Claire Curry reports from North Carolina: Some United States Postal Service workers in the eastern North Carolina and Jacksonville area are missing paychecks due to a cyber attack. The mail service is conducting an investigation, but employees are unhappy with the outcome so far, they said. Larisa Covington, from Jacksonville, said in February she...

Blockchain News reports: Hackers have managed to steal $500,000 worth of tokens from layer-2 scaling solution Arbitrum’s March 23 airdrop. The theft was carried out through the use of vanity addresses, customized cryptocurrency addresses that contain specific words or phrases chosen by the user to make them more personal and identifiable. While vanity addresses...

Zack Whittaker and Carly Page report: Software maker Fortra told its corporate customers that their data was safe — even when it wasn’t — following a ransomware attack on its systems, TechCrunch has learned. … TechCrunch has heard from two victim organizations that only learned that data had been exfiltrated from their GoAnywhere systems...

My post on infosec.exchange today:

Eric Killelea reports: A cyberattack on Our Lady of the Lake University’s computer network compromised personal data on its faculty, students and even individuals who applied to the university but never attended. The private Catholic university on San Antonio’s West Side this week confirmed that it recently found evidence that “unauthorized access” to its network occurred about Aug....

The full text of DOJ’s press release today follows. A few questions from me are included after the press release: The founder of BreachForums made his initial appearance today in the Eastern District of Virginia on a criminal charge related to his alleged creation and administration of a major hacking forum and marketplace for...

CR: CONASSIF Hacked With Chinese Characters El Consejo Nacional de Supervisión del Sistema Financiero (CONASSIF) is involved with the Costa Rican financial system. On March 20, the Computer Security Incident Response Center (CSIRT-CR) on the website of the Ministry of Science, Innovation, Technology and Telecommunications (MICITT), issued an alert involving the website of CONASSIF...

CNA reports: U.S. cybersecurity firm Fortra said suspicious activity was identified within its GoAnywhere software nearly two months ago, a day after Rio Tinto in a staff memo said personal data of some of its Australian employees may have been stolen. The internal memo seen by Reuters on Thursday revealed payroll information, like payslips...

Ross Kelly reports: The Pension Protection Fund (PPF) has confirmed that data belonging to current and former employees has been exposed in the wake of the GoAnywhere breach. In a statement to IT Pro, the fund, which manages pension assets for nearly 300,000 clients, said it has informed affected staff and is providing support...