Alexander Martin reports: A suspected ransomware attack on Miljödata, a Swedish software provider used for managing sick leave and similar HR reports, is believed to have impacted around 200 of the country’s municipal governments. The attack was detected on Saturday, according to the company’s chief executive Erik Hallén. The attackers are attempting to extort Miljödata,…
Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks
It looks like ShinyHunters and Scattered Spider have found yet another way to compromise Salesforce customers. Lawrence Abrams reports: Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. Salesloft’s SalesDrift is a third-party platform that connects…
DOGE accused of copying entire Social Security database to insecure cloud system
Jon Brodkin reports: A Social Security Administration (SSA) official alleged in a whistleblower disclosure that DOGE officials created “a live copy of the country’s Social Security information in a cloud environment that circumvents oversight.” Chuck Borges, the SSA’s Chief Data Officer (CDO), “has become aware through reports to him of serious data security lapses, evidently…
OH: West Chester Township investigates second cyberattack this month
Brian Hamrick reports: West Chester Township is dealing with the fallout of a second cyber-attack this month. On Tuesday morning, cyber attackers the township calls a “malicious group” struck, targeting the email server. ”At approximately 6:45 a.m., we were notified of a potential cyber-attack and data breach,” said West Chester Township public information officer Brianna…
Church of England alleged to have breached abuse survivors’ data
Tim Sigsworth, Fiona Parker, and Janet Eastham report: The Church of England is investigating claims it breached the personal data of almost 200 abuse survivors. An official is reported to have failed to conceal the contact details of applicants to a compensation scheme in an email. Unredacted names, email addresses and personal data were therefore visible to other recipients,…
Cyberattack on Israeli ‘kosher’ internet provider
Kosher Israeli internet provider, Internet Rimon, which provides Internet filtering services for the religious and haredi sectors, was hacked by an Iranian cyberattack group. Moshe Lampert reports: On Saturday night Iranian hackers, known as the “Promised Revenge,” hacked the Rimon Internet Provider, which provides Internet filtering services for the religious and haredi sectors. The incident…