Grant Smith, a security researcher, received a 'USPS package delivery' smishing text—one of up to 100,000 scam texts sent daily worldwide by the Smishing Triad. Upon discovering that his wife had fallen for the scam and entered her credit card details, Smith embarked on a mission to hunt down the scammers. Over several weeks, he exposed the Chinese-language group behind the scheme, hacked into their systems, and gathered substantial evidence. He provided this information to USPS inspectors and a US bank, preventing further fraudulent activities. Smith's findings reveal the mass scale of the problem, affecting hundreds of thousands of victims who inadvertently provided sensitive personal information.

USPS Text Scammers Duped His Wife, So He Hacked Their Operation Wired

At the Black Hat security conference, Jen Easterly, head of the Cybersecurity and Infrastructure Security Agency (CISA), emphasized the need for a fundamental change in software development practices to improve cybersecurity. Easterly attributed the current epidemic of security breaches to poor software quality, advocating for a "secure by design" approach. CISA has garnered commitments from 200 companies to improve their product security since the launch of this pledge in March. Additionally, the Biden administration is contemplating software liability reforms to hold technology vendors accountable for flaws, urging Congress to establish a software liability regime. National Cyber Director Harry Coker echoed the need for greater resilience against cyberattacks and supported a bipartisan Senate bill aimed at streamlining cybersecurity regulations. Coker also mentioned ongoing efforts by the Department of Treasury to develop a federal cyber insurance backstop for catastrophic cyber events, though this initiative remains in its early stages.

Easterly: Cybersecurity is a software quality problem cyberscoop

Sen. JD Vance's public Venmo friends list exposed 211 political operatives, tech executives, and other potentially sensitive contacts, highlighting the importance of privacy settings on the app. By default, Venmo makes friends lists and transaction details public, which can pose security risks and reveal personal data. Users can enhance their privacy by adjusting settings to make their friends list and transactions private, and enabling additional authentication layers. This incident serves as a reminder to regularly check and update privacy settings on all apps to protect personal information.

PSA: Don't Be Like JD Vance And Leave Your Venmo Public HuffPost

In a detailed exposé at Def Con, cybersecurity researcher Jon DiMaggio revealed his undercover efforts to infiltrate and unmask the notorious ransomware gang LockBit. Earlier this year, international law enforcement agencies had temporarily disrupted LockBit’s operations, seizing their dark web site. After the gang quickly rebounded, DiMaggio shared his two-year effort to unearth the identity of LockBit’s administrator, who he identified as Dmitry Khoroshev. Employing sockpuppet accounts and gaining the trust of LockBit’s leader, DiMaggio infiltrated the group’s operations. This culminated in a coordinated reveal by DiMaggio and the U.S. Department of Justice, putting a spotlight on Khoroshev and marking a significant milestone in cybercrime investigations. DiMaggio’s work emphasizes the risks and intricacies involved in cybercrime research and the potential consequences for those who infiltrate criminal networks.

How a cybersecurity researcher befriended, then doxed, the leader of LockBit ransomware gang TechCrunch

Grant Smith, a security researcher, received a 'USPS package delivery' smishing text—one of up to 100,000 scam texts sent daily worldwide by the Smishing Triad. Upon discovering that his wife had fallen for the scam and entered her credit card details, Smith embarked on a mission to hunt down the scammers. Over several weeks, he exposed the Chinese-language group behind the scheme, hacked into their systems, and gathered substantial evidence. He provided this information to USPS inspectors and a US bank, preventing further fraudulent activities. Smith's findings reveal the mass scale of the problem, affecting hundreds of thousands of victims who inadvertently provided sensitive personal information.

USPS Text Scammers Duped His Wife, So He Hacked Their Operation Wired

At the Black Hat security conference, Jen Easterly, head of the Cybersecurity and Infrastructure Security Agency (CISA), emphasized the need for a fundamental change in software development practices to improve cybersecurity. Easterly attributed the current epidemic of security breaches to poor software quality, advocating for a "secure by design" approach. CISA has garnered commitments from 200 companies to improve their product security since the launch of this pledge in March. Additionally, the Biden administration is contemplating software liability reforms to hold technology vendors accountable for flaws, urging Congress to establish a software liability regime. National Cyber Director Harry Coker echoed the need for greater resilience against cyberattacks and supported a bipartisan Senate bill aimed at streamlining cybersecurity regulations. Coker also mentioned ongoing efforts by the Department of Treasury to develop a federal cyber insurance backstop for catastrophic cyber events, though this initiative remains in its early stages.

Easterly: Cybersecurity is a software quality problem cyberscoop

Sen. JD Vance's public Venmo friends list exposed 211 political operatives, tech executives, and other potentially sensitive contacts, highlighting the importance of privacy settings on the app. By default, Venmo makes friends lists and transaction details public, which can pose security risks and reveal personal data. Users can enhance their privacy by adjusting settings to make their friends list and transactions private, and enabling additional authentication layers. This incident serves as a reminder to regularly check and update privacy settings on all apps to protect personal information.

PSA: Don't Be Like JD Vance And Leave Your Venmo Public HuffPost

In a detailed exposé at Def Con, cybersecurity researcher Jon DiMaggio revealed his undercover efforts to infiltrate and unmask the notorious ransomware gang LockBit. Earlier this year, international law enforcement agencies had temporarily disrupted LockBit’s operations, seizing their dark web site. After the gang quickly rebounded, DiMaggio shared his two-year effort to unearth the identity of LockBit’s administrator, who he identified as Dmitry Khoroshev. Employing sockpuppet accounts and gaining the trust of LockBit’s leader, DiMaggio infiltrated the group’s operations. This culminated in a coordinated reveal by DiMaggio and the U.S. Department of Justice, putting a spotlight on Khoroshev and marking a significant milestone in cybercrime investigations. DiMaggio’s work emphasizes the risks and intricacies involved in cybercrime research and the potential consequences for those who infiltrate criminal networks.

How a cybersecurity researcher befriended, then doxed, the leader of LockBit ransomware gang TechCrunch