Oracle continues to deny it had any breach, but customers and researchers are claiming otherwise. Lawrence Abrams reports: Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor…
Shifting the sands of RansomHub’s EDRKillShifter
Jakub Souček and Jan Holman report: The RansomHub ransomware-as-a-service (RaaS) operation affiliates were linked to established gangs Medusa, BianLian, and Play, which share the use of RansomHub’s custom-developed EDRKillShifter. ESET researchers take a look back at the significant changes in the ransomware ecosystem in 2024 and focus on the newly emerged and currently dominating ransomware-as-a-service…
Trump’s Top Aides Suffer Another Series of Embarrassing Data Blunders
Yasmeen Hamadeh reports: When it rains, it pours—at least that’s the case for Mike Waltz and the country’s top national security officials this week. After President Donald Trump’s national security adviser accidentally added a prominent journalist to a private Signal chat with more than a dozen top government officials, it emerged that he had made…
Ransomwared NHS software supplier nabs £3M discount from ICO for good behavior
Connor Jones reports the latest update on the ransomware attack affecting Advanced Computer Software: The UK’s data protection watchdog is dishing out a £3.07 million ($3.95 million) fine to Advanced Computer Software Group, whose subsidiary’s security failings led to a ransomware attack affecting NHS care. This is nearly half the fine the Information Commissioner’s Office provisionally floated…
Private Data and Passwords of Senior U.S. Security Officials Found Online
This will likely come as no surprise to many, but Spiegel International reports: Donald Trump’s most important security advisers used Signal to discuss an imminent military strike. Now, reporting by DER SPIEGEL has found that the contact data of some of those officials, including mobile phone numbers, is freely accessible on the internet. According to…
Defense Contractor MORSECORP Inc. Agrees to Pay $4.6 Million to Settle Cybersecurity Fraud Allegations
MORSECORP Inc. (MORSE), of Cambridge, Massachusetts, has agreed to pay $4.6 million to resolve allegations that MORSE violated the False Claims Act by failing to comply with cybersecurity requirements in its contracts with the Departments of the Army and Air Force. The settlement resolves allegations that MORSE submitted false or fraudulent claims for payment on contracts with…