LATEST POST
Extradition Battle Over RaidForums’ Owner Continues
Risky Biz News reports that the battle between the US and Portugal over which country gets to prosecute the owner of the RaidForums hacking forum and marketplace continues. Diogo Santos Coelho, known online as Omnipotent, is a Portuguese national who was arrested in the UK in January 2022 when he flew there to visit his […]
Gucci, Balenciaga, Brioni, and Alexander McQueen allegedly hit by Salesforce attacks
More high-end retailers have reportedly fallen prey to Salesforce attacks. As first reported by DataBreaches.net, Gucci customer data was stolen last year. The data included more than 43 million records with customers’ names, age range, month and date of birth, email addresses, mobile phone numbers, addresses, total sales prices, and some additional information. The records […]
FBI FLASH: Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion
The FBI has issued an alert, FLASH-20250912-001. Summary The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate Indicators of Compromise (IOCs) associated with recent malicious cyber activities by cyber criminal groups UNC6040 and UNC6395, responsible for a rising number of data theft and extortion intrusions. Both groups have recently been observed targeting […]
Sen. Wyden seeks FTC probe into Microsoft over Ascension cyberattack
Becker’s Health IT reports: U.S. Sen. Ron Wyden is urging the Federal Trade Commission to investigate Microsoft, saying weak security practices at the tech company helped enable a 2024 ransomware attack on St. Louis-based Ascension hospitals, Bloomberg reported Sept. 10. In a letter sent Sept. 10 to FTC Chairman Andrew Ferguson, Sen. Wyden accused Microsoft of “gross […]
HHS Releases Updated Security Risk Assessment Tool
From HHS OCR:
Department of War Announces the Final Defense Federal Acquisition Regulation Supplement Rule Implementing the Cybersecurity Maturity Model Certification Program
From the U.S. Department of Defense, now called the Department of War: On September 9, the Department of War (DoW) released the final Defense Federal Acquisition Regulation Supplement (DFARS) rule implementing the Cybersecurity Maturity Model Certification (CMMC) Program as described at 32 CFR 170.3 for public inspection in the Federal Register. The final rule will […]
Brazil lesbian dating app shuts down after security flaw exposes sensitive user data
The Record reports: A Brazilian dating app marketed as a safe space for lesbian women shut down this week after several users uncovered a flaw that reportedly could expose sensitive data, including identity verification photos. Sapphos, which launched in early September, required users to verify their identity by submitting a selfie holding a government-issued ID. But on […]
Trump Cuts Imperil Private Sector Cybersecurity Cooperation
From Bloomberg Law: Companies are facing the risk that they will be left alone to fend off cyber attacks. Even as authorities warn of relentless cyber threats, a key tool companies use to safely share information with other businesses and the government is set to expire. Meanwhile, the Cybersecurity and Infrastructure Security Agency, the federal body […]