In July, DataBreaches reported a data breach involving the plastic surgery practice of Gary Motykie, M.D. The incident, which appeared to be a hack with an extortion demand, had been reported to the Maine Attorney General’s Office, but an upset patient had also contacted NBC News in Los Angeles to reveal that a leak site…
Category: Commentaries and Analyses
Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed
Lorenzo Franceschi-Bicchierai reports on yet another incident in which responsible disclosure by a researcher and follow-up by media failed to get a company to address vulnerabilities that left the personal information of customers exposed: A company that makes a chastity device for people with a penis that can be controlled by a partner over the…
Why is .US Being Used to Phish So Many of Us?
Brian Krebs reports: Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only…
“It can be confirmed the system of the Department of Defence has not been hacked”- SANDF
Yesterday, DataBreaches reported on SNAtch Team and how they were not a ransomware gang or using what had been referred to as the Snatch locker or ransomware. In that report, DataBreaches included a description provided by their spokesperson about their attack on the South Africa Department of Defense — an attack that SANDF initially dismissed…
At some point, SNAtch Team stopped being the Snatch ransomware gang. Were journalists the last to know?
In December 2019, Sophos published an analysis of Snatch ransomware. In June 2020, DFIR Report provided a case study, and in July 2020, LIFARS wrote an article about Snatch ransomware having been detected in attacks in June. Since then, the Snatch leak site has continued to add victims and the media (including DataBreaches) has continued to…
Education Sector Heavily Targeted as the School Year Begins
A threat highlight from the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC): Summary As the 2023 school year begins, threat actors are poised to launch various types of cyberattacks ranging from direct deposit scams to ransomware. The education sector is often targeted during holiday breaks. Threat actors take advantage of this pastime when staff is away or just…