Bianet reports: The Ministry of Interior filed a complaint against İbrahim Haskoloğlu, a journalist who shared ID cards allegedly belonging to President Recep Tayyip Erdoğan and National Intelligence Organization (MİT) Chair Hakan Fidan on Twitter. After the complaint, the İstanbul Chief Public Prosecutor’s Office launched an investigation against the journalist for “illegally obtaining personal information.”…
Joint Cybersecurity Advisory: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
From the Summary: The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) are issuing this joint Cybersecurity Advisory (CSA) to highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020….
Learning Opportunities from Ransomware and Redline Infostealer Events Inside America’s Universities
Britton White writes: After a university was recently hit with Ransomware, I decided to research the university’s domain name searching for any users who might have been hit with Redline Infostealer/Malware. To no surprise, I found many students had unknowingly had their saved browser credentials scraped (stolen/exfiltrated). It didn’t take long to find a student…
Conti’s Ransomware Toll on the Healthcare Industry
Brian Krebs reports: Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other…
TX: Dayton Independent School District reports breach
No significant details on this one yet, but Dayton Independent School District in Texas notified the Texas Attorney General’s Office that 841 Texans were notified by mail on April 14 of a data breach that involved names and Social Security Numbers. DataBreaches.net has emailed the district to ask for details and will update this post…
GitHub: Attacker breached dozens of orgs using stolen OAuth tokens
Sergiu Gatlan reports: GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, 2022, the threat actor has already accessed and stolen data from dozens of victim organizations using Heroku and Travis-CI-maintained OAuth apps, including…