Bill Toulas reports: Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors. According to the Google Threat Intelligence Group (GITG), the attackers keep employing their usual tactics that do not include vulnerability exploits but rely on perfectly executed social engineering…
Category: Hack
The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app
Kevin Collier and Angela Yang report: Hackers have breached the Tea app, which recently went viral as a place for women to safely talk about men, and tens of thousands of women’s selfies and photo IDs have now seemingly been leaked online. A spokesperson confirmed the hack Friday afternoon. The company estimates that 72,000 images, including…
Au: Qantas hackers gave airline 72-hour deadline
David Hollingworth reports: A collective claiming to be behind Qantas’ recent cyber hack sent the airline nine pages of data it had apparently stolen from customers and then demanded a reply within 72 hours. The threat was revealed in documents that the Flying Kangaroo submitted to court to obtain an injunction, which has, for the first…
U.S. nuclear and health agencies hit in Microsoft SharePoint breach
Ellen Nakashima, Joseph Menn and Carolyn Y. Johnson report: The National Institutes of Health and the federal agency responsible for securing the nation’s nuclear weapons were among the victims in a global breach of Microsoft server software over the weekend, according to officials at the agencies. The incident at NIH, which has not been previously reported, involved…
Russia suspected of hacking Dutch prosecution service systems
Dutch News reports: There are “strong indications” that Russia was behind a cyber attack on the Dutch public prosecution department’s internal systems, justice ministry sources have told the AD. The affected systems contain sensitive information on ongoing police investigations and court cases, as well as personal data on staff. The department has not yet said…
Paying cyberattackers is wrong, right? Should Taos County’s incident be an exception? (1)
How many times have we read that paying a threat actor’s extortion demands only encourages more financially motivated crime and doesn’t ensure that the data won’t be retained or re-sold or leaked? Those making that argument appear to be generally correct, but are there exceptions? For years now, DataBreaches has gone back and forth between…