Amitai Ben Shushan Ehrlick reports: SentinelLabs has been tracking the activity of Agrius, a suspected Iranian threat actor operating in the Middle East, throughout 2020 and 2021 following a set of destructive attacks starting December 2020. Since we last reported on this threat actor in May 2020, Agrius lowered its profile and was not observed conducting destructive…
Transnational fraud ring stole millions from Army members, veterans
Sergiu Gatlan reports: Fredrick Brown, a former U.S. Army contractor, was sentenced today to 151 months in prison after admitting to his role in a conspiracy that targeted thousands of U.S. service members and veterans and caused millions of dollars in losses. Brown was one of five fraudsters charged with carrying out an identify-theft and…
Barclays Hacked by Cyberthieves Using Monzo Account, PISP
PYMNTS reports: Millions of pounds were swiped from Barclays accounts in a series of coordinated cyberattacks by a fraudster using a Monzo account and a payments initiation service provider (PISP), The Telegraph reported. PISPs are a newer concept, introduced by the revised European Payment Services Directive (PSD2), and give retail customers the ability to pay companies directly…
When the charm offensive didn’t work, threat actors just opted to be offensive
In 2020, those of us who report on ransomware attacks witnessed what some described as a “charm offensive” — spokespeople for ransomware groups granting interviews to journalists in which the threat actors tried to make themselves sound like professionals who have an ethics code and who are just trying to provide for their families. Those…
City of Dallas calls IT protocols ‘inadequate’ in 131-page report on police data loss
Ryan Osborne reports: Dallas’ city information technology department sent a 131-page report to city council on Thursday, detailing the massive data loss involving police records earlier this year and attributing the issue to “inadequate” protocols among IT staff. The report confirmed that 22 terabytes of data, involving more than 8 million records, were deleted in…
Why doesn’t Ohio notify victims of unemployment fraud or allow residents to check if they’ve been scammed?
Why doesn’t Ohio notify victims of unemployment fraud or allow residents to check if they’ve been scammed? It’s a reasonable question, and I doubt you’ll like the state’s answer.