Catalin Cimpanu reports: A little-known cybercrime group has been relentlessly targeting companies across several industry sectors, including aviation, defense, and transportation, since at least 2017, security firm Proofpoint said in a report published today. Tracked using the codename of TA2541, the group has been one of the most persistent threats in recent years, even if their attacks have…
Category: Malware
National Math and Science Initiative notifies more than 190,000 of data security incident
The National Math and Science Initiative (NMSI) in Texas describes itself as a non-profit organization whose mission is to improve U.S. student performance in the subjects of science, technology, engineering, and math. According to their notification letter, on or about October 13, 2021, their AV software triggered an alert. Through the resulting investigation, NMSI determined…
San Francisco 49ers confirm ransomware attack
Catalin Cimpanu reports: The San Francisco 49ers NFL team has fallen victim to a ransomware attack that encrypted files on its corporate IT network, a spokesperson for the team has told The Record. The team confirmed the attack earlier today after the operators of the BlackByte ransomware listed the team as one of their victims on…
CaptureRx seeks court approval of lawsuit settlement; threatens to consider bankruptcy if not approved (updated)
Updated March 8: According to the TopClassActions website, the court has granted preliminary approval to a $4.75 million settlement between CaptureRX and consumers in six separate class-action lawsuits that all accused the pharmacy giant of negligence after a 2021 data breach: California residents whose information was stored with CaptureRX can submit claims of up to…
Indicators of Compromise Associated with BlackByte Ransomware
From a newly released Joint Cybersecurity Advisory: SUMMARY This joint Cybersecurity Advisory was developed by the Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) to provide information on BlackByte ransomware. As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure…
Wave of MageCart attacks target hundreds of outdated Magento sites
Bill Toulas reports: Analysts have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain loading a credit card skimmer on all of them. According to Sansec, the attack became evident late last month when their crawler discovered 374 infections on the same…