Jacquelyn Melinek reports: The U.S. Securities and Exchange Commission’s X account has been hacked, a spokesperson confirmed with TechCrunch on Tuesday afternoon. “The SEC’s @SECGov X/Twitter account has been compromised. The unauthorized tweet regarding bitcoin ETFs was not made by the SEC or its staff,” the spokesperson said. A similar statement was shared shortly after on the media…
US retail mortgage lender LoanDepot struggles with cyberattack
Frank Bajak reports: The U.S. retail mortgage lender LoanDepot is struggling to recover from a cyberattack that impacted its loan processing and phone service. In a filing on Monday with the Securities and Exchange Commission, the company said data was encrypted by the “unauthorized third party” who broke into company systems. It said certain unspecified…
Capital Health acknowledges a cyberattack last month but details are lacking
LockBit3.0 claims to have hit CapitalHealth.org in New Jersey. In a listing posted on their site on January 7, the threat actors write, “We purposely didn’t encrypt this hospital so as not to interfere with patient care. We just stole over 10 million files. Over 7 terabytes of medical confidentiality data valued at $250,000. That’s…
Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking
A detailed blog on Analysis of the Global Malware Trend: Exploiting Undocumented OAuth2 Functionality to Regenerate Google Service Cookies Regardless of IP or Password Reset. Pavan Karthick M writes: Executive Summary In October 2023, PRISMA, a developer, uncovered a critical exploit that allows the generation of persistent Google cookies through token manipulation. This exploit enables…
Resources: Breach notification laws: US and GDPR
The law firm of BakerHostetler has recently released several free resources of note: EU GDPR Data Breach Notification Interactive Map State Data Breach Notification Law Interactive Map PDF Version of State Data Breach Notification Laws They have also released their annual Data Security Incident Response Report for 2023. Thanks, as always, to Joe Cadillic for…
How 50% of telco Orange Spain’s traffic got hijacked — a weak password
Kevin Beaumont explains: So here’s a funny story. Earlier today, I noticed Orange Spain had an outage, caused by what appeared to be a BGP hijack: […] So, how did it happen? The threat actor accessed Orange’s RIPE account. RIPE look after internet IP addresses, basically the phone book of the internet. From their RIPE…