Graham Cluley writes: A former software engineer at Ubiquit Networks has been sent to prison for six years after stealing gigabytes of data from the firm, attempting to extort millions of dollars, and harming the company’s reputation in the media. Back in January 2021, networking manufacturer Ubiquiti told users to change their passwords and enable two-factor authentication (2FA),…
Category: Of Note
A harbinger of bad things to come?
Seen on the AlphV/BlackCat leak site today: ResultsCX | The result of many unknown breaches? 5/11/2023, 9:03:10 PM We have numerous accounts to share about how our organization was able to gain initial access to various fortune 100 companies using the ResultsCX network and credentials. Interestingly, these companies are completely unaware that we have accessed…
#StopRansomware: Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
Jen Easterly, Director of CISA, tweeted: In early May 2023, a group self-identifying as the Bl00dy Ransomware Gang was observed attempting to exploit vulnerable PaperCut servers at educational institutions. Read our joint advisory with @FBI and apply patches or workarounds today: http://go.dhs.gov/4sz The advisory is embedded below:
Brightly warns of SchoolDude data breach exposing credentials
Sergiu Gatlan reports: U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform. SchoolDude is a cloud-based platform for managing work orders used by over 7,000 colleges, universities, and K-12 schools from school…
Half of North Korean missile program funded by cyberattacks and crypto theft, White House says
Sean Lyngaas reports: About half of North Korea’s missile program has been funded by cyberattacks and cryptocurrency theft, a White House official said Tuesday. A sweeping US federal government effort is ongoing to understand how “a country like [North Korea] is so darn creative in this space,” Anne Neuberger, deputy national security adviser for cyber and emerging…
Za: Department of justice negligence leads to huge personal data loss
Rorisang Kgosana reports: The department of justice & constitutional development contravened the Protection of Personal Information (POPI) Act, resulting in the loss of more than 1,200 files. The Information Regulator issued an enforcement notice to the department this week for a September 2021 security breach on its IT systems. […] The security breach was caused…