Hannah Miller reports: Following a high-profile hack last week, crypto wallet-maker Ledger said it will cover the roughly $600,000 worth of assets lost by victims. The Paris-based startup’s Ledger Connect Kit software became compromised following a phishing attack on a former employee. The hacker published malicious code that redirected user funds to their own wallet during transactions…
AlphV reacts to law enforcement action by allowing affiliates to attack hospitals, critical infrastructure
In response to the takedown notice on their original leak site and other damage done to their operations as described in the DOJ press release and warrant application that was unsealed today, AlphV posted this: As you all know, the FBI got the keys to our blog, now we’ll tell you how it was. First,…
Comcast Cable Communications notifies 35,879,455 consumers affected by Citrix incident
The timeline from their notification to consumers tells the sad story: Notice of Data Security Incident We are notifying you of a recent data security incident involving your personal information. This notice explains the incident, steps Xfinity has taken to address it, and guidance on what you can do to protect your personal information. What…
Big news from DOJ: Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant
FBI Offers Decryption Tool to Over 500 Victims Around the World, Additional Victims Encouraged to Come Forward The Justice Department announced today a disruption campaign against the Blackcat ransomware group — also known as ALPHV or Noberus — that has targeted the computer networks of more than 1,000 victims and caused harm around the world…
Four Held in ICMR Data Leak Case
Ishaan Negi reports: It has emerged that the Indian Council of Medical Research’s (ICMR) data bank contained over 81 crore Indians’ personal information, a startling discovery that shocked the whole country. The breach, which was uncovered by central intelligence agencies two months ago, presents grave questions regarding the protection of private data and the possible…
If at first you don’t succeed, screw it up again?
In mid-November, DataBreaches reported that AlphV threat actors had added MeridianLink to their leak site. When their victim wouldn’t pay them, AlphV (aka “BlackCat”) filed a complaint with the Securities & Exchange Commission alleging that MeridianLink failed to comply with the SEC’s new cybersecurity rule requiring notification within four days of discovering a material breach….