PINDROP BLOG

Category: Hacking

July 13, 2017
Verizon Says Data Breach Exposure Limited
Verizon has acknowledged that millions of customer records, including phone numbers and account PINs, were exposed in a misconfigured cloud database, but says no one aside from a security researcher accessed the data. The data was in an Amazon cloud bucket administered by a third-party vendor used by Verizon in Israel. Chris Vickery, a researcher…
Read More →
July 13, 2017
Tens of Thousands of Machines Still Open to EternalBlue Bug
Weeks after the WannaCry and NotPetya ransomware campaigns emerged and months after Microsoft released a patch for the vulnerability the two pieces of malware used to spread, more than 60,000 machines are still vulnerable to the bug. The vulnerability, which lies in Microsoft’s implementation of the SMB protocol, has been part of both the WannaCry…
Read More →
July 10, 2017
Android Ransomware Threatens to Leak Victim Data
The attacker community is continuing to expand the variety of ransomware strains it creates, including a recent variant that doesn’t encrypt victims’ files but instead threatens to send personal data and photos to their contacts. Researchers at McAfee discovered this ransomware variant buried within a couple of apps in the Google Play app store recently.…
Read More →
July 7, 2017
Makers of ME Doc Software Say They’ve Closed Backdoor Used By NotPetya
The makers of the M.E. Doc software that has been at the center of the NotPetya malware story say they have produced an updated version of the application that does not include the backdoor that had been slipped in by attackers several months ago. “M.E.Doc has created an update that will ensure safe work in the…
Read More →
July 6, 2017
New Attack Recovers Satellite Phone Crypto Key in Fraction of a Second
A team of researchers from China has developed a new attack on one of the ciphers used to secure the communications of satellite phones that enables them to recover a 64-bit key in a fraction of a second under some circumstances. The work focuses on the GMR-2 cipher used in Inmarsat satellite phones and the attack…
Read More →
July 5, 2017
Ukrainian Police Seize Servers in NotPetya Investigation
UPDATE–Police in Ukraine have confiscated several servers from the software company that develops the M.E. Doc accounting software that is believed to have been an unwitting part of the distribution process for the NotPetya ransomware. Soon after the emergence of NotPetya last week, security researchers from several organizations zeroed in on the update mechanism for the…
Read More →
July 3, 2017
NATO: NotPetya Likely the Work of State Attackers
The NotPetya ransomware that hit thousands of computers last week likely was created and launched by state-sponsored attackers, according to a new analysis by security experts at NATO. Based on the complexity and estimated cost of the operation, analysts at NATO’s Cooperative Cyber Defense Center of Excellence concluded that NotPetya either was the work of…
Read More →
June 28, 2017
Petya-Derived Ransomware Is Acting Like Shamoon
UPDATE–Security researchers are continuing to delve into the details of the latest ransomware outbreak, and have found that the ExPetr ransomware has a number of interesting characteristics that separate it from other variants and raise questions about its purpose. The ExPetr or NotPetya ransomware shares some code and behavior with the older Petya ransomware, but researchers…
Read More →
June 27, 2017
Petya-Like Ransomware Hits Companies Across Europe
A fast-moving ransomware attack has hit a number of companies in several European countries and the United States, the second such widespread ransomware outbreak in as many months. The attack was originally thought to be a new variant of the Petya ransomware, but researchers have said that it appears to be an entirely new ransomware strain. There…
Read More →
June 26, 2017
Anthem Settles Data Breach Suit for $115 Million
Anthem Inc., the victim of one of the more extensive data breaches in U.S. history, has agreed to pay a settlement of $115 million to consumers affected by the incident. The settlement is believed to be the largest ever to result from a data breach in the U.S. and would end a class-action lawsuit that followed…
Read More →