Catalin Cimpanu reports: Two hacker groups are responsible for a huge spike in the number of hacked Magento 2.x shopping sites, according to Willem de Groot, founder of Sanguine Security. This is now the third month in a row when the number of hacked Magento 2.x sites has doubled, after it previously doubled from March…
Category: Of Note
CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures
From Hunton Andrews Kurth: On June 6, 2019, the French Data Protection Authority (the “CNIL”) announced that it levied a fine of €400,000 on SERGIC, a French real estate service provider, for failure to (1) implement appropriate security measures and (2) define data retention periods for the personal data of unsuccessful rental candidates. Read more…
UK: TalkTalk hacker Daniel Kelley sentenced to 4 years in jail
From the Crown Prosecution Service: A blackmailing hacker behind the TalkTalk cyber-attack – which cost the company £77million after the personal details of 157,000 customers were stolen – has today (10 June) been sentenced. Daniel Kelley, 22, admitted targeting at least six organisations by threatening to sell their hacked data on the ‘dark web’ unless…
Eight years later, the case against the Mariposa malware gang moves forward in the US
Catalin Cimpanu reports: Eight years after US law enforcement opened a first case in the operations of the Mariposa (Butterfly Bot, BFBOT) malware gang, officials are now moving forward with new charges and arrest warrants against four suspects. The original case started way back in May 2011, when US officials first filed a complaint against…
“Achilles”, Hacker Behind Attacks on Military Shipbuilders, UNICEF & International Corporations
From AdvIntel: Executive Summary Background: “Achilles” is an English-speaking threat actor primarily operating on various English-language underground hacking forums as well as through secure messengers. Achilles specializes in obtaining accesses to high-value corporate internal networks. Verticals: Achilles victims are primarily private sector entities; however, the actor also targeted public domains, government-affiliated companies, and international organizations….
Sock company Bombas fined by NYS for delayed notification of data breach
There’s a follow-up to the Bombas breach that was previously reported on this site. Laura Italiano reports: Sock-maker Bombas has settled the most uncomfortable data-breach probe in the history of feet. New York Attorney General Letitia James on Thursday announced that Bombas LLC — whose ads call their products “the most comfortable socks in the…