Sergiu Gatlan reports: The MuddyWater threat group has been updating its tactics, techniques, and procedures (TTPs) to include a number of new anti-detection techniques designed to provide remote access to compromised systems while evading detection as part of a new campaign dubbed BlackWater. MuddyWater (also known as SeedWorm and TEMP.Zagros) is an advanced persistent threat (APT) group — or a…
Category: Non-U.S.
Millions of Instagram influencers had their private contact data scraped and exposed
Zack Whittaker reports: A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online. The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but…
Canadian company pleads guilty to peddling vast database of personal information
The Canadian Press reports: The RCMP says a Canadian-based company that peddled an illicit trove of 1.5 billion user names and associated passwords has pleaded guilty to criminal charges. In a news release, the Mounties say Defiant Tech Inc. admitted in court Friday to trafficking in identity information and possession of property obtained by crime…
Lithuanian watchdog issues first GDPR fine
Sam Clark reports: Lithuania’s data protection authority has fined a payments processing company for breaching three provisions of the GDPR. The State Data Protection Inspectorate has levied a €61,500 fine against fintech company MisterTango for inappropriate data processing, disclosing personal data and failing to report a breach, it said today. The authority said that the…
Ca: $60 million class-action lawsuit denied by judge
CTV reports: A proposed class-action lawsuit seeking $60 million in damages against Casino Rama following a cyber-attack has been denied. Lawyers for the plaintiffs argued as many as 200,000 people might have had their personal information stolen in the hack, including employees and patrons. In November 2016, the casino announced it had been the victim…
Singapore Red Cross website hacked; more than 4,000 blood donors’ info compromised
Digital Journal reports: The Singapore Red Cross said Thursday its website had been hacked and the personal data of more than 4,000 potential blood donors compromised in the latest cyber attack on the city-state. Singapore, one of the world’s most digitally advanced countries, has been the target of multiple high-profile hacks in recent times, including…