Hack

US govt: Iranian hackers breached federal agency using Log4Shell exploit

Sergiu Gatlan reports: The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware. The attackers compromised the federal network after hacking into an unpatched VMware Horizon server using an exploit targeting the Log4Shell (CVE-2021-44228) remote code...

AU: Legal Aid ACT won’t pay hackers’ ransom demands

Lottie Twyford reports: Legal Aid ACT has confirmed it will not pay the ransom demanded by the hackers who earlier this month stole private information from the commission. That hack could have exposed the data of some of the organisation’s most vulnerable clients, including refugees and victims of family violence. Read more at The...

Surprise: Daniel Kaye, operator of The Real Deal, pleads guilty to one count, is sentenced to time served, and is released.

It seems like only weeks ago that the U.S. Attorney’s Office for the Northern District of Georgia was trumpeting the arraignment of Daniel Kaye, who had been indicted last year. Oh wait, it was only weeks ago. Kaye, also known as “Popopret,” “Bestbuy,” “TheRealDeal,” “Logger,” “David Cohen,” “Marc Chapon,” “UserL0ser,” “Spdrman,” “Dlinch Kravitz,” “Fora...

New York-Presbyterian Hospital discloses breach affecting 12,000 patients

New York-Presbyterian Hospital posted a notice on their website on November 11. The incident has not yet shown up on HHS’s public breach tool, but undoubtedly will.  Here is the description of the incident, as provided by the hospital: On September 8, 2022, NewYork-Presbyterian Hospital’s data security monitors received an alert of suspicious activity...

Whoosh confirms data breach after hackers sell 7.2M user records

Bill Toulas reports: The Russian scooter-sharing service Whoosh has confirmed a data breach after hackers started to sell a database containing the details of 7.2 million customers on a hacking forum. Whoosh is Russia’s leading urban mobility service platform, operating in 40 cities with over 75,000 scooters. On Friday, a threat actor began selling...

UK: Hacked evidence and stolen data swamp English courts

Franz Wild, Ed Siddons, Simon Lock, Jonathan Calvert, and George Arbuthnott report: A multimillion-pound high court case between an authoritarian Gulf emirate and an Iranian-American businessman has revealed how hacked evidence is being used by leading law firms to advance their clients’ claims. It includes allegations that a former Metropolitan Police officer hired Indian...

Kraken CSO claims to Identify the Hacker Who Stole $600 Million From FTX

Delma Wilson reports on the dramatic developments in the cryptocurrency market after FTX announced a massive theft, FTX CEO Sam Bankman-Fried declared bankruptcy, and resigned. Satoshi Stacker tweeted that Kraken should be able to track down the thief/hacker because they had used Kraken to offload the stolen funds throughout the hack: BREAKING: The FTX...

Bahraini websites hacked hours before parliamentary election

Gulf reports: Hackers targeted official websites in Bahrain just hours before the start of a parliamentary election on Saturday, the Interior Ministry said. The ministry did not identify the websites targeted, but the country’s state-run Bahrain News Agency (BNA) could not be reached online, nor could the website for Bahrain’s parliament. “Websites are...

Bits ‘n Pieces (Trozos y Piezas)

ES: Half a million taxpayers and 50,000 police have their information stolen by attackers El Economista reports the General Council of the Judiciary (CGPJ) suffered a cyberattack on its Punto Neutro Judicial (PNJ) platform that connects judicial bodies with other government agencies, including the National Police Force, the Attorney General’s Office, and the General...