In May, Tiffany & Co. confirmed a data breach affecting an unspecified number of customers in South Korea. Tiffany is one of LVMH Moët Hennessy Louis Vuitton’s 75 high-end brands in six different sectors. On May 26, Tiffany Korea emailed select customers to notify them of a cybersecurity breach involving unauthorized access to a vendor…
Self-propagating supply chain attack hits 187 npm packages
Ax Sharma reports: Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack, with a malicious self-propagating payload to infect other packages. The coordinated worm-style campaign dubbed ‘Shai-Hulud’ started yesterday with the compromise of the @ctrl/tinycolor npm package, which receives over 2 million weekly downloads. Since then, the campaign has expanded significantly and…
Latvian health authority official and IT company head fined for data breach
From Latvian Public Media: The Kurzeme Regional Court has decided to overturn the acquittal of the District Court and to find guilty an official of a state institution for disclosing confidential information and a board member of a company for inciting a public official to disclose this information, Latvian Television reports on 17 September. Latvian…
Ransomware’s new frontier: Extortion attacks evolve in Asia Pacific
Joanna England reports: Akamai Technologies, the cybersecurity and cloud computing company that powers and protects business online, has found that bad actors are using a new quadruple extortion tactic in ransomware campaigns, while double extortion remains the most common approach. With ransomware accounting for more than half of the total data breaches in this region…
Scattered Spider Tied to Fresh Attacks on Financial Services
Mathew J. Schwartz reports: A member of the band of native English-speaking adolescent hackers lately calling itself Scattered Lapsus$ Hunters published Friday a semi-coherent screed proclaiming the collective would be “going dark.” Many cybersecurity experts responded with skepticism. Evidence suggests that at least some members of the loose-knit hacking collective are continuing to hit targets. Threat intelligence…
Conor Brian Fitzpatrick Re-Sentenced: Three years in prison plus 20 years supervised release for former BreachForums owner
Conor Brian Fitzpatrick, aka “Pompompurin” was re-sentenced today in federal court in Virginia. The government had sought a prison sentence of at least 188 months for the former owner of the original BreachForums, while the defense sought probation with weekend jail time for a year. Judge Leonie Brinkema, who had previously sentenced Fitzpatrick to time…