I’ve posted links to some other reports on this topic earlier today, but just came across Intel 471’s post. Sometimes, even criminals are on the bad end of a breach. Since the beginning of the year, Intel 471 has observed four well-known cybercriminal forums dealing with a breach, including two since the beginning of March….
Category: Hack
Report: Russian hackers exploit Lithuanian infrastructure
AP reports: Hacker groups linked to Russian intelligence conducted cyber-attacks against top Lithuanian officials and decision-makers last year and used the Baltic nation’s technology infrastructure as a base to hit targets elsewhere, a report by Lithuania’s intelligence service said Thursday. The annual national security threat assessment report claimed that, among others, the Russian cyber-espionage group…
Elite Cybercrime Forum “Maza” Breached by Unknown Attacker
Wow. From Flashpoint, yesterday: On March 3, 2021, Flashpoint detected a breach of the elite Russian cybercrime forum known as “Maza” (originally called “Mazafaka”). This breach follows recent attacks (both attempted and successful) on other Russian cybercrime forums, including the takeover of Russian-language forum Verified. Known to be in operations as far back as 2003, Maza…
Rookie coding mistake prior to Gab hack came from site’s CTO
Sometimes you read a story and think, “Oh. This is just too perfect.” This is one of those times. Dan Goodin reports: Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of…
Mandiant issues final report on its investigation into Accellion breach
Yesterday, Mandiant issued its final report on its investigation into the Accellion data breach that impacted a number of its big clients including Jones Day law firm, SingTel, Bombardier, Goodwin Procter, the Transport for NSW, the New Zealand Reserve Bank, and others. You can find the report here (pdf). And while the investigation may be…
European e-ticketing platform Ticketcounter extorted in data breach
Lawrence Abrams reports: A Dutch e-Ticketing platform has suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server. Ticketcounter is a Dutch e-Ticketing platform that allows clients, such as zoos, parks, museums, and events, to provide online tickets to their venue. Read more on…