LATEST POST
Victims of MOVEit breach continue to emerge
One of the biggest breaches of 2023 involves the 0-day attack by Clop threat actors on file transfer software called MOVEit by Progress Software. The attack was launched in May and June. It affected more than 1,100 entities and more than 56 million people according to statistics compiled by Emsisoft. One of the most recent […]
Analyst: MGM losing $4.2M-$8.4M a day because of cyberattack
MGM Resorts International could be losing between $4.2 million and $8.4 million in daily revenue and around $1 million in cash flow every day it’s under a cyberattack, a gaming industry analyst said in a Sunday report to investors. David Katz, an equity analyst with New York-based Jefferies Group, in a weekly report on gaming, […]
MGM Resorts Update: ALPHV’s statement about the breach, incident response, and fake news
It’s not unusual for ransomware groups to comment on a victim’s incident response in a negative way. Nor is it unusual for these groups to carefully monitor media coverage. It is somewhat unusual, though, for a major group to get so angry at researchers or news outlets that they actually call them all out by […]
Insurance Carrier Caught Red-Handed in Fingerprints Retention Case
In the matter of Remprex, LLC v. Certain Underwriters at Lloyd’s London, policyholder Remprex was thrust into two separate class actions, both involving alleged violations of the Biometric Information Privacy Act (“BIPA”). Remprex could not receive coverage under their media liability policy due to an exclusion of coverage for losses arising from the unlawful collection or […]
CrelioHealth leak exposed 28M+ patient records
Human error in configuring data storage continues to result in massive leaks or potential leaks of personal and sensitive health data. In today’s news, we learned that CrelioHealth left an Elasticsearch cluster exposed. Luckily for them, it was a whitehat researcher, Bob Diachenko of SecurityDiscovery, who spotted the problem and contacted them to alert them. […]
Some municipal court systems using REJIS report suspending services due to “security incident”
The Regional Justice Information System (REJIS) is used by court systems to support docket functions and certain scheduling functions such as the release of prisoners. REJIS is a government commission that provides services to criminal justice departments across Missouri as well as in Illinois and Kansas. On Monday, Louis County (Missouri), Kansas City (Missouri), Kansas […]
Facebook Messenger phishing wave targets 100K business accounts per week
Hackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware. The attackers trick the targets into downloading a RAR/ZIP archive containing a downloader for an evasive Python-based stealer that grabs cookies and passwords stored in the victim’s browser. […]
So you paid the attackers to get your data back? Sit down, because we have something sad to tell you.
Victims unfortunate enough to have been hit with a ransomware attack that either lock all their data and backups or delete it all and demand payment to get data back are often given assurances that not only will they get a decryption key if their data was locked, but the attackers stand ready to promptly […]