As if we didn’t have enough breaches that start by compromising an employee’s email account, now there’s more to worry about. Imagine that despite training your employees to be careful, and despite using updated AV or other software to detect nasties, a threat actor could deliver malware-laden emails directly into your employees’ inboxes. Will employees…
Pell City notifies residents of vendor breach
On September 20, this site noted a breach impacting some residents of Pell City, Alabama. At that time, there were many unanswered questions based on the little the city had disclosed. Now they have published a press release that reveals that the breach involved their vendor, Technology Management Resources (TMR). The TMR breach had been…
Breach Lawsuit Spotlights Complex Vendor Issues
Marianne Kolbasuk McGee reports on a lawsuit that stems from a breach first reported on this site in March, 2019. She reports: A medical device maker has sued an IT vendor in the wake of an email server migration mishap that exposed the health data of more than 277,000 individuals. The case illustrates the complexities…
More drama on a forum, and a slew of new databases dumped
It looks like the threat actor known as ShinyHunters was active again. It also looks like there was some drama about a sale of databases that was supposed to be exclusive but wasn’t, and databases and links to databases getting dumped. What databases, you wonder? Well, BleepingComputer reports on the Animal Jam database, and there…
Ransomware Group Turns to Facebook Ads
Brian Krebs reports: It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. Read more on KrebsOnSecurity.com. The Ragnar Locker threat actors…
Melbourne firm denies data stolen during ransomware attack
Sam Varghese reports: A Melbourne firm which suffered a hit from cyber criminals using the Windows REvil ransomware has denied that any data was exfiltrated from its site, as was reported in these columns. A spokesperson from Nexia Australia and New Zealand, a network of solutions-focused accountancy and consultancy firms, said the attack had taken…