Catalin Cimpanu reports: A sophisticated threat actor has gained access and has backdoored the internal network of a US federal government agency, antivirus maker Avast reported this week. The security firm did not name the agency in its report, but The Record understands that the target of the attack was the United States Commission on International Religious Freedom (USCIRF)….
Author: Dissent
Coles, Westpac, AMP and Department of Defence caught up in ‘significant’ data breach of Finite Recruitment
Simon Elvery, Emily Sakzewski, and Matt Liddy report: The personal details of job applicants and staff at a range of major Australian companies and government agencies have potentially been exposed in a “significant” data breach and extortion attempt against Australian recruitment company Finite. Hackers have accessed and released sensitive data that includes resumes, offers of employment,…
Gumtree classifieds site leaked personal info via the F12 key
Bill Toulas reports: British classifieds site Gumtree.com suffered a data leak after a security researcher revealed that he could access sensitive personally identifiable data of advertisers simply by pressing F12 on the keyboard. When pressing the F12 key in a web browser, the application will open the developer tools console, which allows you to view…
Facebook takes down accounts for seven “cyber-mercenary” firms
Catalin Cimpanu reports: Meta (formerly Facebook) said today that it suspended accounts on its Facebook and Instagram platforms operated by seven companies that provide surveillance and cyber-mercenary services. Meta said these companies targeted users with links to phishing sites and malware in order to collect login credentials and infect them with malware. Read more at…
NY Man Pleads Guilty in $20 Million SIM Swap Theft
Brian Krebs reports: A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent “SIM swaps,” scams…
Desjardins reaches $200M class action settlement in wake of data breach
The Canadian Press reports that Mouvement Desjardins has reached a $200-million settlement with plaintiffs in a class action suit launched after a massive data breach in June 2019. The settlement has to be approved by the Superior Court of Quebec. Read more at Montreal Gazette. A press release issued by plaintiffs’ counsel states, in part:…