If anyone knows anything about the attack described below, please contact me via Signal or via email (see the Contact page for both). You can also reach me on Telegram @DissentDoe. And if you are the threat actor and are willing to delete/purge the data, please get in touch. Catalin Cimpanu made me aware of…
Category: Non-U.S.
UK: Gloucester Council cyber attack linked to Russian hackers
BBC reports: A cyber attack which has knocked out parts of a council website has been linked to the work of Russian hackers. Gloucester City Council became aware that its IT systems had been affected on 20 December last year. Since then, the council’s online revenue and benefits, planning and customer services have been affected….
Moncler confirms ransomware attack and data breach
Sead Fadilpašić reports: Italian luxury fashion brand Moncler has confirmed it suffered a major ransomware attack that led to a data breach. In a press release, the company said that after the incident occurred in late December last year, it had received a ransomware demand, which it rejected, as it goes “against its founding principles”. As a…
Kings Plant Barn the latest retailer hit by click-and-collect data breach
Chris Keall reports: Kings Plant Barn has contacted customers about a security breach to FlexBooker, the internet-based system it uses to organise click-and-collect bookings. Names, email addresses and collection times were exposed. But the gardening chain says no credit card, password details or mobile have been spilled. Read more at New Zealand Herald.
Unhappy New Year for cybercriminals as VPNLab.net goes offline
Do threat actors feel like walls are closing in on them? They might well be feeling that way — or maybe they should be feeling that way. From Europol, today: This week, law enforcement authorities took action against the criminal misuse of VPN services as they targeted the users and infrastructure of VPNLab.net. The VPN…
South Africa’s new traffic fine system exposed personal data
Jan Vermeulen reports: An online interface set up for the Administrative Adjudication of Road Traffic Offences (Aarto) system exposed the personal information of every South African who received an infringement notice under the new law. Personal data contained in the leak included full names, ID numbers, residential or business addresses, phone numbers, vehicle registration information,…