Brian Krebs reports: A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Experian accounts…
Category: Of Note
Microsoft accounts targeted with new MFA-bypassing phishing kit
Bill Toulas reports: A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. Researchers believe the campaign’s goal is to breach corporate accounts to conduct BEC (business email compromise) attacks, diverting payments to bank accounts under their control using falsified documents. The phishing campaign’s…
New York DFS Fines Robinhood $30M for “Significant” Cybersecurity Violations
Linn F. Freedman of Robinson + Cole writes: The New York Department of Financial Services (DFS) announced its first ever penalty against a cryptocurrency platform this week, with a whopping $30 million fine assessed against Robinhood Crypto, LLC (RHC) for what it described as “significant failures in the areas of bank secrecy act/anti-money laundering obligations and cybersecurity…
Update: Goodman Campbell Brain and Spine ransomware incident affected 362,833 patients and employees
On June 9, DataBreaches reported that Goodman Campbell Brain & Spine in Indiana had apparently become a ransomware victim of Hive threat actors on or about May 20. The threat actors added the medical practice to their dedicated leak site on June 8 and leaked a “proofpack” that contained passwords for accounts as well as…
First Choice Community Healthcare discloses breach but doesn’t reveal it was a ransomware attack
First Choice Community Healthcare (FCCH) is a non-profit healthcare system in New Mexico providing a range of services to the community. In a press release issued today, they describe a security incident that they discovered on March 27, 2022. The notice is also posted on their website. Their notice talks about how the incident “may…
Crypto Bridge Nomad Drained of Nearly $200 Million in Exploit
Sidhartha Shukla reports: Nomad, a bridge protocol for transferring crypto tokens across different blockchains, lost close to $200 million in a security exploit on Monday, according to security firm PeckShield Inc. The software system was drained of funds over hours and in small batches by various accounts, blockchain data shows. Read more at Bloomberg.