LATEST POST
Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
A trove of breached data, which has now been taken down, includes user logins for platforms including Apple, Google, and Meta. Among the exposed accounts are ones linked to dozens of governments. WIRED reports: The possibility that data could be inadvertently exposed in a misconfigured or otherwise unsecured database is a longtime privacy nightmare that has been difficult to fully address. […]
3AM ransomware uses spoofed IT calls, email bombing to breach networks
BleepingComputer reports: A 3AM ransomware affiliate is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees into giving credentials for remote access to corporate systems. This tactic was previously linked to the Black Basta ransomware gang and later observed in FIN7 attacks, but its effectiveness has driven a wider […]
Russian Intelligence Hackers Stalk Western Logistics Firms
GovInfoSecurity reports: A slew of Western cybersecurity agencies warned Wednesday that Russian intelligence is targeting logistics and technology companies in a prolonged hacking campaign that includes an emphasis on internet-connected cameras situated along border crossings and military installations. The advisory includes indicators of compromise typical of an attack by Unit 26165 of the Russian Main Intelligence Directorate. […]
Scottish council admits ransomware crooks stole school data
The Register reports: Scotland’s West Lothian Council has confirmed that data was stolen from its education network after the Interlock ransomware group claimed responsibility for the intrusion earlier this month. The local authority, governing a region bordering Edinburgh, originally said that there was no evidence to suggest that data had been taken when it first […]
Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach
Baker Donelson writes: Read more at JDSupra. \
Hack of Contractor Was at Root of Massive Federal Data Breach
Insurance Journal reports an insider data breach that will leave many people wondering exactly what a government contractor did in terms of background checks on its employees. In this case, the two allegedly rogue employees at Opexus (formerly known as AINS) were twin brothers who were previously convicted and served time for hacking crimes: A […]
Massachusetts student pleads guilty to hacking and extorting PowerSchool and an unnamed telecom
The U.S. Attorney’s Office for the District of Massachusetts announced yesterday that Matthew D. Lane, 19, a student at Assumption University in Worcester, Mass., was charged and has agreed to plead guilty in connection with hacking into the computer networks of two U.S.-based companies and extorting the companies for ransoms. The two companies were not named in the Information […]
UK: Post Office to compensate hundreds of data breach victims
Hundreds of former subpostmasters are to be compensated by the Post Office after it accidentally leaked their names and addresses online last year. Some data leaks are more sensitive or problematic than others. A leak on the Post Office’s site is one of the more problematic ones. The Bolton News reports: The Post Office confirmed […]