Commentaries and Analyses – Page 296

Idaho man charged with hacking into the computers of the City of Newnan and metro-Atlanta medical clinics

Posted on March 5, 2021 by Dissent

It appears that law enforcement has caught up with “Lifelock.” DataBreaches.net had reported exclusively on “Lifelock” back in April of 2018, and then again in June and July of 2018. At the time, I pointed out some of the striking similarities between “Lifelock” and “thedarkoverlord” (or the one I refer to as the first spokesperson…

Friendly fire: Four well-known cybercriminal forums dealing with breaches

Posted on March 4, 2021 by Dissent

I’ve posted links to some other reports on this topic earlier today, but just came across Intel 471’s post. Sometimes, even criminals are on the bad end of a breach. Since the beginning of the year, Intel 471 has observed four well-known cybercriminal forums dealing with a breach, including two since the beginning of March….

Court Upholds Insurers’ Denial of $6M Crime Claim for Phishing Loss

Posted on March 4, 2021 by Dissent

Andrew G. Simpson reports: Real estate software maker RealPage has been denied a $6 million computer crime insurance coverage claim because the stolen funds were not in its possession but were instead being held by a payment processing firm at the time of a phishing scheme. National Union Fire Insurance Co. (a unit of American…

Not all cybercriminals are sophisticated

Posted on March 3, 2021 by Dissent

Jake Moore writes: While a lot of media coverage centers on how threat actors are becoming better at evading capture and generally deploy ever more sophisticated techniques, I wanted to tell a story where one criminal in particular was anything but sophisticated. Before I joined ESET, I spent 14 years working in the UK police force working…

Serasa asked for bank passwords and will reveal itself

Posted on March 2, 2021 by Dissent

Leonard Manson reports: The São Paulo Consumer Protection and Defense Program (Procon-SP) notified Serasa on Monday (1st) to provide clarifications on the collection, and possible use, of the internet banking passwords required by the credit bureau to carry out searches on the site. The request for a bank password, made in the “customer area”, was…

Mandiant issues final report on its investigation into Accellion breach

Posted on March 2, 2021 by Dissent

Yesterday, Mandiant issued its final report on its investigation into the Accellion data breach that impacted a number of its big clients including Jones Day law firm, SingTel, Bombardier, Goodwin Procter, the Transport for NSW, the New Zealand Reserve Bank, and others. You can find the report here (pdf). And while the investigation may be…