Krebsonsecurity

Subscribe to Krebsonsecurity

Three recent events are prompting me to update our previous blog post on the difficult decision of whether to pay or not to pay ransomware following an attack [view related post].

The first event is the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory on October 1, 2020,

On October 27, 2020, the FBI and the Department of Homeland Security (DHS) warned the health care industry about “an imminent cybercrime threat to U.S. hospitals and healthcare providers.”

According to the warning, which was shared during a conference call, the government has received “credible information of an increased and imminent cybercrime threat to U.S.

It is an old trick, and one that scammers are once again using following massive lay-offs after the coronavirus outbreak and mandates to shelter from home. The trick is to impersonate an employer recruiting for jobs, or touting the ability to make lots of money while working from home. As the old adage says, “If

I have been alerting clients that I know use Wipro, but may have missed some of you. It is being reported that IT outsourcing company Wipro Ltd. has been hacked through several phishing campaigns from what is believed to be a state-sponsored attacker.

According to recent reports, including KrebsonSecurity, sources have stated that “Wipro’s systems

The United State Postal Service (USPS) launched a program called “Informed Delivery” with the goal to assist consumers in protecting themselves from identity theft. The program allows consumers to register an account on usps.gov which allows one to view scanned images of all of their incoming mail for free.

However, it is being reported that

We reported last week that a spyware maker compromised users’ and victims’ sensitive information [view related post]. Since that time, another spyware maker, mSpy, which holds itself out as having over a million users employing its product to “spy” on their partners and children, has reportedly leaked the passwords, call logs, text messages, location

Medical transcription provider MEDantex has reportedly exposed the protected health information of thousands of patients through its unsecured provider portal, which did not require a password for access.

According to reports, including KrebsOnSecurity, the patients’ audio medical notes were uploaded to MEDantex’s website, which were then to be transcribed and uploaded to a portal accessible

KrebsonSecurity has reported that the Russian organized cybercrime group dubbed the Carbanak Gang, which in the past has been suspected of stealing more than $1 billion from banks, retailers and hotels and restaurants worldwide, may have breached “hundreds of computer systems” at Oracle Corp’s MICROS division.

It is further reported that Oracle’s MICROS division is