U.S. federal agencies revealed criminal charges against five computer hackers, all of whom were residents and nationals of the People’s Republic of China (PRC). All were charged of computer intrusions affecting over 100 victim companies in the United States and abroad, including software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.
Recently, two teens and a young adult infiltrated one of Silicon Valley’s biggest companies in a high-profile hack – and the biggest ever for Twitter. Authorities say the 17-year-old “mastermind” used social engineering tactics to convince a Twitter employee that he also worked in the IT department and gained access to Twitter’s Customer Service Portal. The 130-account takeover proved unique, as it was fundamentally a dramatic manipulation of trust and could have had far more world-changing consequences if the attackers had the aspirations of say, a dangerous fringe group versus that of a teenager. There are a few takeaways to learn here, especially when it comes to considering redefining what we classify as “critical infrastructure” and what must be protected at all costs.
Black Hat announces that Matt Blaze, McDevitt Chair in Computer Science and Law at Georgetown University, and Renée DiResta, Research Manager at Stanford Internet Observatory, will keynote Black Hat USA 2020, taking place virtually August 1-6.
Twitter accounts belonging to Joe Biden, Bill Gates, Elon Musk and Apple, and other high-profile accounts, were compromised in what Twitter said it believes to be an attack on some of its employees with access to the company's internal tools, says a CNN news report.
Fullstack Cyber Bootcamp, New York City's cybersecurity bootcamp partner, announced an initiative to offer free introductory courses to people nationwide, providing an opportunity for individuals to explore the cybersecurity industry as a potential career path.
In contrast to the competitions on Russian-language cybercriminal forums profiled previously by Digital Shadows, how are competitions on English-language cybercriminal forums more generally "innocent"?
The best way to prevent scripting attacks, such as those that implement Python back doors or compromise PowerShell, is to implement identity-based zero trust. In a zero trust environment, IT treats the internal network as if it were the public internet, a place where nothing can be trusted, and anything can be a threat.
