If Herman’s Hermits sang about the latest development in the Sea Mar Community Health Center data breach, they’d probably sing: Third verse, same as the first A little bit louder and a whole lot worse Last month, DataBreaches.net reported that Sea Mar Community Health Center in Washington state had been sued in November, weeks after…
Sodinokibi/REvil Ransomware Defendant Extradited to United States and Arraigned in Texas
There’s an update to a case previously noted in November. From the DOJ today: A man charged with conducting ransomware attacks against multiple victims, including the July 2021 attack against Kaseya, made his initial appearance and was arraigned today in the Northern District of Texas. According to an August 2021 indictment, Yaroslav Vasinskyi, 22, accessed…
Russian government sites hacked in supply chain attack
Sergiu Gatlan reports: Russia says some of its federal agencies’ websites were compromised in a supply chain attack on Tuesday after unknown attackers hacked the stats widget used to track the number of visitors by multiple government agencies The list of sites impacted in the attack includes the websites of the Energy Ministry, the Federal…
China state-backed hackers compromised networks of at least 6 U.S. state governments, research finds
Arjun Kharpal reports: A Chinese state-sponsored hacking group successfully compromised the computer networks of at least six U.S. state governments between May 2021 and February this year, according to research published by cybersecurity firm Mandiant on Tuesday. The group, known as APT41, allegedly exploited vulnerabilities in web applications to get their initial foothold into state government networks, Mandiant said….
Update: Central Indiana Orthopedics notifying 83,705 of October data breach
In October, 2021, this site reported that Central Indiana Orthopedics (CIO) had promptly disclosed a data security incident involving Grief threat actors. This week, CIO’s external counsel notified the Maine Attorney General’s Office about the incident, reporting that 83,705 patients were impacted, total. Types of information involved included name, address, Social Security number, and limited…
Belarus conducted widespread phishing campaigns against Ukraine, Poland, Google says
Joseph Menn reports: Belarus conducted widespread phishing attacks against members of the Polish military as well as Ukrainian officials, security researchers said Monday, providing more evidence that its role in Russia’s invasion of Ukraine has gone beyond serving as a staging area for Russian troops. Google’s threat-hunting team released details of the tricks deployed against…