Bleeping Computer reports: Employee benefits administration firm VeriSource Services is warning that a data breach exposed the personal information of four million people. VeriSource is a Texas-based employee benefits administration and HR outsourcing solutions provider with diverse clients across the U.S. The firm has begun data breach notifications to impacted individuals about a cybersecurity incident […]
Bleeping Computer reports: Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by a hacking collective known as “Scattered Spider” BleepingComputer has learned from multiple sources. Marks & Spencer (M&S) is a British multinational retailer that employs 64,000 employees and sells various products, including clothing, food, […]
Bleeping Computer reports: The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. DragonForce is now incentivizing ransomware actors with a distributed affiliate branding model, providing other ransomware-as-a-service (RaaS) operations a means to carry out their business without dealing with infrastructure maintenance cost and effort. […]
Sophos writes: Read more at Sophos.
BankInfoSecurity reports: Connecticut-based Yale New Haven Health System is notifying more than 5.5 million patients that their personal information, including Social Security numbers, could have been stolen in a March hack. The incident, which is among several other recent major health data hacks, ranks as the largest health data breach reported to federal regulator so […]
Forbes reports: The same criminal group behind the DOGE Big Balls ransomware attack has just upped the ante. A newly updated ransom note is now using Elon Musk and DOGE references with a demand for, are you sitting down, one trillion dollars from victims. Although there is no doubt that ransomware threats should be taken very seriously, […]
In January, Conduent reported that it had experienced an operational disruption due to a third-party compromise of one of its operating systems. They no longer refer to the incident as an “outage” and now refer to it as a “cyberattack,” but they still fail to clearly disclose whether this was a ransomware attack or not. Cybersecurity […]
Forbes reports: Now, a new threat intelligence report has revealed how financially motivated Chinese cybercriminals are targeting government offices, the energy sector, factories, financial services, and, yes, hospitals across the globe. However, North America and the U.K. have been most attacked by the Ghost ransomware hackers. According to a new report from Rebecca Harpur at […]
Bleeping Computer reports: ClickFix attacks are gaining traction among threat actors, with multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia adopting the technique in recent espionage campaigns. ClickFix is a social engineering tactic where malicious websites impersonate legitimate software or document-sharing platforms. Targets are lured via phishing or malvertising and shown […]
FBI IC3, Verizon DBIR, Google M-Trends reports are out—here are key takeaways
Risky Biz News reports: There are a handful of seminal reports in the cybersecurity industry, and lo and behold, three of them were released on Wednesday. Mandiant’s team, now part of Google Cloud, released M-Trends, Verizon released its Data Breach Investigations Report (aka DBIR), and the FBI Internet Crime Complaint Center (IC3) released its yearly Internet Crime Report [PDF]. […]