The CL0P ransomware gang has added the NYC Bar Association to their leak site today. Unsurprisingly, the threat actors have some unkind words for their victim: The New York City Bar is example of one more institution who not take their obligation to secure client, employee and case data seriously. We download more than 1.8tb…
Bits ‘n Pieces (Trozos y Piezas)
ES: City Council of Durango “Completely Paralyzed” by Cyberattack The City Council of Durango in Biscay reports it is “completely paralyzed” by a cyberattack last Saturday. The news site Durangon quotes the Deputy Mayor, Iker Urkiza (machine translation) that the ‘hacking “has been serious” and that it will paralyze their computer systems “for weeks.” According…
Canada’s Okanagan College warns of potential privacy breach after cyber attack
On Wednesday, CBC reported: Nearly 16,000 students and 1,200 staff at Okanagan College are still unable to access campus network services after a cyber attack earlier this week. In a written statement Wednesday, college president Neil Fassina said the institution’s information technology services team uncovered a cyber security attack on Monday at around 6:15 a.m….
Lorenz ransomware gang plants backdoors to use months later
Ionut Ilascu reports: Security researchers are warning that patching critical vulnerabilities allowing access to the network is insufficient to defend against ransomware attacks. Some gangs are exploiting the flaws to plan a backdoor while the window of opportunity exists and may return long after the victim applied the necessary security updates. One case is a…
A Police App Exposed Secret Details About Raids and Suspects
Dhruv Mehrotra reports: Last September, law enforcement agents from five counties in Southern California coordinated an operation to investigate, raid, and arrest more than 600 suspected sex offenders. The mission, Operation Protect the Innocent, was one of the largest such raids in years, involving over 64 agencies. According to the Los Angeles Police Department, it was coordinated…
SEC sues Covington law firm for names of 300 clients caught up in hack
Andrew Goudsward reports: The U.S. Securities and Exchange Commission has sued law firm Covington & Burling for details about nearly 300 of the firm’s clientsd whose information was accessed or stolen by hackers in a previously undisclosed cyberattack, court documents show. Hackers associated with the Hafnium cyber-espionage group, which has alleged ties to the Chinese…