OT: Target got got (de facto Bad Cyber Stuff thread)

[puckhead]

Gubberment got got

 

[jstewismybastardson]

Gubberment got got

By russians

 

[jstewismybastardson]

Meanwhile

 

[forty_three]

And many Google services login mechanisms were out for a few hours earlier today.

FireEye (The security company that got breached las week) announced how the bad guys got in.

Coincidence, I am sure.

 

[puckhead]

Sounds like they got got pretty deep

 

[jstewismybastardson]

Man ... did Putin get his moneys worth outta Trump or what?

 

[thedddd]

And many Google services login mechanisms were out for a few hours earlier today.

FireEye (The security company that got breached las week) announced how the bad guys got in.

Coincidence, I am sure.

Solarwinds got hacked also and before they announced it $280 million in stock days prior to revealing the hack.

Yep all coincidence....

 

[forty_three]

Solarwinds got hacked also and before they announced it $280 million in stock days prior to revealing the hack.

Yep all coincidence....

They were the source of all of this. They failed to protect their update mechanism for their software, so anyone who uses their product had a backdoor downloaded into their systems.

3 places I have worked at use or at least in the past used it. It's one of the biggest network monitoring packages on the planet. It's actually really good stuff.

And as of 2 days ago, the poisoned update was still on their update servers. We're going to watch a multi-billion dollar company just evaporate in the next month.

 

[thedddd]

They were the source of all of this. They failed to protect their update mechanism for their software, so anyone who uses their product had a backdoor downloaded into their systems.

3 places I have worked at use or at least in the past used it. It's one of the biggest network monitoring packages on the planet. It's actually really good stuff.

And as of 2 days ago, the poisoned update was still on their update servers. We're going to watch a multi-billion dollar company just evaporate in the next month.

Yeah the Fortune 15 company I was at prior uses Solarwinds. The folks I used to work with there are running around like chickens with their heads cut off.
Their issue is far reaching around the world and into joint ventures with other larger companies.

 

[puckhead]

Greeeeat....

 

[puckhead]

EA got got
"if it's in the game, it's in t--- bababoooey!!"

 

[forty_three]

EA got got
"if it's in the game, it's in t--- bababoooey!!"

The good news is much like EA developers, the hackers ignored the NHL series.

 

[forty_three]

Over a billion records belonging to CVS Health exposed online

The exposure is another example of misconfiguration that can impact security.

www.zdnet.com

Bad: I am forced by my insurance to get all my meds at CVS through their back room deal
Good: More free ID theft monitoring coming my way.

 

[sabresfaninthesouth]

Over a billion records belonging to CVS Health exposed online

The exposure is another example of misconfiguration that can impact security.

www.zdnet.com

Bad: I am forced by my insurance to get all my meds at CVS through their back room deal
Good: More free ID theft monitoring coming my way.

I've got so much free ID monitoring at this point that I feel like superhero.

Then I remember ID monitoring is worthless and realize I'm basically Hawkeye or something.

 

[forty_three]

I've got so much free ID monitoring at this point that I feel like superhero.

Then I remember ID monitoring is worthless and realize I'm basically Hawkeye or something.

True dat.

1) Two factor Authentication on any website that involves money or medical info. If they don't offer it, don't use it (just had an argument with a doctor's office yesterday over it actually. "Why didn't you fill out the pre-visit forms online?" "Because your website is shit").
2) Never use the same password on any website involving money movement
3) Use a burner email to sign up for things. Never use the same password on those either
4) When filling out security questions - LIE. Yes, I did go to high school at Shattuck St Mary's. Go fighting Thundercats! Just lie in a way you can remember. Also never answer those surveys on facebook unless you intend to lie in those too. "Where did your parents meet?" "Attica"
5) Never give out your real email address. AND NEVER YOUR WORK EMAIL.
6) Regularly check haveibeenpwned.com and change any passwords on accounts you find there immediately.


You don't have to outrun the bear. You just have to outrun at least one other person being chased.

 

[forty_three]

Volkswagen, Audi Notify 3.3 Million of Data Breach

Volkswagen and its Audi subsidiary are notifying 3.3 million people in the U.S and Canada of a breach of personal information by a marketing services supplier.

www.bankinfosecurity.com

It's becoming alarming how many companies are putting data on servers they don't control with no protections. And it doesn't matter what kind of security your company has, if you have partners and vendors who don't care it becomes your problem.

 

[puckhead]

MCAfee got got.
the dude, not the software.

MSN

www.msn.com

 

[dash]

MCAfee got got.
the dude, not the software.

MSN

www.msn.com

From the article:

Nishay Sanan, the Chicago-based attorney defending him on those cases, said by phone that McAfee “will always be remembered as a fighter.”

Um, committing suicide is about as far as you can get from being considered a fighter.

 

[sbb122]

Sick fuck.

 

[forty_three]

Sinclair hit by ransomware attack, TV stations disrupted

Sinclair Broadcast Group says that some of its servers and work stations were encrypted with ransomware and that data was stolen from its network.

apnews.com

In my line of work, I typically feel a lot of sympathy for the front line people who have to deal with this kind of situation. But not for the people at that particular company.

Fuck Sinclair Media.