Information Management Today

Phishers Spoof USPS, 12 Other Natl’ Postal Services

Krebs on Security

OCTOBER 9, 2023

The fake USPS phishing page. The landing page generated by the phishing link includes the USPS logo, and says “Your package is on hold for an invalid recipient address. ” Below that message is a “Click update” button that takes the visitor to a page that asks for more information.

Phishing

Phishing Analytics Passwords Government

FBI Seizes BreachForums Website

Schneier on Security

MAY 17, 2024

The seizure messages include ways to contact the FBI about the seizure, including an email, a Telegram account, a TOX account, and a dedicated page hosted on the FBI’s Internet Crime Complaint Center (IC3). “From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc

Ransomware

Ransomware Access IT Data breaches

Alleged Extortioner of Psychotherapy Patients Faces Trial

Krebs on Security

NOVEMBER 16, 2023

In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calling in bomb threats.

Data breaches

Data breaches Archiving Passwords Information Security

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

Krebs on Security

OCTOBER 14, 2021

The Missouri state Department of Elementary and Secondary Education (DESE) reportedly removed the affected pages from its website Tuesday after being notified of the problem by the publication (before the story on the flaw was published). This individual did not have permission to do what they did.

Security

Security Education Computer and Electronics Access

How to Package and Price Embedded Analytics

Just by embedding analytics, application owners can charge 24% more for their product. How much value could you add? This framework explains how application enhancements can extend your product offerings. Brought to you by Logi Analytics.

Analytics

Global Data Breaches and Cyber Attacks in 2024

IT Governance

FEBRUARY 5, 2024

29,530,829,012 known records breached so far in 4,645 publicly disclosed incidents Welcome to our 2024 data breaches and cyber attacks page, where you can find an overview of the year’s top security incidents, the most breached sectors of 2024, month-on-month trends, links to our monthly reports, and much more. Our 2023 overview is here.

Data breaches

Data breaches Security Government Personal data

“My Slice”, an Italian adaptive phishing campaign

Security Affairs

JANUARY 22, 2024

“My slice”, the details of the Italian campaign Last year, a highly targeted phishing campaign that I renamed “My slice” (derived from the name of a variable in the javascript code of the landing page) targeted e-mail account holders of Italian organisations. This would prevent e-mails from being sent and received.

Phishing

Phishing Education Cybersecurity Data breaches

Law enforcement operation dismantled phishing-as-a-service platform LabHost

Security Affairs

APRIL 18, 2024

Law enforcement from 19 countries participated in the operation which resulted in the arrest of 37 individuals. Four individuals, including the original developer of LabHost, were arrested in the United Kingdom. The phishing-as-a-service platform was available on the clear web and has been shut down by the police.

Phishing

Phishing Passwords Authentication IT

France Travail data breach impacted 43 Million people

Security Affairs

MARCH 16, 2024

On August 2023, the French government employment agency Pôle emploi suffered a data breach and notified 10 million individuals impacted by the security breach. The security breach exposed the surnames, first names and social security numbers of impacted individuals.

Data breaches

Data breaches Personal data Ransomware GDPR

FBI seized the notorious BreachForums hacking forum

Security Affairs

MAY 15, 2024

The authorities also seized the Telegram page for the hacking forum The website currently displays a message that informs visitors it was seized by law enforcement. The man has been charged with soliciting individuals with the purpose of selling unauthorized access devices. In March 2023, U.S.

Access

Access IT Information Security Security

You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results

Krebs on Security

APRIL 29, 2022

“When we receive removal requests, we will evaluate all content on the web page to ensure that we’re not limiting the availability of other information that is broadly useful, for instance in news articles,” Chang wrote. The login page for perhaps the most bustling cybercrime store for stolen payment card data.

Search queries

Search queries Retail Government Marketing

Feds Charge NY Man as BreachForums Boss “Pompompurin”

Krebs on Security

MARCH 17, 2023

The sales thread initially said the data included the names, Social Security numbers, dates of birth, health plan and enrollee information and more on 170,000 individuals, although the official notice about the breach says 56,415 people were affected. that suffered a data breach this month. In April 2022, U.S.

Sales

Sales Data breaches Insurance Access

New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments

Krebs on Security

APRIL 10, 2020

The IRS says the Economic Impact Payment will be $1,200 for individual or head of household filers, and $2,400 for married filing jointly if they are not a dependent of another taxpayer and have a work eligible Social Security number with adjusted gross income up to: $75,000 for individuals. 112,500 for head of household filers and.

Computer and Electronics

Computer and Electronics IT Government Access

French employment agency Pôle emploi data breach impacted 10M people

Security Affairs

AUGUST 26, 2023

Pôle emploi, the French government employment agency suffered a data breach that impacted 10 million individuals. The French government employment agency Pôle emploi suffered a data breach and is notifying 10 million individuals impacted by the security breach.

Data breaches

Data breaches GDPR Personal data Government

Facebook Reveals Ongoing Political Influence Campaigns

Data Breach Today

AUGUST 1, 2018

Propaganda Efforts - and Adversary OPSEC - Continue to Improve, Experts Warn Facebook has suspended eight pages and 24 accounts for "coordinated inauthentic behavior" tied to apparent political influence campaigns ahead of an event in Washington. While Facebook declined to attribute the activities to specific individuals or groups, U.S.

China-linked RedAlpha behind multi-year credential theft campaign

Security Affairs

AUGUST 17, 2022

“In this activity, RedAlpha very likely sought to gain access to email accounts and other online communications of targeted individuals and organizations.” The domains some cases were hosting fake login pages for popular email providers such as Outlook and Zimbra. ” reads the report published by Recorded Future.

Phishing

Phishing Information Security Government Communications

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Krebs on Security

JUNE 22, 2023

“A link is provided (often only after the customer responds to the text) which takes you to a captcha page, followed by a fraudulent payment collection page.” . “We’ve seen many of our customers targeted with a fraudulent UPS text message scheme after placing an order,” Josh said. info , legodelivery[.]info

Phishing

Phishing Retail IT Communications

ShinyHunters member sentenced to three years in prison

Security Affairs

JANUARY 10, 2024

Raoult participated in extensive computer hacking that caused millions of dollars in losses to victim companies and unmeasurable additional losses to hundreds of millions of individuals whose data was sold to other criminals,” said Criminal Chief Sarah Vogel of the Western District of Washington. “Mr. Raoult’s motive was pure greed.

Sales

Sales Phishing Cloud Access

HHS: Online trackers without prior authorization and BAAs can violate HIPAA

Data Protection Report

DECEMBER 5, 2022

Department of Health and Human Services (HHS) issued a 12-page Bulletin titled “ Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates (the “Bulletin”). The Bulletin’s key section appears on page 5, after a description of these tracking technologies and how they work on both websites and mobile apps.

Privacy

Privacy Compliance Risk IoT

Navigating Compliance: Understanding India's Digital Personal Data Protection Act

Thales Cloud Protection & Licensing

MAY 8, 2024

Recognizing the importance of individuals' rights to data protection, the DPDP Act sets out obligations for organizations that handle citizens’ data while outlining the rights and duties of data principals or the persons to whom the data relates.

Personal data

Personal data Compliance Encryption Cloud

DEA Investigating Breach of Law Enforcement Data Portal

Krebs on Security

MAY 12, 2022

According to this page at the Justice Department website, LEIA “provides federated search capabilities for both EPIC and external database repositories,” including data classified as “law enforcement sensitive” and “mission sensitive” to the DEA. ” The DEA’s EPIC portal login page.

Authentication

Authentication Passwords Government Access

Weaponizing Apple AirTag to lure users to malicious sites

Security Affairs

OCTOBER 1, 2021

This generates a unique [link] page, which the Airtag info (i.e. In case an individual with an iPhone or Android device will find the missing Airtag, they can scan it using the NFC and opens the Airtag’s unique [link] page on their device. This opens up the generated [link] page.

Phishing

Phishing Authentication IT Access

CISA warns of disruptive attacks amid the anniversary of Russia’s invasion of Ukraine

Security Affairs

FEBRUARY 24, 2023

Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations and individuals to increase vigilance. “CISA urges organizations and individuals to increase their cyber vigilance in response to this potential threat.” ” reads the Shields Up page setup by the U.S. ” reads the alert.

Cybersecurity

Cybersecurity Government Security IT

Mozilla fixed a critical zero-day in Firefox and Thunderbird

Security Affairs

SEPTEMBER 13, 2023

The vulnerability is a heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187, The vulnerability allowed a remote attacker to perform an out-of-bounds memory write via a crafted HTML page leading to arbitrary code execution. “Opening a malicious WebP image could lead to a heap buffer overflow in the content process.

Cybersecurity

Cybersecurity Security IT Information Security

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

MAY 30, 2023

This attack involves malicious Javascript that is added to one’s browser by dragging a component from a web page to one’s browser bookmarks. ” Searching on that Discord ID and username revealed a young Turkish coder named Berk Yilmaz whose Github page linked to the very same Discord ID as the scammer CEO.

Blockchain

Blockchain Phishing Authentication Access

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

NOVEMBER 2, 2023

The login page for the criminal reshipping service SWAT USA Drop. This page lists the rules of the service, which do not reimburse stuffers for “acts of god,” i.e. authorities seizing stolen goods or arresting the drop. On a suspicion that the login page for portal-ctsi[.]com A SWAT panel for stuffers/customers.

Marketing

Marketing Retail Blockchain Communications

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google experts are tracking ARCHIPELAGO since 2012 and have observed the group targeting individuals with expertise in North Korea policy issues. Upon clicking the link, the recipient is redirected to a phishing page that masquerades as a login prompt.

Phishing

Phishing Passwords Military Education

Easily shape your user journey with Collibra Homepage Editor

Collibra

MAY 3, 2023

Delivered as part of the February 2023 release, the Homepage Editor gives you the power to adapt your users’ journey to the individual needs of your organization. This action is persistent, so when the user reloads the page the introduction section stays closed.

Cloud

Cloud Access IT Government

A new Android malware used to spy on the Uyghur Community

Security Affairs

SEPTEMBER 6, 2022

If the device version is greater than 29, it opens the rd.pdf file present in the APK resources, which contains the cover page, the introduction of the book and the author, and a condolence letter. In this case, they are seen taking advantage of the Uyghur–Chinese conflict to target unsuspecting individuals.”

Government

Government IT Security Information Security

The Fake Browser Update Scam Gets a Makeover

Krebs on Security

OCTOBER 18, 2023

In August 2023, security researcher Randy McEoin blogged about a scam he dubbed ClearFake , which uses hacked WordPress sites to serve visitors with a page that claims you need to update your browser before you can view the content.

Blockchain

Blockchain Security awareness Security IT

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

An individual thought to be involved has earned accolades from the likes of Apple , Dell , and Microsoft for helping to find and fix security vulnerabilities in their products. Archived copies of talainine.com indicate the business was managed by two individuals, including someone named Yassine Algangaf. 001” Skype account.

Passwords

Passwords Manufacturing Security Data breaches

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

NOVEMBER 8, 2021

Perhaps tauntingly, Vasinskyi’s profile page also lists the FBI’s 1-800 tip line as his contact phone number. Department of State said it was offering a reward of up to $10 million for information leading to the identification or location of any individual holding a key leadership position in the REvil ransomware group.

Ransomware

Ransomware Passwords Systems administration IT

Councils let firms track visits to webpages on benefits and disability

The Guardian Data Protection

FEBRUARY 4, 2020

More than 400 local authorities allowed at least one third-party company to track individuals who visit their sites, an investigation has revealed. On Enfield borough council’s site, a page for people who need financial support for accommodation and food allowed 21 companies, including Google, to see who was visiting.

Education

Education Access Government Privacy

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

The Last Watchdog

JANUARY 11, 2022

NTT’s initiative suggests that a logical starting point is the individual patient — and not just with respect to diagnosing and treating serious illnesses. NTT is advocating the need for companies, governments and communities to get on the same page and start pulling in the same direction – on behalf of individual workers and citizens.

Big data

Big data Analytics Personal data Government

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

U-Admin was sold by an individual who used the hacker handle “ Kaktys ” on multiple cybercrime forums. Cybersecurity threat intelligence firm Intel 471 describes U-Admin as an information stealing framework that uses several plug-ins in one location to help users pilfer victim credentials more efficiently.

Phishing

Phishing Authentication Archiving Cybersecurity

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

The Last Watchdog

MAY 19, 2022

Wikipedia uses a CMS for textual entries, blog posts, images, photographs, videos, charts, graphics, and “ talk pages ” that help its many contributors collaborate. You also don’t want unscrupulous individuals to download your content in bulk or re-host it on their own websites without permission. Gierlinger.

CMS

CMS Security Encryption Data breaches

Hackers behind Twilio data breach also targeted Cloudflare employees

Security Affairs

AUGUST 10, 2022

“ While individual employees did fall for the phishing messages, we were able to thwart the attack through our own use of Cloudflare One products , and physical security keys issued to every employee that are required to access all our applications.” ” reads the announcement published by Cloudflare.

Data breaches

Data breaches Phishing Access Passwords

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

MARCH 20, 2023

“An individual’s CPNI can be shared with other telecommunications providers for network operating reasons,” wrote TechTarget’s Gavin Wright. “So, when the individual first signs up for phone service, this information is automatically shared by the phone provider to partner companies.”

Customer Experience

Customer Experience Privacy Data collection Marketing

Iranian State-Sponsored Hacking Attempts

Schneier on Security

JULY 13, 2021

Interesting attack : Masquerading as UK scholars with the University of London’s School of Oriental and African Studies (SOAS), the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information.

Phishing

Phishing Cybersecurity

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

Security Affairs

NOVEMBER 13, 2023

Sapphire Sleet sent weaponized attachments directly or used links to pages hosted on legitimate websites like GitHub. Once established communication with the victims, the threat actors move it to other platforms, like instant messaging apps or email.

IT

IT Blockchain Communications Security

Experts warn of OSS supply chain attacks against the banking sector

Security Affairs

JULY 24, 2023

The experts noticed that the contributor behind the malicious packages was linked to a LinkedIn profile page of an individual that was posing as an employee of the victim. The attackers created fake LinkedIn profiles to get in touch with the victims’ employees and used for each target a specific C2.

IT

IT Security Information Security

Data Breaches and Cyber Attacks in October 2023 – 867,072,315 Records Breached

IT Governance

NOVEMBER 3, 2023

Introducing our Data Breach Dashboard We’re excited to introduce our new monthly Data Breach Dashboard – a one-page overview of this month’s key findings that you can download for free. We’ll add the link to this page, so please bookmark it and return to check out the Dashboard. 53% notified affected individuals.

Data breaches

Data breaches Insurance Ransomware Education

German police identified a gang that stole €4 million via phishing attacks

Security Affairs

OCTOBER 2, 2022

German police arrested one individual suspected of having stolen €4 million from users via large-scale phishing campaigns. Germany’s Bundeskriminalamt (BKA) arrested an individual (24) suspected of having stolen €4,000,000 from internet users via phishing attacks along with a two accomplices who are suspected.

Phishing

Phishing Authentication Security Access

Microsoft seized the US infrastructure of the Storm-1152 cybercrime group

Security Affairs

DECEMBER 14, 2023

Storm-1152 operates illicit websites and social media pages, selling fake Microsoft accounts and tools to bypass identity verification software on popular technology platforms. The individuals developed and operated the websites, they also published video tutorials on how to use their products and provided chat services to their customers.

Sales

Sales Ransomware Marketing IT

Phishers Spoof USPS, 12 Other Natl’ Postal Services

FBI Seizes BreachForums Website

Webinars

Trending Sources

Alleged Extortioner of Psychotherapy Patients Faces Trial

Webinars

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

How to Package and Price Embedded Analytics

Global Data Breaches and Cyber Attacks in 2024

“My Slice”, an Italian adaptive phishing campaign

Law enforcement operation dismantled phishing-as-a-service platform LabHost

France Travail data breach impacted 43 Million people

FBI seized the notorious BreachForums hacking forum

You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results

Feds Charge NY Man as BreachForums Boss “Pompompurin”

New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments

French employment agency Pôle emploi data breach impacted 10M people

Facebook Reveals Ongoing Political Influence Campaigns

China-linked RedAlpha behind multi-year credential theft campaign

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

ShinyHunters member sentenced to three years in prison

HHS: Online trackers without prior authorization and BAAs can violate HIPAA

Navigating Compliance: Understanding India's Digital Personal Data Protection Act

DEA Investigating Breach of Law Enforcement Data Portal

Weaponizing Apple AirTag to lure users to malicious sites

CISA warns of disruptive attacks amid the anniversary of Russia’s invasion of Ukraine

Mozilla fixed a critical zero-day in Firefox and Thunderbird

Discord Admins Hacked by Malicious Bookmarks

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Easily shape your user journey with Collibra Homepage Editor

A new Android malware used to spy on the Uyghur Community

The Fake Browser Update Scam Gets a Makeover

French Firms Rocked by Kasbah Hacker?

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Councils let firms track visits to webpages on benefits and disability

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

Hackers behind Twilio data breach also targeted Cloudflare employees

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Iranian State-Sponsored Hacking Attempts

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

Experts warn of OSS supply chain attacks against the banking sector

Data Breaches and Cyber Attacks in October 2023 – 867,072,315 Records Breached

German police identified a gang that stole €4 million via phishing attacks

Microsoft seized the US infrastructure of the Storm-1152 cybercrime group

Stay Connected