Ernestas Naprys reports: Is there anything threat actors won’t do to gain initial access? Swiss authorities are warning about a new sophisticated cybersecurity threat – malicious counterfeit letters. Cyber bandits have launched a malicious campaign across Switzerland using counterfeit letters that appear to be from MeteoSwiss (the Federal Office of Meteorology and Climatology). The victims…
Category: Non-U.S.
Ransomware attack on Bucharest: data of hundreds of thousands of citizens involved
The following is an automated machine translation. Matthew Garvey reports: The data of approximately 200,000 citizens of Sector 5 (such as CNP, first and last name, address, among others) were put up for sale by the hackers who launched a cyber attack on the City Hall at the end of October. The attackers also gained…
Germany drafts law to protect researchers who find security flaws
Bill Toulas reports: The Federal Ministry of Justice in Germany has drafted a law to provide legal protection to security researchers who discover and responsibly report security vulnerabilities to vendors. When security research is conducted within the specified boundaries, those responsible will be excluded from criminal liability and the risk of prosecution. “Those who want…
Hackers claimed the FREE S.A.S. data had been sold. One now claims that wasn’t true. (1)
On October 26, FREE S.A.S., a major ISP in France, confirmed that it had been hacked after a threat actor calling himself “drussellx” listed customer data up for auction on a popular hacking forum. Drussellx claimed to have acquired the information of 19.2 million subscribers on October 17, 2024. The breach “affects all FREE Mobile and…
DDoS site Dstat.cc seized and two suspects arrested in Germany
Bill Toulas reports: The Dstat.cc DDoS review platform has been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years. The seizure and arrests were conducted as part of “Operation PowerOFF,” an ongoing international law enforcement operation that targets DDoS-for-hire platforms, aka “booters” or “stressers,” to…
No: Administrative fine issued to Grue municipality under GDPR
The Norwegian data protection authority (Datatilsynet) has imposed an administrative fine of NOK 250,000 [USD $22,669.69] on Grue municipality for breach of GDPR requirements. They explain: Personal data that should have been confidential was made available to unauthorised persons in the municipality’s public records. This constitutes a breach of the municipality’s duty to ensure adequate…