Sergiu Gatlan reports: Russia says some of its federal agencies’ websites were compromised in a supply chain attack on Tuesday after unknown attackers hacked the stats widget used to track the number of visitors by multiple government agencies The list of sites impacted in the attack includes the websites of the Energy Ministry, the Federal…
Category: Hack
MN: District 518 is investigating whether data was compromised when an employee’s email account was hacked
Kari Lucin reports: A District 518 employee’s email was hacked and an investigation is underway to determine whether any data was compromised. “At this point we don’t anticipate it to be a major data breach or a large issue, but we’re trying to ensure we do our due diligence on checking,” said Superintendent John Landgaard,…
Zywave seeks approval of $11 million data breach lawsuit settlement
It’s one thing to update a breach report with a notice of lawsuit settlement, but it’s another to realize you never covered the original breach at all. Let’s remedy that now. On February 27, 2021, Zywave and its subsidiary, Insurance Technologies Corp (ITC) suffered a data breach. From a press release by plaintiff’s counsel: Cybercriminals…
Malware now using stolen NVIDIA code signing certificates
Lawrence Abrams reports: Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. […] After Lapsus$ leaked NVIDIA’s code-signing certificates, security researchers quickly found that the certificates were being used to sign malware and other tools used by threat actors. According to samples…
Hackers leak 190GB of alleged Samsung data, source code
Ionut Ilascu reports: The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company. The leak comes less than a week after Lapsus$ released a 20GB document archive from 1TB of data stolen from Nvidia GPU designer. In a note posted…
The Puerto Rican Organization to Motivate, Enlighten, and Serve Addicts (PROMESA) discloses 2020 data breach
Is there anyone who thinks this timeline/delay to notification is just fine? On July 17, 2020, Acacia determined that an unauthorized person gained access to certain employee email accounts for a limited time between June 6, 2020 and June 12, 2020. Their investigation was inconclusive as to whether anyone accessed the emails and attachments in…