk Hackers Demanded $122K in Bitcoin

TalkTalk, a British phone and broadband provider with more than four million customers, disclosed Friday that intruders had hacked its Web site and may have stolen personal and financial data. Sources close to the investigation say the company has received a ransom demand of approximately £80,000 (~USD $122,000), with the attackers threatening to publish the TalkTalk's customer data unless they are paid the amount in Bitcoin. Recently Ashley Madison was also hit with a ransom demand after a hack.

Much more at Brian Krebs' excellent blog:

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews