There is yet another update in the investigation into a security breach involving the Philippine Commission on Elections (Comelec) vendor Smartmatic. As of April 1, Smartmatic had acknowledged a data leak, but said it had dealt with the problem and fired the employee involved. Now we learn that the National Bureau of Investigation (NBI) has…
LockBit ransomware gang lurked in a U.S. gov network for months
Bill Toulas reports: A regional U.S. government agency compromised with LockBit ransomware had the threat actor in its network for at least five months before the payload was deployed, security researchers found. Logs retrieved from the compromised machines showed that two threat groups had compromised them and were engaged in reconnaissance and remote access operations….
Montgomery County and Florida Women Convicted of Hacking One’s Former Employer and Attempting to Extort Them
PHILADELPHIA – United States Attorney Jennifer Arbittier Williams announced that Frances Marie Eddings, 68, of Orlando, FL, and Jude Denis, 54, of Wyncote, PA, were convicted after trial in the Allentown Federal Courthouse of accessing a computer system without authorization for pecuniary gain from a non-profit charity organization. In September 2019, the defendants were charged…
RaidForums seized in Operation TOURNIQUET; forum’s administrator and two accomplices arrested
From Europol, today: The illegal marketplace ‘RaidForums’ has been shut down and its infrastructure seized as a result of Operation TOURNIQUET, a complex law enforcement effort coordinated by Europol to support independent investigations of the United States, United Kingdom, Sweden, Portugal, and Romania. The forum’s administrator and two of his accomplices have…
Singapore to license pentesters and managed infosec operators
Laura Dobberstein reports: Cybersecurity service providers must for licenses to operate in Singapore, under new regulations launched by the country’s Cyber Security Agency (CSA) on Monday. The new licensing framework requires vendors that offer penetration testing, and/or managed security operations centers (SOC) to get a licenses, in recognition that they access customers’ systems and therefore pose a…
Cops: ‘Ethical Hacker’ Was Anything But
John Johnson reports: Police say a tech expert listed as a “certified ethical hacker” on LinkedIn fell a wee bit short in the ethics department while working with a senior citizen. The Clearwater Police Department says 27-year-old Aaron Daniel Motta robbed nearly $600,000 in cryptocurrency from a customer who hired Motta to set up tech…