Greenbelt, Maryland – A website operating as a marketplace for over 5.85 million records of personally identifying information (PII) was seized today by Portuguese authorities and a federal criminal complaint charging the website’s alleged operator has been unsealed. Law enforcement in the U.S. has also seized four domains used by the website: “wt1shop.net,” “wt1store.cc,” “wt1store.com,”…
CSA Alert (AA22-249A) #StopRansomware: Vice Society
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to…
URLs Are NOT Passwords, and Sadly, That Needed to Be Said (Stolowitz vs. Nuance Communications)
In 2014, Nuance Communications discovered that anyone could access protected health information on one of its platforms. After the situation persisted for years, a former employee decided to submit a whistleblower complaint to HHS. For his efforts, he spent more than one year fending off threatened federal hacking charges, even though no hacking was involved….
Cyberattack takes down L.A. Unified operations. Schools will open on Tuesday
Updated Sept. 8: Vice Society has claimed responsibility for the attack. As Jeremy Kirk commented, it was somewhat expected given that CISA published an advisory about Vice Society after the attack. Original post: Howard Blume reports: A cyberattack brought down the computer systems of the Los Angeles Unified School District over the weekend, but officials…
EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web
Seen on Resecurity’s blog: a reminder that our current defenses fall rapidly as nimble criminals find a work-around and that some developments enable second-tier or less sophisticated attackers to punch above their weight: Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate…
UK: ICO acting against eight individuals over alleged theft of road traffic accident data from garages
August 30 – The Information Commissioner’s Office (ICO) has commenced criminal proceedings against eight individuals over the alleged unlawful accessing and obtaining of people’s personal information from vehicle repair garages to generate potential leads for personal injury claims. The alleged activity took place across the UK between 1 December 2014 and 30 November 2017. The…