For your “no need to hack when it’s leaking” files: Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained thousands of records belonging to Confidant Health — an AI-powered platform offering mental health and addiction treatment. The database contained patient PII, psychosocial assessments including details about mental health or substance abuse,…
Russian military hackers linked to critical infrastructure attacks
Sergiu Gatlan reports: The United States and its allies have linked a group of Russian hackers (tracked as Cadet Blizzard and Ember Bear) behind global critical infrastructure attacks to Unit 29155 of Russia’s Main Directorate of the General Staff of the Armed Forces (also known as GRU). In a joint advisory published today, the Russian GRU military intelligence hackers,…
Five Russian GRU Officers and One Civilian Charged for Conspiring to Hack Ukrainian Government
Six computer hackers, all of whom were residents and nationals of the Russian Federation (Russia), were charged in an indictment with conspiracy to commit computer intrusion and wire fraud conspiracy. Five of the defendants were officers in Unit 29155 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of…
The Protection of Critical Infrastructure (Computer System) Bill: Hong Kong’s first specific cybersecurity legislation
Tommy Liu and Kenneth Cheung of Hogan Lovells write: In late June 2024, the Security Bureau of the Hong Kong SAR Government (the “Government”) proposed the first specific cybersecurity legislation in Hong Kong, tentatively entitled the Protection of Critical Infrastructure (Computer System) Bill (the “Bill”), to strengthen the security of the computer systems of critical…
Microchip Technology confirms data was stolen in cyberattack
Sergiu Gatlan reports: American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang. Headquartered in Chandler, Arizona, the chipmaker has around 123,000 customers from multiple industry sectors, including industrial, automotive, consumer, aerospace and defense, communications, and computing…
Iran pays millions in ransom to end massive cyberattack on banks, officials say
Matthew Karnitschnig reports: A massive cyberattack that hit Iran last month threatened the stability of its banking system and forced the country’s regime to agree to a ransom deal of millions of dollars, people familiar with the case say. An Iranian firm paid at least $3 million in ransom last month to stop an anonymous…