The UpGuard Team writes: The UpGuard Research team can now disclose multiple data leaks resulting from Microsoft Power Apps portals configured to allow public access – a new vector of data exposure. The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee…
Category: Commentaries and Analyses
Wanted: Disgruntled Employees to Deploy Ransomware
These “insider help wanted” ads are cropping up more and more. Brian Krebs reports: Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange…
Indra hacking group blamed for attack on Iranian railway system that trolled country’s supreme leader
Graham Cluley reports: On 9 July, Iran’s railroad system came under attack from hackers. The attackers posted messages on station departure boards warning of “long delay[s] because of cyberattack”, and suggesting inconvenienced passengers call “64411” for more information. 64411 is reportedly the telephone number of the office of Ayatollah Ali Khamenei, Iran’s supreme leader. With…
T-Mobile says at least 47M current and former customers affected by hack
Zack Whittaker reports: T-Mobile has confirmed that millions of current and former customers had their information stolen in a data breach, following reports of a hack over the weekend. In a statement, T-Mobile, which has more than 100 million customers, said its preliminary analysis shows 7.8 million current postpaid T-Mobile customers had information taken in the…
Here’s how information stealers pose a threat beyond ransomware
From Intel 471: Ransomware is a top threat that security teams should be tailoring their systems to defend against. But in order to do so, they may need to look further than the ransomware itself. And by widening that scope, these teams may protect their enterprise beyond the damage that ransomware can cause. The activity…
Conti ransomware prioritizes revenue and cyberinsurance data theft
Lawrence Abrams points us to some interesting findings by Advanced Intel, who pored through the Conti manuals and materials recently dumped by a disgruntled affiliate. An interesting tactic used by the ransomware gang is using the legitimate Atera remote access software as a backdoor for continued persistence. When conducting an attack, ransomware operations commonly deploy…