Gemini Advisory reports: Gemini Advisory’s analysts uncovered a September 14, 2020 post on a Russian-language dark web forum by a cybercriminal group operating under the moniker “LockBit,” in which they advertised starting their own blog under the same name. LockBit is a Russian-language ransomware team, alongside “REvil”/”Sodinokibi” and “Maze,” that advertises its services on Russian-language dark web…
NY Attorney General James Gets Dunkin’ to Fill Holes in Security, Reimburse Hacked Customers
New York Attorney General Letitia James today announced a settlement with Dunkin’ Brands, Inc. (Dunkin’) — franchisor of Dunkin’ Donuts — resolving a lawsuit over the company’s failure to respond to successful cyberattacks that compromised tens of thousands of customers’ online accounts. The settlement requires the company to notify customers impacted in the attacks, reset those customers’…
Two Alleged Hackers Charged with Defacing Websites Following Killing of Qasem Soleimani
Two alleged computer hackers were indicted in the District of Massachusetts on charges of damaging multiple websites across the United States as retaliation for United States military action in January 2020 that killed Qasem Soleimani, the head of the Islamic Revolutionary Guard Corps-Quds Force, a U.S.-designated foreign terrorist organization. Behzad Mohammadzadeh (a/k/a “Mrb3hz4d”), believed to…
School districts in New Jersey and California join the list of ransomware victims
Schools are off to a rough start this year. Apart from grappling with edtech and security issues in light of the increased use of virtual learning, school districts are being increasingly attacked by ransomware groups. These ransomware threat actors pose a double threat: they not only encrypt a district’s system(s) to make functioning impossible unless…
SunCrypt ransomware threat actors claim theft of University Hospital New Jersey files
Ax Sharma reports: University Hospital New Jersey (UHNJ) has suffered a massive data leak with over 48,000 documents floating on the dark web. An anonymous tip sent to BleepingComputer shows the different types of documents found in the leaked data dump. Read more on BleepingComputer, who provide a lot of redacted screenshots from a data dump…
Magento online stores hacked in largest campaign to date
Catalin Cimpanu reports: More than 2,000 Magento online stores have been hacked over the weekend in what security researchers have described as the “largest campaign ever.” The attacks were a typical Magecart scheme where hackers breached sites and then planted malicious scripts inside the stores’ source code, code that logged payment card details that shoppers…