It has been more than three years since a threat actor or group calling themselves thedarkoverlord (TDO) dramatically announced that they were hacking medical practices and demanding large amounts of bitcoin to not dump or sell patient data. Tomorrow, one man allegedly associated with TDO will be hoping that his lawyers can successfully appeal a…
Category: Of Note
Hackers Breach Avast Antivirus Network Through Insecure VPN Profile
Ionut Ilascu reports: Hackers accessed the internal network of Czech cybersecurity company Avast, likely aiming for a supply chain attack targeting CCleaner. Detected on September 25, intrusion attempts started since May 14. Following an investigation, the antivirus maker determined that the attacker was able to gain access using compromised credentials via a temporary VPN account….
Russian cyberattack unit ‘masqueraded’ as Iranian hackers, UK says
Helen Warrell in London and Henry Foy report: A Russian cyber espionage unit has hacked Iranian hackers to lead attacks in more than 35 countries, a joint UK and US investigation has revealed. The so-called Turla group, which has been linked with Russian intelligence, allegedly hijacked the tools of Oilrig, a group widely linked to the…
The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History
Andy Greenberg reports: Just before 8 pm on February 9, 2018, high in the northeastern mountains of South Korea, Sang-jin Oh was sitting on a plastic chair a few dozen rows up from the floor of Pyeongchang’s vast, pentagonal Olympic Stadium. He wore a gray and red official Olympics jacket that kept him warm despite the…
Equifax used ‘admin’ as username and password for sensitive data: lawsuit
Ethan Wolff-Mann reports: Equifax used the word “admin” as both password and username for a portal that contained sensitive information, according to a class action lawsuit filed in federal court in the Northern District of Georgia. The lawsuit, filed in January, went viral on Twitter Friday after Buzzfeed reporter Jane Lytvynenko came across the detail. Read more…
Mishandling of Veterans’ Sensitive Personal Information on VA Shared Network Drives — Audit by Veterans Affairs OIG
VA OIG 19-06125-218 | October 17, 2019 From the Executive Summary: The OIG team found that veterans’ sensitive personal information was left unprotected on two shared network drives, where it was accessible to VSO officers who did not represent those veterans. Senior Office of Information and Technology (OIT) representatives told the team that other authenticated…