Ransomware attacks continue This week, LockBit added four entities related to South America: Chile, Colombia, and Venezuela: Comision Nacional de Acreditación in Chile CNA is a public entity that seeks to evaluate and accredit the quality of the Institutions of Higher Education in Chile. DataBreaches sent an email to them yesterday to ask them if…
Category: Business Sector
Uber responding to “cybersecurity incident” following reports of significant data breach
Michael Hill reports: Ride-hailing giant Uber has confirmed that it is responding to a cybersecurity incident as reports emerge that the firm has suffered a significant network data breach forcing it to shut down several internal communications and engineering systems. Attacker announces Uber breach through compromised Slack account In a statement on Twitter, Uber wrote…
Vulnerability allows access to credentials in Microsoft Teams
Steve Zurier reports: Researchers on Tuesday reported that this past August they identified an attack path that lets malicious actors with file system access to steal credentials for any Microsoft Teams user who’s logged-on. In a Sept. 13 blog post, the Vectra Protect team said because attackers do not require elevated permissions to read these…
Fired Uber attorney testifies against ex-security chief in trial over 2016 data breach cover-up
Maria Dinzeo reports: A onetime attorney for Uber who was fired for his role in a suspected coverup of a major 2016 data breach took the stand in the criminal criminal obstruction trial of his former boss on Wednesday, testifying that ex-security chief Joe Sullivan was responsible for changes to a nondisclosure agreement with two…
Breach of software maker used to backdoor ecommerce servers
Dan Goodin reports: FishPig, a UK-based maker of e-commerce software used by as many as 200,000 websites, is urging customers to reinstall or update all existing program extensions after discovering a security breach of its distribution server that allowed criminals to surreptitiously backdoor customer systems. The unknown threat actors used their control of FishPig’s systems…
Three Iranian Nationals Charged With Engaging In Computer Intrusions And Ransomware-Style Extortion Against U.S. Critical Infrastructure Providers
NEWARK, N.J. – An indictment was unsealed today charging three Iranian nationals with allegedly orchestrating a scheme to hack into the computer networks of multiple U.S. victims, U.S. Attorney Philip R. Sellinger and National Security Division Assistant Attorney General Matthew Olsen announced today. As alleged in the indictment, from October 2020 through the present, Mansour…