On December 22, ProSmile Holdings, LLC in New Jersey issued a press release about a data breach. If ProSmile — a dental service organization — is a business associate or otherwise covered under HIPAA, no report from them has shown up yet on HHS’s public breach tool. They write, in part: In July 7, 2022,…
Category: Hack
Cyber sleuths reveal how they infiltrate the biggest ransomware gangs
Conor James reports: When AlphV/BlackCat’s website went dark this month, it was like Chrimbo came early for cybersecurity defenders, some of whom seemingly believed law enforcement had busted one of the most menacing cyber criminal crews. The excitement lasted just five days, though, and its website is now back online, albeit in worse shape than…
U.S. water utilities were hacked after leaving their default passwords set to ‘1111,’ cybersecurity officials say
Wilfred Chan reports: Providers of critical infrastructure in the United States are doing a sloppy job of defending against cyber intrusions, the National Security Council tells Fast Company, pointing to recent Iran-linked attacks on U.S. water utilities that exploited basic security lapses. The security council tells Fast Company it’s also aware of recent intrusions by hackers linked to China’s…
Lapsus$: GTA 6 hacker Arion Kurtaj sentenced to secure hospital for indefinite period
Joe Tidy reports: An 18-year-old hacker who leaked clips of a forthcoming Grand Theft Auto (GTA) game has been sentenced to an indefinite hospital order. Arion Kurtaj from Oxford, who has autism, was a key member of international gang Lapsus$. The gang’s attacks on tech giants including Uber, Nvidia and Rockstar Games cost the firms…
Crypto Wallet-Maker Ledger to Reimburse Hack Victims
Hannah Miller reports: Following a high-profile hack last week, crypto wallet-maker Ledger said it will cover the roughly $600,000 worth of assets lost by victims. The Paris-based startup’s Ledger Connect Kit software became compromised following a phishing attack on a former employee. The hacker published malicious code that redirected user funds to their own wallet during transactions…
If at first you don’t succeed, screw it up again?
In mid-November, DataBreaches reported that AlphV threat actors had added MeridianLink to their leak site. When their victim wouldn’t pay them, AlphV (aka “BlackCat”) filed a complaint with the Securities & Exchange Commission alleging that MeridianLink failed to comply with the SEC’s new cybersecurity rule requiring notification within four days of discovering a material breach….