Ransomware gangs will swear not to reveal that you were a victim if you pay their ransom demands. SBut if they fail to secure their negotiation chat servers, researchers and intel analysts can discover who their victims are and shoulder-surf any negotiations or payment arrangements. The SuspectFile blog reports on another case like that where […]
Australia’s biggest superannuation fund was questioned by its own clients about a security weakness in its accounts before cybercriminals stole hundreds of thousands of dollars in retirement savings. ABC Australia reports: Two AustralianSuper customers have told the ABC they had asked for multi-factor authentication (MFA) on their accounts but were rebuffed — one of them […]
Yet another member of President Trump’s staff has been caught up in a data security incident. The Guardian reports: The FBI is investigating an apparent impersonator who pretended to be the White House chief of staff, Susie Wiles, in texts and calls to her contacts, including prominent Republicans. Wiles has privately informed colleagues that the contacts in her personal cellphone […]
The Record reports: Australia became on Friday the first country in the world to require victims of ransomware attacks to declare to the government any extortion payments made on their behalf to cybercriminals. The law, initially proposed last year, only applies to organizations with an annual turnover greater than AUS $3 million ($1.93 million) alongside a smaller […]
The Register reports: A Seattle cancer facility has agreed to fork out around $52.5 million as part of a class action settlement linked to a Thanksgiving 2023 cyberattack where criminals directly threatened cancer patients with swat attacks. The Fred Hutchinson Cancer Center (Fred Hutch) disclosed its November 2023 attack a month later, after it confirmed […]
‘ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers‘ — ConnectWise statement The Record reports: IT management software company ConnectWise said it is investigating a nation-state attack on its systems that impacted some of its […]
LIGA reports: Russian hacking group RomCom attempted to hack into the accounts of employees of the UK Ministry of Defence under the guise of journalists. The attack was unsuccessful, but overall, there have been twice as many hacking attacks on the country’s defence department in the past two years as in the previous similar period, […]
The Canadian Press reports: The federal privacy commissioner has launched an investigation into a ransomware attack that led to the theft of personal information belonging to 280,000 customers of Nova Scotia’s electric utility. Privately owned Nova Scotia Power confirmed last week that hackers stole the data and published it on the dark web. Privacy commissioner […]
Personal information on more than 364,000 people may have been compromised as part of a third-party hack. Fast Company reports: Data analytics firm LexisNexis Risk Solutions said it suffered a data breach that could have affected the names, Social Security numbers, driver’s license numbers, and contact information of more than 364,000 people. The company said […]
PYMNTS reports: American banking groups want the Securities and Exchange Commission (SEC) to revoke its cybersecurity incident disclosure requirements. These groups, led by the American Bankers Association (ABA), wrote to the SEC last week, contending that disclosing cybersecurity incidents “directly conflicts with confidential reporting requirements intended to protect critical infrastructure and warn potential victims.” Joining the ABA were the Securities Industry […]
