Both Gemini Advisory and KrebsOnSecurity caught this one quickly. From Gemini Advisory: Joker’s Stash began uploading records as advertised on January 27. The breach was titled “BIGBADABOOM-III” and appeared in four different bases. The records included the state geolocation information, but not the city or ZIP Code as previously announced. The listed geolocation data for…
VillageCareMAX & VillageCare Rehabilitative & Nursing Center Notices of Data Privacy Incident After Business Email Compromise
The following is part of the notice Village Senior Services Corporation d/b/a VillageCareMAX posted on their website. Note that the attacker was apparently requesting names and Medicaid ID numbers, which makes me wonder what the plan for misuse was — insurance fraud, perhaps? VillageCareMAX (“VCMAX”) is providing notice of an incident that may affect the…
The average ransom demand for a REvil ransomware infection is a whopping $260,000
Catalin Cimpanu reports: .. in a report published today and shared with ZDNet, the security team at KPN, a Dutch telecommunications provider, said it was able to sinkhole and intercept the communications between REvil-infected computers and the REvil ransomware’s command-and-control (C&C) servers. KPN researchers say this allowed them to obtain unique insights into the operations of the…
‘SuperCasino’ Breached by Hackers and Customer Info Leaked
Bill Toulas reports: The online gambling platform is known as ‘SuperCasino’ has experienced a data breach that exposed sensitive information belonging to its customers. The incident came to light after several registered users received an email from SuperCasino which informed them about the leak. The organization claims that the people’s financial details such as credit cards, payment…
LabCorp website bug exposed thousands of medical documents
Zack Whittaker reports: A security flaw in LabCorp’s website exposed thousands of medical documents, like test results containing sensitive health data. …. This latest security lapse was caused by a vulnerability on a part of LabCorp’s website, understood to host the company’s internal customer relationship management system. Although the system appeared to be protected with a…
Georgia’s state agencies nearly recovered from last July’s Ryuk attack
Maggie Lee reports: About six months later and $750,000 poorer, Georgia is nearly back to normal after online attacks that blocked law enforcement officers and the public from accessing electronic records used to settle legal questions. But the money went to pay cyberattack insurance deductibles, not ransoms. Read more on Georgia Recorder.