Frank Konkel reports: The Government Accountability Office is recommending the Department of Health and Human Services establish a feedback mechanism to improve the effectiveness of its data breach reporting process. The singular recommendation, issued in a June 27 audit, follows a significant increase in the number of data breaches involving unsecured protected health information at...
Lawrence Abrams reports: The LockBit ransomware operation has released ‘LockBit 3.0,’ introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options. LeMagIT’s Valery Marchive discovered that the LockBit 3.0 operation is utilizing a new extortion model, allowing threat actors to buy data stolen during attacks. One of...
Bill Toulas reports: Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. Researchers at Cyble have conducted an exercise to locate exposed Kubernetes instances across the itnernet, using similar scanning tools and search queries to those employed by malicious actors. The results show...
Although one of this year’s trends in cybercrime seems to be a return to the theft/extort model, some groups continue to encrypt victims’ files. On Saturday, DataBreaches received information pointing to an attack on Fitzgibbon Hospital in Missouri. The group claiming responsibility call themselves “Daixin Team.” It is not a name known to...
Lawrence Abrams reports: A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim’s authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. This week, cybersecurity researcher mr.d0x has created a new phishing method that uses Microsoft Edge WebView2 applications to easily steal a user’s authentication cookies and log...
The following is a Google-translated statement addressing the significant and negative impact of ransom payments on the German economy and recommendations to reduce and eliminate the payment of ransoms. In the original German, “Lösegeldzahlungen bei Ransomware-Angriffen: ein geostrategisches Risiko” can be found at https://ransomletter.github.io/: Blackmail Trojans in the form of so-called ransomware have grown...
Bill Toulas reports: LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims. The recipients of these emails are warned about a copyright violation, allegedly having used media files without the creator’s license. These emails demand that the recipient remove the infringing...
Joseph Brookes reports: The Queensland state government is considering a mandatory data breach notification scheme among several privacy and information sharing reforms in the works. The scheme would force agencies to report data breaches to the regulator and affected individuals in what would be a first for a state or territory government. Currently, Queensland agencies...
The announcement appeared on the Telegram channel of a group calling themself “SiegedSec:” TIME FOR SOME 1337 H4CKTIVISM!!! (4 the record, we will still do blackhat stuff 😉 Like many, we are also pro-choice, one shouldn’t be denied access to abortion. As added pressure to the U.S government, we have leaked many internal documents...
Dangerous Ruling Says If Someone Goes Onto Your Openly Shared Google Drive, You Can Sue Them For Unauthorized Access