In May, 2019, Lawrence Abrams of Bleeping Computer reported on threat actors using Maze ransomware, a then-new variant of ChaCha ransomware. As reported by Abrams, Jérôme Segura had found that the ransomware was being dropped by the Fallout exploit kit. In October, researchers also noted that it was being dropped using the Spelevo exploit kit. Since…
Category: Breach Incidents
Security researchers — and journalists — need legislative protection in India for disclosing vulnerabilities
If there is anything positive at all about the legal bullshit 1to1Help,net has perpetrated to cover up their data leak and to deflect blame, it is the support I have received from the Internet Freedom Foundation in India. But before diving into that more, a quick update on 1to1Help’s shameful litigation: After reading the court…
Smart cities with not-so-smart security — again!
Smart cities are a very hot topic these days as we have seen reports of facial detection and state surveillance in China as well as other Asian countries and Ecuador. Recently we have also seen news about an Alibaba-owned project called City Brain that has advanced video and processing ability for facial detection, real-time information…
Baby’s First Data Breach: App Exposes Baby Photos, Videos
Jeremy Kirk reports on a data leak: Picture this: A short video features a bundled baby, snoring gently, who flashes a couple of involuntary, sleepy smiles as someone sings a lullaby. Unfortunately, that video is one of what appear to be thousands of baby videos and images that are being left unsecured and exposed to…
Albany Airport pays hackers ransom, regains data from computers
John Cropley provides an update to earlier reports concerning the ransomware attack Christmas day on Albany International Airport. As previously reported, the attackers gained access through an attack on the airport’s provider, LogicalNet. The airport has since severed its relationship with LogicalNet. As to the ransom, Cropley repors: Myers said the airport authority paid the…
Man jailed for using data breach info leaks to claim over $12 million in IRS tax refunds
Charlie Osborne reports: A St. Louis resident has been sentenced to four years behind bars for stealing the identities of US citizens to file fraudulent tax return claims, made possible through data leaked in security incidents. Babatunde Olusegun Taiwo, alongside co-conspirators including Kevin Williams, used the personal identifying information (PII) of individuals leaked due to…