That invitation to a Teams call on which IT promises to mop up a spamstorm may not be what it seems Seen on The Register: Two ransomware campaigns are abusing Microsoft Teams to infect organizations and steal data, and the crooks may have ties to Black Basta and FIN7, according to Sophos. The antivirus maker’s […]
What third party, you wonder? They don’t say. Recorded Future reports: A recent outage affecting the government technology contractor Conduent was due to a cyberattack that compromised the company’s operating systems. A Conduent spokesperson told Recorded Future News the company recently “experienced an operational disruption due to a third-party compromise” of one of their operating […]
The PowerSchool breach that is giving school districts throughout the U.S. major headaches also affected school districts in Canada. The Toronto Star reports: Toronto’s public school board says personal information of its students dating back to 1985 may have been breached during a recent cybersecurity incident that affected many districts across North America. … The […]
Two Russians are on trial in Brussels for infecting tens of thousands of computers with ransomware and raking in more than 3 million euros. Belga News Agency reports: The couple allegedly used the highly malicious Crylock ransomware to remotely lock computer files and hold some 400,000 victims for ransom. Crylock first appeared in Belgium in […]
The Cl0p gang that previously successfully attacked file transfer software platforms by exploiting zero-day vulnerabilities is now starting to leak data from yet another campaign targeting file transfer software. This time, it’s CLEO. Cybersecurity Dive reports: Blue Yonder said it is investigating a threat after Clop listed the supply chain management company among nearly 60 […]
Court-Authorized Operation Removes PlugX Malware from Over 4,200 Infected U.S. Computers Note: View the affidavit here. The Justice Department and FBI today announced a multi-month law enforcement operation that, alongside international partners, deleted “PlugX” malware from thousands of infected computers worldwide. As described in court documents unsealed in the Eastern District of Pennsylvania, a group of […]
WSJ reports: Two brokerage units of Robinhood Markets agreed to pay $45 million to settle an investigation by the Securities and Exchange Commission into a range of alleged violations, including one stemming from a 2021 data breach that exposed millions of customer names and emails. The settlement is the latest in a string of big […]
As previously reported, a hacker claimed to have acquired a massive amount of data from Gravy Analytics. A sample of the data, confirmed by 404Media, was posted on a Russian-language forum by a user called “Nightly,” with a threat that if payment was not made, all of the data would be leaked. That post was […]
As if there weren’t enough concerns with misconfigured Amazon AWS s3 buckets exposing data, now we read this: Security researchers at Rhino Security Labs have uncovered a concerning vulnerability in Amazon Web Services (AWS) S3 storage systems that could allow attackers to execute ransomware attacks against cloud-stored data. The research demonstrates how attackers can encrypt S3 bucket […]
Joseph Lazzarotti of the Jackson Lewis law firm has some helpful advice for schools affected by the PowerSchool breach. Here are a few snippets: State breach notification laws generally place the obligation to notify affected persons and others on the owner of the personal information compromised in the breach, not the service provider that had […]
