Zack Whittaker
@zackwhittaker
Zack Whittaker’s Tweets
Two victim organizations told TechCrunch that they only learned that their data had been stolen after they each received ransom demands.
Both organizations said they had been assured by Fortra that their data was unaffected by the ransomware attack.
12
12
Show this thread
New: Software maker Fortra told some of its corporate customers that their data was safe following a January ransomware attack. But then came the ransom demands.
w/ :
3
19
23
Show this thread
NEW: This is how the FBI found and identified Pompompurin, the admin of the cybercrime forum BreachForums.
The feds also said today that they conducted a "disruption operation" that caused BreachForums to go offline.
1
25
64
New: US Wellness, a major provider of healthcare and wellness programs in the U.S. with millions of customers, confirmed a breach involving a third-party vendor.
That vendor is likely Fortra, given US Wellness was a GoAnywhere customer.
More: tcrn.ch/3JDEQDO
read image description
ALT
1
22
30
New: A hacker stole ~1 million user records from kids tech camp iD Tech in January, but parents *still* haven't heard from the company. One parent says the stolen data includes kids' DOBs.
When reached by email, CEO Pete Ingram-Cauchi would not comment.
3
51
84
TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the breach — including the City of Toronto, Hitachi, and Hatch Bank — suggesting more victims are likely to come forward.
3
6
Show this thread
Breaking: City of Toronto confirms to TechCrunch that it *is* affected by a recent mass ransomware attack. A city spox. confirmed that "unauthorized access to City data did occur through a third party vendor." That vendor is Fortra.
Our updated story:
2
41
44
Show this thread
I don't know who needs to hear this, but any U.S. lawmaker pushing for a TikTok ban clearly doesn't understand how the internet — or the First Amendment — works, and besides, they're focusing on the entirely *wrong* problem.
1
10
32
New: The list of known victims is growing after the Clop ransomware gang claimed it mass-hacked 130 orgs using a bug in a popular data transfer tool called GoAnywhere.
But the impact is murky at best. It's not clear if even Clop knows what data it stole.
1
43
50
More details on aCropalypse. I suffered a grave injustice when my description of affected images as “Mary Poppins bag photos” was ruthlessly cut from the draft. But in truth it was I who failed to incorporate any mention of “aCropalypse on the Acropolis”
2
14
Kelly Lum passed away on Sunday.
She will be remembered for her hacking acumen, her courageous openness in speaking about mental health, her memorable memes, and unparalleled karaoke skills.
13
167
436
Show this thread
New: The list of known victims is growing after the Clop ransomware gang claimed it mass-hacked 130 orgs using a bug in a popular data transfer tool called GoAnywhere.
But the impact is murky at best. It's not clear if even Clop knows what data it stole.
1
43
50
NEW: The new admin of BreachForums announced they are shutting down the site "as I believe we can assume that nothing is safe anymore."
"I hope to bring something back that will rival any other community that can take our place."
1
9
16
NEW: Google has suspended the official app of Chinese e-commerce giant Pinduoduo, “for security concerns."
Google also flagged several apps made by Pinduoduo, which are hosted outside of the Play Store, as malware, prompting users to uninstall them.
techcrunch.com/2023/03/20/goo
5
59
103
Show this thread
A reminder to those who are reporting on the definitely newsworthy detail that the FPOTUS expects to be arrested on Tuesday: He is attempting to incite violence. Don't HELP him by disseminating his incitement without breaking it up in some way.
71
875
3,436
Show this thread
🚨 Google is sounding a rare alarm for users to *take action* to protect themselves against serious security flaws in Samsung chips found in dozens of popular Android handsets, which can be "silently and remotely" exploited over the cellular network.
1
28
51
New: Google's Project Zero is sounding the alarm over four zero-day flaws in Samsung chips, affecting dozens of Android models. Google says the flaws can be "silently and remotely" exploited over the cell network.
7
77
156
U.S. cybersecurity unit CISA says nation-state hackers exploited a years-old software bug to breach a U.S. federal agency tcrn.ch/3mTuoAi by
17
22
Dish customers are still looking for answers two weeks after the company was hit by a ransomware attack. Customers continue to experience service issues and haven't yet been told if their personal data is at risk
3
13
16
Show this thread
NEW: Several international law enforcement agencies have taken down ChipMixer, a crypto laundering service linked to the FTX hack and several ransomware gangs.
ChipMixer facilitated laundering of 152,000 Bitcoins (~$25 million), according to Europol.
4
22
30
1
15
16
As unlikely as it is, a national TikTok ban would not stop Americans’ data from ending up in China. The data has to be stemmed at the source — by not allowing American tech companies to collect gobs of data from people’s devices to begin with.
5
10
Show this thread
This week, a Canadian (), a French guy () and an Englishman (me) talk about why an American TikTok ban isn't going to solve much, and what U.S. lawmakers should work on instead (but probably won't).
1
1
8
Show this thread
The SEC has charged Blackbaud for failing to disclose the ‘full impact’ of 2020 ransomware attack that exposed the bank account details of 13,000 customers
1
22
24
New: Cerebral, the therapy telehealth startup, shared millions of patients' personal and health information with advertisers, like Google, Facebook and TikTok, for at least three years. More than 3.1 million individuals affected.
5
96
125
New: PeopleGrove investigating security lapse after researcher finds exposed users' personal information online.
12
13
NEW: The U.S. government announced today it seized a website used to sell NetWire, software widely considered to be malware.
In an affidavit, an FBI agent explained how the feds determined that NetWire was indeed malicious.
5
121
228
Show this thread
As lawmakers and the government endlessly fixate about TikTok and China, they continue to neglect the larger problem — and that's at home. The scary calls are coming from inside America’s house.
2
14
25
Twitter's privacy-preserving Tor service has gone dark after less than a year. The Tor Project says its certificate expired on March 6, and it seems Twitter has no plans to renew
4
40
54
NEW: The Russian game developer Battlestate Games said it has banned 6,700 cheaters in a week from Escape from Tarkov.
The company has also taken the unusual step of publishing the nicknames and handles of all the cheaters.
135
73
684
A report by Homeland Security's watchdog found that the Secret Service and ICE often used cell-site simulators — known as stingrays — without obtaining the appropriate search warrants.
3
29
34
NEW: Hackers have stolen the data of around 500,000 customers of the online gun shop Gun Auction, including names, home addresses, phone numbers, emails addresses, and plaintext pwds.
It's also possible to track a gun purchase to a specific customer.
8
68
86
Show this thread
Hatch Bank says hackers exploiting a zero-day in Fortra's GoAnywhere software stole 140,000 customer SSNs. It was notified of the flaw on Feb 3, a day after Brian Krebs shared details of the vulnerability
1
14
19
This isn’t just one former Microsoft executive who got unlucky and fell through the cracks. To say the quiet part out loud, USPS isn't enforcing its own policy on identity checks when someone files a paper change of address form.
Here's our story.
3
4
21
Show this thread
When we asked USPS (and USPIS) what it is currently doing to prevent this kind of change of address fraud that still affects thousands of people a year, they had no answer.🤷Clearly something isn't working if fraudsters are still rerouting people's mail! tcrn.ch/3ZbxCgO
2
1
6
Show this thread
USPS agreed to fix this flaw back in 2019 after its independent watchdog said that if USPS didn't implement a national policy to check someone's ID when submitting this form in person, it would harm USPS' "trusted" reputation. Yet, this fraud continues.
1
1
6
Show this thread
The flaw is simple and long known to fraudsters. It relies on an old fashioned trick — filling out a postcard-sized "change of address" form at a USPS post office — because there's no guarantee that USPS will check the identity of the person submitting it. tcrn.ch/3ZbxCgO
read image description
ALT
1
10
Show this thread






