Catalin Cimpanu reports: Security researchers have uncovered a new Russian-speaking hacking group that they claim has been focusing on the past three years on corporate espionage, targeting companies across the world to steal documents that contain commercial secrets and employee personal data. Named RedCurl, the activities of this new group have been detailed in a 57-page…
Category: Hack
OH: Premier Health Partners Discloses Breach, but No Notifications to Patients Yet
Well, they know something happened, but they haven’t completed their identification of whom they need to notify yet, it seems. From a notice on Premier Health Partners‘ web site: Premier Health Partners (“Premier Health”) is providing notice of an incident that may impact the privacy of personal information for certain patients and clients of the…
Hacking medical devices to hijack secure facilities
Fahmida Y. Rashid reports: People entering secure facilities—such as those found in military, security, and government agencies—are often asked to hand over their connected devices such as fitness trackers and smartphones. Those devices are stored in secure lockers and then returned when their owners leave the facility. All this is done in the name of…
Scholarship America notifies individuals of breach
There have been so many Blackbaud-related security notifications that my first thought was that one by Scholarship America would be more of the same. But it’s not. It’s another hack involving Microsoft Office 365 accounts, which has been a growing problem this year. From their press release yesterday: – Scholarship America, a nonprofit organization that manages…
Capital One fined $80 million for 2019 hack of 100 million credit card applications
Devlin Barrett reports: Capital One has agreed to pay an $80 million fine to U.S. regulators over a major hacking incident last year in which authorities say about 100 million credit card applications were illegally accessed. The Virginia-based bank with a popular credit card business said it has taken steps to tighten security around its…
Hacker leaks passwords for 900+ enterprise VPN servers
Catalin Cimpanu reports: A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community. Read more…