For the past year or more, I’ve been receiving numerous tips and notifications from trusted researchers about leaks and breaches involving entities in India. While some of the incidents involve alleged miscreants, other incidents involve human error or misconfiguration situations. But as many of us have experienced and reported, when it comes to data protection…
Category: Non-U.S.
Source code of Iranian cyber-espionage tools leaked on Telegram
Hell hath no fury like a vengeful insider, Wednesday edition. Catalin Cimpanu reports: In an incident reminiscent of the Shadow Brokers leak that exposed the NSA’s hacking tools, someone has now published similar hacking tools belonging to one of Iran’s elite cyber-espionage units, known as APT34, Oilrig, or HelixKitten. The hacking tools are nowhere near…
Experts: Breach at IT Outsourcing Giant Wipro
Brian Krebs reports: Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [NYSE:WIT] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. Wipro has refused to respond to questions about the alleged incident. Read more on…
Morrisons granted permission for Supreme Court appeal over data breach ruling
Sebastian McCarthy reports: Morrisons has been granted permission to appeal to the Supreme Court after losing a major court case over a data leak. In October the UK’s fourth-biggest supermarket lost an appeal against a High Court ruling that concluded the firm was legally liable for a former employee leaking personal information about 100,000 staff…
Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People’s Republic
John Hultquist, Ben Read, Oleg Bondarenko, and Chi-en Shen of FireEye explain: In early 2019, FireEye Threat Intelligence identified a spear phishing email targeting government entities in Ukraine. The spear phishing email included a malicious LNK file with PowerShell script to download the second-stage payload from the command and control (C&C) server. The email was…
Ca: Personal information safe after cyber-attack: Stratford city hall officials
Terry Bridge reports: Stratford city hall was the target of an apparent cyber-attack, but officials do not believe personal information was compromised. The city first acknowledged the incident in a Sunday night in a Facebook post. Stratford Mayor Dan Mathieson said Monday the city has determined it was a ransomware attack, but IT staff “found…