DESORDEN threat actors are still going after Acer, it seems. In addition to their recent revelation that they exfiltrated 60 GB of data from Acer India — a breach that Acer confirmed — they have alerted DataBreaches.net that they have also successfully attacked Acer in Taiwan. In a statement to DataBreaches.net, the threat actors...
One of the recurring themes in this site’s blog posts this year has been the fact that way too many entities not only store old data, but fail to secure it or protect it adequately from malware attacks or other attacks. Today’s unhappy example comes to us from Apollo Career Center (“Apollo”), an adult...
Catalin Cimpanu reports: Twitter has suspended today two accounts operated by North Korean government hackers and used as part of a clever plot to attract security researchers to malicious sites and infect their systems with malware. The accounts —@lagal1990 and @shiftrows13— are part of a long-lived DPRK cyber-espionage campaign that began last year and specifically targets...
Catalin Cimpanu reports: The financial crimes investigation unit of the US Treasury Department, also known as FinCEN, said today it identified approximately $5.2 billion in outgoing Bitcoin transactions potentially tied to ransomware payments. FinCEN officials said the figure was compiled by analyzing 2,184 Suspicious Activity Reports (SARs) filed by US financial institutions over the...
The Public School and Education Employee Retirement Systems of Missouri has notified 349,246 employees and retirees of a security incident that occurred on September 11. According to their notification letter, an employee’s email account was accessed by an unauthorized individual for less than one hour on that date before IT disabled the account after...
Charles S. Morgan, Ellen Yifan Chen, and Philippe April of McCarthy Tétrault LLP write: The Act to Modernize Legislative Provisions respecting the Protection of Personal Information (“Bill 64” or the “Bill”) received royal assent on September 22, 2021, introducing new obligations for private sector businesses in Québec phased over the course of three years. it is...
Gareth Corfield reports: An email marketing company claiming to hold details on a million UK teachers and school admin personnel was potentially exposing those to the public internet thanks to a misconfigured error page on its website. Not only that, but the Schools Marketing Company (SMC) seemingly dismissed the findings of the infosec company...
In July of this year, CTV News in Canada and DataBreaches.net reported on a breach involving Homewood Health in Canada. Both CTV and this site had become aware of the breach when data allegedly from Homewood showed up on a leak site called Marketo. Marketo claimed to have almost 300 GB of Homewood’s data...
Catalin Cimpanu reports: Ransomware gangs have silently hit three US water and wastewater treatment facilities this year, in 2021, the US government said in a joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA. The attacks —which had been previously unreported— took place in March, July, and August and hit facilities in...
REvil ransomware shuts down again after Tor sites were hijacked