Sergiu Gatlan reports: Russia says some of its federal agencies’ websites were compromised in a supply chain attack on Tuesday after unknown attackers hacked the stats widget used to track the number of visitors by multiple government agencies The list of sites impacted in the attack includes the websites of the Energy Ministry, the Federal…
China state-backed hackers compromised networks of at least 6 U.S. state governments, research finds
Arjun Kharpal reports: A Chinese state-sponsored hacking group successfully compromised the computer networks of at least six U.S. state governments between May 2021 and February this year, according to research published by cybersecurity firm Mandiant on Tuesday. The group, known as APT41, allegedly exploited vulnerabilities in web applications to get their initial foothold into state government networks, Mandiant said….
Update: Central Indiana Orthopedics notifying 83,705 of October data breach
In October, 2021, this site reported that Central Indiana Orthopedics (CIO) had promptly disclosed a data security incident involving Grief threat actors. This week, CIO’s external counsel notified the Maine Attorney General’s Office about the incident, reporting that 83,705 patients were impacted, total. Types of information involved included name, address, Social Security number, and limited…
Belarus conducted widespread phishing campaigns against Ukraine, Poland, Google says
Joseph Menn reports: Belarus conducted widespread phishing attacks against members of the Polish military as well as Ukrainian officials, security researchers said Monday, providing more evidence that its role in Russia’s invasion of Ukraine has gone beyond serving as a staging area for Russian troops. Google’s threat-hunting team released details of the tricks deployed against…
MN: District 518 is investigating whether data was compromised when an employee’s email account was hacked
Kari Lucin reports: A District 518 employee’s email was hacked and an investigation is underway to determine whether any data was compromised. “At this point we don’t anticipate it to be a major data breach or a large issue, but we’re trying to ensure we do our due diligence on checking,” said Superintendent John Landgaard,…
Zywave seeks approval of $11 million data breach lawsuit settlement
It’s one thing to update a breach report with a notice of lawsuit settlement, but it’s another to realize you never covered the original breach at all. Let’s remedy that now. On February 27, 2021, Zywave and its subsidiary, Insurance Technologies Corp (ITC) suffered a data breach. From a press release by plaintiff’s counsel: Cybercriminals…