On March 24, BlackCat emailed Noteboom – The Law Firm, a Texas personal injury law firm. The email, shared with DataBreaches by BlackCat, appeared to be sent from the firm’s own systems administrator, Paul Khong. With some light editing by DataBreaches to correct some typos, it read: This is [ALPHV] aka BlackCat Ransomware Team. We…
Category: Business Sector
Western Digital says hackers stole data in ‘network security’ breach
Carly Page reports: Data storage giant Western Digital has confirmed that hackers exfiltrated data from its systems during a “network security incident” last week. The California-based company said in a statement on Monday that an unauthorized third party gained access to “a number” of its internal systems on March 26. Western Digital hasn’t confirmed the nature of…
Are you a “Lucky Winner” from Equifax?
Earlier today, vx-underground reported that a hoax email was being sent from Equifax with the subject line “Free Pompompurin.” An unknown individual has compromised the email system for Equifax. They have sent out an email with the subject matter as “Free Pompompurin”. Image 1. email extended header information Image 2. email itself pic.twitter.com/mlrO99uVdl — vx-underground…
3CX knew its app was flagged as malicious, but took no action for 7 days
Dan Goodin reports: The support team for 3CX, the VoIP/PBX software provider with more than 600,000 customers and 12 million daily users, was aware its desktop app was being flagged as malware, but decided to take no action for a week when it learned it was on the receiving end of a massive supply chain attack,…
Data of 2 million Dutch people leaked, software supplier taken to court
More on a breach noted earlier today that affected 780,000 railway users. Now NU.nl reports that a software firm is being taken to court by one of the marketing firms affected (machine translation): The personal data of about two million Dutch people have been exposed in recent days due to a data breach. It concerns a…
Hackers compromise 3CX desktop app in a supply chain attack
Sergiu Gatlan reports: A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company’s customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and…