Tag Archives: kim zetter

3CX Breach Was a Double Supply Chain Compromise

April 20, 2023

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

July 19, 2021

71 Comments

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective.

Paris Terror Attacks Stoke Encryption Debate

November 17, 2015

111 Comments

U.S. state and federal law enforcement officials appear poised to tap into public concern over the terror attacks in France last week to garner support for proposals that would fundamentally weaken the security of encryption technology used by U.S. corporations and citizens. Here’s a closer look at what’s going on, and why readers should be tuned in and asking questions.

Microsoft Fixes Stuxnet Bug, Again

March 10, 2015

62 Comments

Microsoft today shipped a bundle of security updates to address more than three dozen vulnerabilities in Windows and associated software. Included in the batch is a fix for a flaw first patched in 2010 — the very same vulnerability that led to the discovery of the infamous cyberweapon known as Stuxnet. Turns out, the patch that Microsoft shipped to fix that flaw in 2010 didn’t quite do the trick, leaving Windows users dangerously exposed all this time.

U.S. Government Takes Down Coreflood Botnet

April 14, 2011

28 Comments

The U.S. Justice Department and the FBI this week were granted unprecedented authortiy to seize control over a criminal botnet that enslaved millions of computers and to use that control to disable the malicious software on infected PCs.

The target of the takedown was “Coreflood,” an infamous botnet that first emerged almost a decade ago as a high-powered virtual weapon designed to knock targeted Web sites offline. Over the years, the crooks running the botnet began using it to defraud owners of the victim PCs by stealing bank account information and draining balances.

Hacked Companies Hit by the Obvious in 2009

July 28, 2010

18 Comments

As a rule, I tend to avoid writing about reports and studies unless they offer truly valuable and actionable insights: Too often, reports have preconceived findings and that merely serve to increase hype and drum up business for the companies that commission them. But I always make an exception for the annual data breach report issued by the Verizon Business RISK team, which is so chock full of hype-slaying useful data and conclusions that it is often hard to know what not to write about from the report.

Call Centers for Computer Criminals

April 20, 2010

14 Comments

A call service that catered to bank and identity thieves has been busted up by U.S. and international authorities. The takedown provides a fascinating glimpse into a bustling and relatively crowded niche of fraud services in the criminal hacker underground.… Read More »