InfoSec News Nuggets 05/13/2022

DEA Investigating Breach of Law Enforcement Data Portal The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets. On May 8, KrebsOnSecurity received a tip that hackers obtained a…
Read More

InfoSec News Nuggets 01/24/2022

FSB detains administrator of UniCC carding forum The Russian Federal Security Service (FSB) has arrested the administrator of the UniCC carding forum and one of the members of the Infraud cybercrime cartel. The suspect was identified as Andrey Sergeevich Novak and was detained for two months on charges of computer crimes and money laundering. Three other suspects, identified as Kirill Samokutyaev, Konstantin Vladimirovich Bergman, and Mark Avramovich Bergman, were also detained and subsequently placed under…
Read More

InfoSec News Nuggets 9/30/2019

WordPress sites hacked through defunct Rich Reviews plugin An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers. Researchers at WordFence went public about how hackers are exploiting a zero-day vulnerability in a third-party WordPress plugin called Rich Reviews to inject malvertising code into vulnerable WordPress sites. The…
Read More