In September 2022, DataBreaches reported Stratford University had been the target of three ransomware attacks in previous months by REvil, Snatch Team, and Avos Locker. Snatch Team and Avos Locker had informed DataBreaches that neither had encrypted Stratford’s files; they exfiltrated and attempted to ransom them. Stratford never responded to inquiries from DataBreaches about the multiple…
Category: Of Note
Alleged French cybercriminal to appear in Seattle on Friday on indictment for conspiracy, computer intrusion, wire fraud and aggravated identity theft
The following is the DOJ’s press release on Sebastien Raoult: Seattle – A 21-year-old French citizen from Epinal, France, will appear tomorrow January 27, 2023, in U.S. District Court in Seattle on a nine-count indictment alleging conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, four counts of wire fraud and three counts…
Former employee exfiltrated some employee data improperly — Credit Suisse AG
On January 20, the data protection officer for Credit Suisse AG filed a breach notification with the Maine Attorney General’s Office. According to their notice, a breach occurred on or about January 1, 2016. The exact date was unknown, and the breach reportedly wasn’t discovered until December 21, 2022. The summary description of the incident…
NIST Requests Comments on Potential Significant Updates to the Cybersecurity Framework
Micaela McMurrough, Ashden Fein, Caleb Skeath, and Matthew Harden of Covington and Burling write: On January 19, 2023, the National Institute of Standards and Technology (“NIST”) published a Concept Paper setting out “Potential Significant Updates to the Cybersecurity Framework.” Originally released in 2014, the NIST Cybersecurity Framework (“CSF” or “Framework”) is a framework designed to assist organizations with…
Twitter GodMode still available to all engineers, following hack of Apple and other accounts
Ben Lovejoy reports: Twitter GodMode – an internal tool that hackers used to tweet from high-profile accounts, including Apple, back in 2020 – remains available to all of the company’s engineers, according to a new report today. […] The Washington Post reports that a whistleblower reported this to Congress back in October, and it has now been shared…
LastPass owner GoTo says hackers stole customers’ backups
Carly Page reports: LastPass’ parent company GoTo — formerly LogMeIn — has confirmed that cybercriminals stole customers’ encrypted backups during a recent breach of its systems. The breach was first confirmed by LastPass on November 30. At the time, LastPass chief executive Karim Toubba said an “unauthorized party” had gained access to some customers’ information stored in a third-party…