Jessica Lyons Hardcastle reports: Microsoft believes the gang who boasted it had stolen and leaked more than 200,000 Charlie Hebdo subscribers’ personal information is none other than a Tehran-backed gang. On Friday, Redmond’s Digital Threat Analysis Center (DTAC) attributed the cyber-heist to Iran’s Neptunium, which the US Department of Justice tracks as Emennet Pasargad. The…
Category: Of Note
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide; more than 500 systems affected already
Sergiu Gatlan reports: Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware. Tracked as CVE-2021-21974, the security flaw is caused by a heap overflow issue in the OpenSLP service that can be exploited by unauthenticated…
Julius ‘zeekill’ Kivimäki, former Lizard Squad hacker, arrested in France
Recidivism is a thing. Alexander Martin reports: Julius Kivimäki, the Finnish member of Lizard Squad — who as a teenager in 2015 was convicted on over 50,000 counts of computer crimes — has been arrested again in France. Finnish police confirmed the arrest on Friday in a press release stating the suspect is being held by…
HHS OCR Settles HIPAA Investigation with Banner Health Following 2016 Hacking Incident
The following is a press release from HHS. It is an update to a 2016 hacking incident previously covered on this site. The incident also resulted in a class action lawsuit that was settled for $6 million in 2019. February 02, 2023 Today, the U.S. Department of Health and Human Services’ Office for Civil Rights…
British Columbia: Mandatory breach reporting and privacy management program requirements now in effect for public bodies
February 1, 2023 Public bodies are now required to develop privacy management programs and report privacy breaches that could be expected to result in serious harm. The new requirements, which were among amendments to the Freedom of Information and Protection of Privacy Act (FIPPA) enacted in November 2021, came into force today. They apply to…
North Korean hackers stole research data in two-month-long breach
Bill Toulas reports: A new cyber espionage campaign dubbed ‘No Pineapple!’ has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction. The campaign lasted between August and November 2022, targeting organizations in medical research, healthcare, chemical engineering, energy,…