Yelisey Boguslavskiy writes: On October 23, 2020, a Russian-speaking tech blog YouTube channel “Russian OSINT” published an interview with one of the representatives of the REvil ransomware syndicate – “UNKN”/”Unknown”. A twenty-minute interview covers important subjects such as victims, tactics, and strategies employed by REvil. While some of the information shared by UNKN has already…
Category: Commentaries and Analyses
AU: ADHA records two My Health Record security incidents in FY20
Aimee Chanthadavong reports: The agency responsible for oversight of My Health Record has revealed there were two incidents that compromised the medical records system during the 2019-20 financial year. In its annual report, the Australian Digital Health Agency (ADHA) outlined how one matter reported to the Office of the Australian Information Commissioner (OAIC) involved a breach to…
As international travel services re-open, fraudsters resume
When COVID-19 travel restrictions eased as countries tried to re-open borders to travelers, researchers at Gemini Advisory observed that the sale of travel services — both legal and illegal — started to increase, opening up more opportunities for cybercriminals to monetize stolen payment card data. For those not really knowledgeable about travel services fraud, Gemini…
Data breaches upping ATO fraud ‘red flags’
Asha Barbaschow reports: The Australian Taxation Office (ATO) has a “red flag” feature, which serves up a “ping” whenever an individual or business has been suspected of having fraudulent activity conducted against their name or if their account has been compromised. Facing Senate Estimates on Tuesday, ATO client engagement second commissioner Jeremy Hirschhorn explained that…
Update: Has Guilford Technical Community College notified more than 43,000 students of data breach?
On September 19, DataBreaches.net reported that Guilford Technical Community College (GTCC) in North Carolina had apparently become a ransomware victim of DoppelPaymer on September 13. But on October 6, GTCC was no longer listed on the threat actors’ dedicated leak site. The removal of a victim’s name often indicates that the victim had a change…
Donald Trump’s Twitter password is “maga2020!”, and there’s no 2FA, claims hacker
Updated: The claims made by Victor Gevers, reported below, have been disputed by Twitter, Trump’s team, and an article by Joe Cox on Vice. —————————– Graham Clulely reports that President Trump, whose password back used to be “yourefired” used “Maga2020!” as his Twitter password, with no 2FA. Read more on Graham’s site while some of…