Jessica Lyons Hardcastle reports: False-flag cyberattacks represent a red line that even nation states like Russia and China don’t want to cross, according to Mandiant CEO Kevin Mandia. “It’s one of the last rules of the playground that a modern nation may not want to break because they don’t want everyone doing false flags,” he…
OpenSea Discord server hacked, increasing the risk of phishing scams
Ali Raza reports: OpenSea, a non-fungible token marketplace, has become the victim of a hack on its main Discord channel. The breach has allowed the threat actors to post fake announcements about partnerships between OpenSea and other projects. OpenSea shared a screenshot on May 6 showing the fake news about partnerships. The screenshot also contained a link…
Conti and Hive ransomware operations: Leveraging victim chats for insights
Kendall McKay and colleagues Paul Eubanks and Jaime Filson of Talos issued a report this week with some interesting insights. EXECUTIVE SUMMARY Through open-source research, we obtained and analyzed over four months of chat logs — more than 40 separate conversations — between Conti and Hive ransomware operators and their victims. The findings in this…
IKEA Canada confirms data breach involving personal information of approximately 95,000 customers
Chris Fox reports on an insider-wrongdoing breach that sounds like it was detected and stopped fairly quickly, but not before more than 90,000 customers could have had their data accessed. IKEA says that it has notified Canada’s privacy watchdog following a data breach involving the personal information of approximately 95,000 customers. In a statement provided…
Reward Offers for Information to Bring Conti Ransomware Variant Co-Conspirators to Justice
The Department of State is offering a reward of up to $10,000,000 for information leading to the identification and/or location of any individual(s) who hold a key leadership position in the Conti ransomware variant transnational organized crime group. In addition, the Department is also offering a reward of up to $5,000,000 for information leading to…
Two States Enact Insurance Data Security Laws
Hunton Andrews Kurth writes: In April 2022, two states enacted insurance data security legislation based on the National Association of Insurance Commissioners (“NAIC”) Insurance Data Security Model Law (MDL-668). Kentucky Governor Andy Beshear signed HB 474 into law on April 8, 2022, and Maryland Governor Larry Hogan signed SB 207 into law on April 21, 2022. The new laws establish…