The Canadian Press reports: Shopify Inc. is working with the FBI after two “rogue members” of its support team engaged in a scheme to illegitimately obtain customer transactional records of some merchants. The Ottawa-based tech firm says it terminated the employees’ access to its network and referred the data breach to law enforcement. Read more…
A bit more on Nathan Wyatt’s sentencing and what happens next
Because I had no idea how some things work when a convicted defendant is a foreign national who is supposed to pay restitution, and because I found some elements of Nathan Wyatt’s sentence confusing, I followed up with the U.S. Department of Justice on his sentence (see my previous post about his guilty plea and…
International Sting Against Dark Web Vendors Leads to 179 Arrests — Europol
A major press release from Europol today: Today, a coalition of law enforcement agencies across the world announced the results of a coordinated operation known as DisrupTor which targeted vendors and buyers of illicit goods on the dark web. This operation follows the takedown in May of last year of Wall Street Market, the world’s then…
US cybersecurity agency issues super-rare emergency directive to patch Windows Server flaw ASAP
Robbie Harb reports: Uncle Sam’s Cybersecurity and Infrastructure Security Agency (CISA) has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch. The directive, issued on September 18, demanded that executive agencies to take “immediate and emergency action” to patch CVE-2020-1472, the CVSS-perfect-ten-rated…
Top Australian tenancy blacklist firm under investigation by information commissioner
Ben Butler reports: The federal information commissioner is investigating a potential data breach at one of Australia’s biggest tenancy blacklists, run by Sydney company Trading Reference Australia (TRA). TRA has moved to stymie the investigation, obtaining a federal court injunction that quashes an order from the commissioner that it hand over information about the breach….
WastedLocker explained: How this targeted ransomware extorts millions from victims
Lucian Constantin reports: WastedLocker is a ransomware program that started hitting businesses and other organizations in May 2020 and is known for its high ransom demands reaching millions of dollars per victim. It is the creation of a group of highly skilled cybercriminals that have been operating for over a decade despite being criminally indicted…