WASHINGTON – The U.S. Attorney’s Office filed a civil forfeiture complaint in U.S. District Court for the District of Columbia against more than $225.3 million in cryptocurrency. According to the complaint, the U.S. Secret Service and the FBI used blockchain analysis and other investigative techniques to determine that the cryptocurrency is connected to the theft…
Category: Miscellaneous
Copilot AI Bug Could Leak Sensitive Data via Email Prompts
Rashmi Ramesh reports: A well-phrased email was all an attacker would have needed to trick Microsoft Copilot into handing over sensitive data until the operating system giant patched the vulnerability. The vulnerability in Microsoft 365 Copilot allowed attackers to extract sensitive data through a zero-click prompt injection attack, said researchers from Aim Security. Dubbed “EchoLeak” and tracked…
Sentara Health terminates remote employees after realizing they couldn’t be sure who was doing the work.
Hiring employees who work remotely can pose additional challenges for security and compliance with regulations. In March, Sentara Health disclosed an incident concern that resulted in the notification of 1,620 patients. They described the concern this way: In December, the Sentara Health’s Lab Services department hired an individual to process lab requisitions. Lab requisitions are…
Evoke Wellness to Pay $1.9 Million to Settle FTC Claims That They Misled Consumers Seeking Substance Use Disorder Treatment
Evoke allegedly used Google ads and telemarketing to pretend to be other clinics; court order permanently bans them from similar deceptive conduct On June 10, DataBreaches sent Evoke Wellness in Hilliard, Ohio an inquiry about an insider-wrongdoing breach reported in Ohio media but not mentioned on their website. There has been no reply as of…
Zaporizhzhia Cyber Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
The following is a machine translation from a report in Ukrainian by the country’s national police cyber department: A 35-year-old man hacked more than 5,000 customer accounts of a world-famous hosting company to generate cryptocurrency on the organization’s servers. The defendant faces up to 15 years in prison. Police officers determined that a 35-year-old native…
Google: Hackers target Salesforce accounts in data extortion attacks
Bill Toulas reports: Google has observed hackers claiming to be the ShinyHunters extortion group conducting social engineering attacks against multi-national companies to steal data from organizations’ Salesforce platforms. According to Google’s Threat Intelligence Group (GTIG), which tracks the threat cluster as ‘UNC6040,’ the attacks target English-speaking employees with voice phishing attacks to trick them into…