This is a multi-part interview with the individual known as “Nam3L3ss” who leaked more than 100 databases on a popular hacking forum and will soon be leaking many more. Read the Preface. In Part 1, we talked about his background and what motivated him to do what he does. In Part 2, we talked about…
New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA
Bill Toulas reports: A new Microsoft 365 phishing-as-a-service platform called “FlowerStorm” is growing in popularity, filling the void left behind by the sudden shutdown of the Rockstar2FA cybercrime service. First documented by Trustwave in late November 2024, Rockstar2FA operated as a PhaaS platform facilitating large-scale adversary-in-the-middle (AiTM) attacks targeting Microsoft 365 credentials. The service offered advanced evasion mechanisms, a user-friendly…
The Fine Line Between Ideology and Crime: Understanding the True Purpose of Dragon Ransomware – The Interview
Over on SuspectFile, Marco A. De Felice writes: This interview provides a detailed look at Dragon Ransomware, a group active in the cybercrime landscape that combines a defined organizational structure with advanced technological expertise. Their statements shed light on operational elements and motivations that help to better understand the internal dynamics of these illicit activities….
Tracker firm Hapn spilled names of thousands of GPS tracking customers
Zack Whittaker reports: GPS tracking firm Hapn exposed the names of thousands of its customers due to a website bug, TechCrunch has learned. A security researcher alerted TechCrunch in late November to customer names and affiliations — such as the name of their workplace — spilling from one of Hapn’s servers, which TechCrunch has seen….
Douglas County Health & Human Services notifies patients that former employee accessed their records inappropriately
Alex Evans reports: Unauthorized access of HIPAA-protected information by county employee, largely flies under the radar. Six-months after the Douglas County Department of Health and Human Services determined an employee had accessed protected personal and health information without authorization, a notice appeared on the county’s website. That notice can be found here. Fox21 reports some…
Ascension cyberattack exposed personal data of 5.6 million people
Sarah Volpenhein reports: Nearly 5.6 million people were affected in the ransomware attack that hit Ascension in May, the national health system now says. Until now, the health system had not publicly disclosed the total number of people affected by the May ransomware attack that compromised patient data and ultimately caused major disruptions to patient…