Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks
Krebs on Security | Data Breaches
by BrianKrebs
1w ago
At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain. Until this past weekend, Squarespace’s website had an option to log in via email. The Squarespace domain hijacks, which took place between July 9 and July 12, appear ..read more
Visit website
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested
Krebs on Security | Data Breaches
by BrianKrebs
1M ago
A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today reports the suspect was wanted by the FBI and arrested in Palma de Mallorca as he tried to board a flight to Italy. A still frame from a video released by the Spanish national police shows Tylerb in custody at the airport. “He stands accused of hacking into corporate accounts and stealing critical infor ..read more
Visit website
Who Stole 3.6M Tax Records from South Carolina?
Krebs on Security | Data Breaches
by BrianKrebs
3M ago
For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card records from big box retailers like Home Depot and Target in the years that followed. Questions about who stole tax and financial data on rou ..read more
Visit website
Why CISA is Warning CISOs About a Breach at Sisense
Krebs on Security | Data Breaches
by BrianKrebs
3M ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening. New York City based Sisense has more than a thousand customers across a range of industry verticals, including financial services, tele ..read more
Visit website
BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare
Krebs on Security | Data Breaches
by BrianKrebs
5M ago
There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV“) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change’s network says the crime gang cheated them out of their share of the ransom, and that they still have the sensitive data Change reportedly paid the group to destroy. Meanwhile, the affiliate’s disclosure appears t ..read more
Visit website
Fulton County, Security Experts Call LockBit’s Bluff
Krebs on Security | Data Breaches
by BrianKrebs
5M ago
The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming the county had paid. But county officials said they did not pay, nor did anyone make payment on their behalf. Security experts say LockBit was likely bluffing and probably lost most of the data when the gang’s servers were seized this month by U.S. and U.K. law enforcement. The LockBit website included a countdown ..read more
Visit website
New Leak Shows Business Side of China’s APT Menace
Krebs on Security | Data Breaches
by BrianKrebs
5M ago
A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry. A marketing slide deck promoting i-SOON’s Advanced Persistent Threat (APT) capabilities. A large cache of more than 500 documents published to GitHub last week indicate the records come from i-SOON, a techno ..read more
Visit website
U.S. Internet Leaked Years of Internal, Customer Emails
Krebs on Security | Data Breaches
by BrianKrebs
5M ago
The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser. Headquartered in Minnetonka, Minn., U.S. Internet is a regional ISP that provides fiber and wireless Internet service ..read more
Visit website
Arrests in $400M SIM-Swap Tied to Heist at FTX?
Krebs on Security | Data Breaches
by BrianKrebs
6M ago
Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just filed for bankruptcy on that same day. A graphic illustrating the flow of more than $400 million in cryptocurrencies stolen from FTX on Nov. 11-12, 2022. Image: Elliptic.co. An indictment unsealed this week and first reported on by Ars Technica alleges that Chicago man Robert Powell, a.k.a. “R,” “R$” a ..read more
Visit website
Okta: Breach Affected All Customer Support Users
Krebs on Security | Data Breaches
by BrianKrebs
8M ago
When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users. Okta acknowledged last month that for several weeks beginning in late September 2023, intruders had access to its customer support case management system. That access allowed ..read more
Visit website

Follow Krebs on Security | Data Breaches on FeedSpot

Continue with Google
Continue with Apple
OR