Lindsey O’Donnell-Welch writes: A ransomware operator has continually rebranded itself over the past year in order to evade detection, while launching cyberattacks on critical infrastructure across several industries. Researchers with Mandiant detailed a threat group called UNC2190, which is an operator behind an affiliate ransomware program. Since June, researchers said they have observed the group targeting…
Yanluowang ransomware operation matures with experienced affiliates
Ionut Ilascu reports: An affiliate of the recently discovered Yanluowang ransomware operation is focusing its attacks on U.S. organizations in the financial sector using BazarLoader malware in the reconnaissance stage. Based on observed tactics, techniques, and procedures, the threat actor is experienced with ransomware-as-a-service (RaaS) operations and may be linked with the Fivehands group. Read more on…
Hackers plant card-stealing malware on website that sells baron and duke titles
Catalin Cimpanu reports: A threat actor has hacked the website of the Principality of Sealand, a micronation in the North Sea, and planted malicious code on its web store, which the government is using to sell baron, count, duke, and other nobility titles. Called a “web skimmer,” the malicious code allowed the hackers to collect…
Kentucky Energy and Environment Cabinet announces data security breach
Seth Austin reports: The Kentucky Energy and Environment Cabinet (EEC) announced they discovered a data security breach on September 8, 2021. According to EEC, unredacted mining permit applications containing some mine owners’ and controllers’ personal information was available for public inspection at Department of Natural Resources’ field offices and on an EEC hosted website. Internal…
OH: Bay Village school district accidentally releases students’ personal info, including grades, to all families
Ian Cross reports: Personal information for the entire Bay Village High School senior class, including grades, student ID numbers and test scores, was accidentally emailed to the families of each senior last week, according to a notice sent to families in the district. At about 8:53 a.m. on Tuesday, Nov. 23, a Bay High School…
IL: Evanston Township High School Defrauded Of $48,570 In Hack That Exposed 1,139 Identities
Jonah Meadows reports: Evanston Township High School officials got scammed out of more than $48,000 during a monthslong data breach that also exposed the personal information of more than 1,100 Illinois residents, Patch has learned. The fraudulent payment was reported to Evanston police, and the data breach was disclosed to the Illinois Attorney General’s Office,…