Iran International reports: An Iranian entity paid hackers $3 million in ransom to dissuade them from releasing the data of over 20 hacked banks, Politico reported, confirming Iran International’s earlier report about the “biggest-ever” cyberattack on Iran’s banking system. Iran International reported on August 14 that the major cyberattack targeted several Iranian banks, leading to […]
Bloomberg reports an update on the cyberattack of the WazirX cryptocurrency exchange. The attack, suspected to be linked to the Lazarus Group in North Korea, resulted in the theft of $234 million from the Indian exchange and left WazirX announcing that they were unlikely to recover 43% of the stolen funds. The attacker behind India’s […]
Risky Biz News reports: The FTC has fined security camera firm Verkada $2.95 million for failing to implement cybersecurity measures to protect its systems. The fine is related to a March 2021 security breach when a hacker accessed customer data and video footage from over 150,000 Verkada cameras. The hacker used the cameras to access and leak footage from psychiatric hospitals, […]
There are those who may say, “Better late than never.” There are probably also those who say, “How should egregiously late notification be punished?” SC Media reports that some people are first being notified of the 2023 MOVEit data breach: The Texas Dow Employees Credit Union (TDECU) on Aug. 23 sent letters to more than […]
Why would an organization whose breach affected 150 people pay $1 million ransom to get a decryptor key? How critical are the organization’s activities to justify such a large payment? Large payments are more likely to be associated with the healthcare sector or critical infrastructure than with a non-profit organization like the American Radio Relay […]
Halliburton is a major player in oil and gas supplies. A cyberattack resulted in its taking systems offline. CNN reports: Halliburton confirmed on Friday that it was hit by a cyberattack that forced the major oilfield services company to take systems offline. In a filing, Halliburton said it became aware on Wednesday that an “unauthorized third […]
If you don’t audit your vendors, will you know if they are really adhering to the security provisions of your contract with them? Maybe you’ll get lucky, and disgruntled employees will blow the whistle. The Register reports: The US is suing one of its leading research universities over a litany of alleged failures to meet […]
From the Cleveland FBI: On August 12, FBI Cleveland announced the disruption of “Radar/Dispossessor”—the criminal ransomware group led by the online moniker “Brain”—and the dismantling of three U.S. servers, three United Kingdom servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain. Since its inception in August 2023, Radar/Dispossessor has quickly developed […]
The BBC reports: The FBI has opened an investigation into allegations from the Trump campaign that it was targeted by hackers working for the Iranian government. “We can confirm the FBI is investigating the matter,” the agency said in a short statement on Monday without specifically naming the former president or Iran. A Trump campaign […]
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments – Researchers
Researchers at Palo Alto Network have reported a serious risk to organizations using cloud services that may result in an organization’s files being deleted and held for ransom. The risk is not due to any vulnerability with the cloud services themselves. The risk is due to the victim organizations misconfiguring their settings and inadvertently exposing […]