I am guessing that the breachforums[.]hn leak site for ScatteredLAPSUS$Hunters is in the process of being seized. A whois lookup now shows that the name servers have been changed to hans.ns.cloudflare.com and surina.ns.cloudflare.com, which I am guessing are government accounts. The onion site appears intact. This post will be updated as the situation evolves.
Category: Of Note
Just days before its data might be leaked, Qantas Airways obtained a permanent injunction
In July, DataBreaches reported that Qantas had obtained a preliminary injunction prohibiting the publication of any customer data stolen from it in a cyberattack by “persons unknown.” Those defendants were served with the injunction via email and online means. Although Qantas did not reveal who signed the ransom note, ShinyHunters and Scattered Spider didn’t hesitate…
Flagstar Agrees to $31.5 Million Deal in Accellion-Breach Suit
Christopher Brown reports: Flagstar Bank NA agreed to pay $31.5 million to settle allegations it failed to protect the personal information of nearly 2.2 million people in data breaches linked to Accellion Inc.’s file-transfer software. Class members would be eligible for up to $25,000 in documented monetary losses, three years of credit monitoring services, and…
Clop extortion emails claim theft of Oracle E-Business Suite data
Lawrence Abrams reports: Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems. According to Genevieve Stark, Head of Cybercrime and Information Operations Intelligence Analysis at GTIG, the campaign began in late September. “This activity began on…
Hackers say they have deleted children’s pictures and data after nursery attack backlash
Joe Tidy reports: Hackers who attempted to extort a nursery chain by posting stolen images and data about children on the darknet have removed the posts and claim to have deleted the information. The criminals began posting profiles of the children to their website last Thursday, adding another 10 children days later and vowing to continue until Kido Schools…
CISA Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices
This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices. CISA is aware of an ongoing exploitation campaign by an advanced threat actor targeting Cisco Adaptive Security Appliances (ASA). The campaign is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated…