In response to the takedown notice on their original leak site and other damage done to their operations as described in the DOJ press release and warrant application that was unsealed today, AlphV posted this: As you all know, the FBI got the keys to our blog, now we’ll tell you how it was. First,…
Category: Of Note
Comcast Cable Communications notifies 35,879,455 consumers affected by Citrix incident
The timeline from their notification to consumers tells the sad story: Notice of Data Security Incident We are notifying you of a recent data security incident involving your personal information. This notice explains the incident, steps Xfinity has taken to address it, and guidance on what you can do to protect your personal information. What…
Big news from DOJ: Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant
FBI Offers Decryption Tool to Over 500 Victims Around the World, Additional Victims Encouraged to Come Forward The Justice Department announced today a disruption campaign against the Blackcat ransomware group — also known as ALPHV or Noberus — that has targeted the computer networks of more than 1,000 victims and caused harm around the world…
China issues draft contingency plan for data security incidents
Eduardo Baptista reports: China on Friday proposed a four-tier classification to help it respond to data security incidents, highlighting Beijing’s concern with large-scale data leaks and hacking within its borders. The contingency plan comes amid heightened geopolitical tensions with the United States and its allies and follows an incident last year when a hacker claimed…
Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors
Ryan Tomcik, Adrian McCabe, Rufus Brown, and Geoff Ackerman write: Earlier this year, Mandiant’s Managed Defense threat hunting team identified an UNC2975 malicious advertising (“malvertising”) campaign promoting malicious websites themed around unclaimed funds. This campaign dates back to at least June 19, 2023, and has abused search engine traffic and leveraged malicious advertisements to affect…
FCC Approves Major Updates to Data Breach Notification Rules
Chris Riotta reports: The U.S. Federal Communications Commission voted Wednesday along party lines to update 16-year-old privacy protection rules and expand breach notification requirements as part of an effort to provide law enforcement and the public with real-time information about harmful data breaches. The new rule expands the scope of the FCC’s breach notification requirements…