Earlier today, CISA issued an advisory: StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability. The advisory includes TTPs and IOCs obtained from FBI, ACSC, and voluntarily shared by Boeing following its recent attack by LockBit that resulted in their data being leaked. Boeing observed LockBit 3.0 affiliates exploiting CVE-2023-4966, to obtain initial […]
Bleeping Computer reports: The Canadian government says two of its contractors have been hacked, exposing sensitive information belonging to an undisclosed number of government employees. These breaches occurred last month and impacted Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, both providers of relocation services to Canadian government employees. Government-related information stored […]
The420 reports: A lethal cyber attack has rocked the revered British Library, leaving its IT systems crippled for weeks. The brazen ransomware gang, known as the Rhysida group, has claimed responsibility for the attack, demanding a hefty sum of 20 Bitcoin, equivalent to approximately £602,500, for the return of stolen sensitive data, including employee passport […]
As The Data Breach Times noted on November 12, the founder of the Poloniex cryptocurrency exchange offered to pay the thieves who stole an estimated $120 million from the exchange $5 million if they returned the rest of the funds. The hacker(s) didn’t respond at all. The government and ransomware experts repeatedly advise and urge […]
The Guardian reports: Six Group counts its profit in millions, but the financial pipework it controls moves billions. Its operations, which include the Spanish and Swiss stock exchanges, count as critical national infrastructure and this gives it a close relationship with governments and regulators in Madrid and Zurich. Those relationships are critical in an age […]
TALLAHASSEE, Fla.—Attorney General Ashley Moody, along with five other attorneys general, secured a $6.5 million agreement with Morgan Stanley Smith Barney LLC, also known as Morgan Stanley. The action comes after an investigation found that Morgan Stanley compromised the personal information of its customers due to negligent internal data-security practices. Morgan Stanley potentially exposed millions […]
“They did WHAT??” Ransomware gangs will often test ways to pressure victims to pay. But today, threat actors associated with the AlphV (BlackCat) group tested a new approach that is raising eyebrows in the cybersecurity community. When a victim, MeridianLink, didn’t pay them quickly and didn’t even start to negotiate any payment with them, AlphV […]
What happens when a state bans ransom payments and a county then suffers a cyber attack? A North Carolina county is not saying whether the cyber attack they experienced was a ransomware attack, but they are following the state’s guidelines for how they are responding. The Record reports: A cyberattack on a North Carolina county […]
This time it was Denmark. Who might be next? Bank InfoSecurity reports: Hackers potentially linked to the Russian GRU Main Intelligence Directorate carried out a series of highly coordinated cyberattacks targeting Danish critical infrastructure in the nation’s largest cyber incident on record, according to a new report. SektorCERT, a nonprofit cybersecurity center for critical sectors […]
Consumers may erroneously assume data brokers and credit reporting agencies have top-notch data security for all the sensitive and important data they store about us. To the contrary, these brokers and firms pose a huge risk to our data security. Investigative reporter Brian Krebs did an exposé last year on Experian. His follow-up post now is […]
