Joseph Menn reports: The massive hacking campaign disclosed by U.S. officials this week and tentatively attributed to the Russian government extended beyond users of pervasive network software that had been compromised. “The SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged,” said DHS’s Cybersecurity and Infrastructure Security Agency,…
Security breach on Emirati website leads to leaked info of Israelis
Tobias Siegal reports: An Emirati website has leaked the personal information of thousands of Israelis who used it for planning their trip to Dubai, the N12 news site reported Thursday. The Dubai-based website Sharaf Travels was used by many Israelis who took the exciting opportunity to vacation in Dubai, as new Middle East destinations traditionally closed to…
French pharmaceutical firm involved in packaging anti-COVID vaccines hit by cyberattack
On December 9, the European Medicines Agency reported that it had been a victim of a cyberattack. The announcement was of significant concern because EMA was considering was issuing authorizations for several COVID-19 vaccines. The next day, Pfizer announced that some documents it had submitted to EMA as part of that process had been involved…
Ca: Olympia House notifying patients about ransomware attack discovered in early August
On August 10, DataBreaches.net reported that Olympia House, an alcohol rehabilitation and drug treatment center in Petaluma, California had apparently been attacked by NetWalker ransomware threat actors but had not responded to an inquiry by this site. By November 9, Olympia House still had not posted any statement on their site or press release, and…
In 2020, COVID-19 also impacted the carding market
It’s always nice when trends make sense. And it’s even nicer when professionals watch and analyze those trends for us. In a report released this morning, Gemini Advisory looked at the carding market in 2020 and how the pandemic does correlate with a significantly decreased demand for Card Present (CP) data on the dark web…
Company that Provides Travel Emergency Services Settles FTC Allegations it Failed to Secure Sensitive Consumer Data
It feels like it’s been a while since we’ve seen an FTC data security case (well, apart from Zoom’s issues). Today, FTC issued a press release about a settlement stemming from SkyMed International’s misconfigured elastic search instance that exposed more than 130,000 people’s information. The exposed data were discovered by Jeremiah Fowler and reported in…