Avery Travis reports: After a large amount of files containing state documents — and possibly sensitive health information for nursing home residents — were believed to be missing earlier this year, the Texas Health and Human Services Commission determined the records were never missing. A state employee of HHSC’s regulatory division came to KXAN and…
Author: Dissent
US federal agency compromised in suspected APT attack
Catalin Cimpanu reports: A sophisticated threat actor has gained access and has backdoored the internal network of a US federal government agency, antivirus maker Avast reported this week. The security firm did not name the agency in its report, but The Record understands that the target of the attack was the United States Commission on International Religious Freedom (USCIRF)….
Coles, Westpac, AMP and Department of Defence caught up in ‘significant’ data breach of Finite Recruitment
Simon Elvery, Emily Sakzewski, and Matt Liddy report: The personal details of job applicants and staff at a range of major Australian companies and government agencies have potentially been exposed in a “significant” data breach and extortion attempt against Australian recruitment company Finite. Hackers have accessed and released sensitive data that includes resumes, offers of employment,…
Gumtree classifieds site leaked personal info via the F12 key
Bill Toulas reports: British classifieds site Gumtree.com suffered a data leak after a security researcher revealed that he could access sensitive personally identifiable data of advertisers simply by pressing F12 on the keyboard. When pressing the F12 key in a web browser, the application will open the developer tools console, which allows you to view…
Facebook takes down accounts for seven “cyber-mercenary” firms
Catalin Cimpanu reports: Meta (formerly Facebook) said today that it suspended accounts on its Facebook and Instagram platforms operated by seven companies that provide surveillance and cyber-mercenary services. Meta said these companies targeted users with links to phishing sites and malware in order to collect login credentials and infect them with malware. Read more at…
NY Man Pleads Guilty in $20 Million SIM Swap Theft
Brian Krebs reports: A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent “SIM swaps,” scams…