TLP:CLEAR Product ID: AA23-320A November 16, 2023 SUMMARY The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through…
Is a new ransomware group’s listing for Decatur Independent School District linked to an attack in September?
Decatur Independent School District in Texas was added to Inc Ransomware’s leak site on Wednesday. There is no summary or description of what the threat actors claim to have done or acquired. There is no countdown clock or timer, and there is no indication of how much money is being demanded. There is a proofpack….
Georgia School District Goes Offline After Suspicious Activity
Leon Stafford reports: Henry County Schools Superintendent Mary Elizabeth Davis said Tuesday leaders continue to investigate “suspicious activity” that has resulted in the district restricting Internet access since last week. In a video posted to YouTube, Davis did not say what activity led the south metro Atlanta district to decide to take its Internet offline…
AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC (2)
Earlier today, AlphV added MeridianLink to their leak site. MeridianLink (MLNK) is the provider of a loan origination system and digital lending platform for financial institutions. AlphV’s listing has been temporarily removed to be updated, but DataBreaches has learned some additional details from someone involved in the attack. The attack was last Tuesday, November 7….
Data security breach at Beaverton School District
KGW reports: The Beaverton School District has been hit by a cybersecurity breach that may have compromised student passwords, the district announced in a message posted to its website and sent to parents Tuesday evening. Student passwords to email accounts, Google documents, Canva and other platforms all may have been compromised. The district said it…
NoEscape gang adds two more medical entities to their leak site
The NoEscape ransomware gang claims to have attacked two more medical entities. The first one is Southeastern Orthopaedic Specialists, P.A. in North Carolina. According to the threat actors, the network was locked on October 25, and 3 GB of files were exfiltrated. From the expanded listing (not shown here), it also appears that Southeastern…