The Office of Inadequate Security
The Pacific Pulmonary Medical Group (PPMG) in California has a significant data breach problem, but if you were to visit its website today, you’d have no clue that anything is amiss. On October 25, Everest Team added PPMG to its dark web leak site. The unencrypted personal and protected health information that they subsequently dumped…
Bill Toulas reports: Russian state hackers APT28 (Fancy Bear/Forest Blizzard/Sofacy) breached a U.S. company through its enterprise WiFi network while being thousands of miles away, by leveraging a novel technique called “nearest neighbor attack.” The threat actor pivoted to the target after first compromising an organization in a nearby building within the WiFi range. The attack…
Daniel Croft reports: The incident was claimed by CyberN—–s members IntelBroker and EnergyWeaponUser, who originally said it was a Tesla EV charging station database containing files that belonged to Tesla. However, thanks to a tipoff by researcher DarkWebInformer and IntCyberDigest, the threat actors amended the listing to say it was a “random 3rd party company…
Mikael Thalen reports: An online course founded by far-right influencer Andrew Tate was breached by hackers, revealing the email addresses of roughly 325,000 users. The self-described online university, known as The Real World, offers users “advanced training and mentoring” for around $50 per month. Formerly known as Hustler’s University, the platform focuses on topics such…
Central Group is a multinational conglomerate in Thailand that describes itself as one of the largest private commercial conglomerates in Thailand with more than 50 subsidiaries and six key business lines. In October 2021, DataBreaches reported an attack on the Central Restaurant Group by threat actors called DESORDEN. When negotiations failed, DESORDEN revealed details about…
Brian Krebs reports: The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly…