Category: Cyber-Crime
Julian Assange will be freed but must claim guilt: What it means for journalism
Wikileaks founder, publisher, journalist and DiEM25 founding member, Julian Assange, will reportedly enter into a plea deal with the United States prosecutors and be sentenced with time served.
Four FIN9 hackers indicted for cyberattacks causing $71M in losses
Four Vietnamese nationals linked to the international cybercrime group FIN9 have been indicted for their involvement in a series of computer intrusions that caused over $71 million in losses to companies in the U.S. The defendants, identified as Ta Van Tai, Nguyen Viet Quoc, Nguyen Trang Xuyen, and Nguyen Van Truong, carried out their cybercrimes from May 2018 until October 2021,…
Canada’s anti-money laundering agency offline after cyberattack
The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has announced that a “cyber incident” forced it to take its corporate systems offline as a precaution. FINTRAC is a government agency in Canada that operates as the country’s financial intelligence unit. It is engaged in money laundering investigations, tracking millions of suspicious transactions annually and making thousands of disclosures…
Foreign Affairs: Spying From Space
In 2023, the Department of Defense announced an ambitious plan to launch 1,000 satellites over the next decade. Over the same period, the National Reconnaissance Office, which runs the country’s spy satellites, plans to quadruple the size of its fleet of a couple dozen satellites. The U.S. government can expand its fleet this quickly because satellites have become…
FTC orders Blackbaud to boost security after massive data breach
Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. Blackbaud is a U.S.-based company listed on NASDAQ with operations in multiple countries and a provider of cloud-based donor data management software catering to nonprofit organizations,…
23andMe says hackers accessed ‘significant number’ of files about users’ ancestry
Genetic testing company 23andMe announced on Friday that hackers accessed around 14,000 customer accounts in the company’s recent data breach. In a new filing with the U.S. Securities and Exchange Commission published Friday, the company said that, based on its investigation into the incident, it had determined that hackers had accessed 0.1% of its customer base. According to the company’s most recent…
Norton Healthcare discloses data breach following May ransomware attack
Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. Norton Healthcare serves adult and pediatric patients in more than 40 clinics and hospitals across Greater Louisville, Southern Indiana, and the Commonwealth of Kentucky. With over 20,000 employees, more than 1,750 employed medical providers, and over 3,000 total…
23andMe updates user agreement to prevent data breach lawsuits
As Genetic testing provider 23andMe faces multiple lawsuits for an October credential stuffing attack that led to the theft of customer data, the company has modified its Terms of Use to make it harder to sue the company. In October, a threat actor attempted to sell 23andMe customer data and, after failing to do so, leaked the data for 1 million…
Hackers breach US water facility via exposed Unitronics PLCs
CISA (Cybersecurity & Infrastructure Security Agency) is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers (PLCs) exposed online. PLCs are crucial control and management devices in industrial settings, and hackers compromising them could have severe repercussions, such as water supply contamination through manipulating the device to alter chemical dosing. Other risks include service…
US seizes Sinbad crypto mixer used by North Korean Lazarus hackers
The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. A cryptocurrency mixer is a server that allows people to deposit crypto, which is mixed among many different wallet addresses to help prevent it from being accurately traced. The mixing service takes a…
Healthcare giant Henry Schein hit twice by BlackCat ransomware
American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October. Henry Schein is a Fortune 500 healthcare products and services provider with operations and affiliates in 32 countries and a revenue of over $12 billion reported in 2022. It first disclosed on October 15 that it…
Welltok data breach exposes data of 8.5 million US patients
Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service providers across the U.S., maintaining online wellness programs, holding databases with personal patient data, generating predictive analytics,…
Hacktivists breach U.S. nuclear research lab, steal employee data
The Idaho National Laboratory (INL) confirms they suffered a cyberattack after ‘SiegedSec’ hacktivists leaked stolen human resources data online. INL is a nuclear research center run by the U.S. Department of Energy that employs 5,700 specialists in atomic energy, integrated energy, and national security. The INL complex extends over an 890-square-mile (2,310 km2) area, encompassing 50 experimental nuclear reactors, including…
Canadian government discloses data breach after contractor hacks
The Canadian government says two of its contractors have been hacked, exposing sensitive information belonging to an undisclosed number of government employees. These breaches occurred last month and impacted Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, both providers of relocation services to Canadian government employees. Government-related information stored on compromised BGRS and SIRVA Canada systems dates…
Ethereum feature abused to steal $60 million from 99K victims
Malicious actors have been abusing Ethereum’s ‘Create2’ function to bypass wallet security alerts and poison cryptocurrency addresses, which led to stealing $60,000,000 worth of cryptocurrency from 99,000 people in six months. This is reported by Web3 anti-scam specialists at ‘Scam Sniffer,’ who observed several cases of in-the-wild exploitation of the function, in some cases losses incurred by one individual reaching…
Boeing Faces Cybersecurity Crisis: Lockbit Ransomware Attack Exposes Sensitive Data Amid Citrix Vulnerability Concerns
Boeing, a prominent aerospace manufacturer and defense contractor, found itself targeted by the Lockbit ransomware group at the end of October. This cybercriminal organization claimed responsibility for infiltrating Boeing’s systems and asserted that it had obtained a substantial amount of sensitive data. The group threatened to disclose this information unless Boeing engaged with them before the initial deadline, initially set…