Gareth Corfield reports: Criminals infected the Salvation Army in the UK with ransomware and siphoned the organisation’s data, The Register has learned. A Salvation Army spokesperson confirmed the evangelical Christian church and charity was compromised, and said it alerted regulators in the UK. Read more on The Register.
Russian Hackers Mounted Cyber Attack on German Banks, Bild Says
Patrick Donahue and Jake Rudnitsky report: A hacker group linked to the Russian state known as “Fancy Bear” conducted a cyber attack on critical German infrastructure and the country’s banking system in the past few days, Bild newspaper reported, citing unidentified Western intelligence sources. A spokesman for Germany’s BSI Federal Cyber Security Authority said the agency has…
Indian tech startup exposed Byju’s student data
Zach Whittaker reports: India-based technology startup Salesken.ai has secured an exposed server that was spilling private and sensitive data on one of its customers, Byju’s, an education technology giant and India’s most valuable startup. The server was left unprotected since at least June 14, according to historical data provided by Shodan, a search engine for exposed…
Hackers use zero-day to mass-wipe My Book Live devices
Lawrence Abrams reports that preliminary reports attributing a mass-wipe to a CVE from 2018 were not quite the whole story. Western Digital had originally told BleepingComputer that the attacks were being conducted through a 2018 vulnerability tracked as CVE-2018-18472, which was not fixed as the device has been out of support since 2015. It turns out that…
Bucks County behavioral health and substance abuse nonprofit struck in cyberattack, urges clients to check their information
Anthony Salamone reports: The records of an unspecified number of clients of an Upper Bucks County behavioral-health and substance abuse nonprofit, which serves the Lehigh Valley, might have been stolen as part of a ransomware attack on the agency earlier this year. Penn Foundation in West Rockhill Township said it informed clients Tuesday of the…
New charges filed against Capital One hacker, trial postponed to 2022
Catalin Cimpanu reports: The US government has filed a superseding indictment against Paige A. Thompson, a former Amazon engineer accused of hacking Capital One and stealing the personal data of more than 100 million Americans. According to court documents filed earlier this month and obtained by The Record, the US Department of Justice has added seven new charges…