An Alabama man was arrested today by the FBI for his suspected role in hacking the SEC's X account to make a fake announcement that Bitcoin ETFs were approved. The Department of Justice said that 25-year-old Eric Council, of Alabama, and conspirators conducted a SIM-swap attack to take over the identity of the person in charge of SEC's X account. The SEC's X account was hacked on January 9th, 2024, to tweet that it had finally approved Bitcoin ETFs to be listed on stock exchanges. READ MORE...
US insurance provider Globe Life, already grappling with legal troubles, now faces a fresh headache: an extortion attempt involving stolen customer data. In a report to the US Securities and Exchange Commission published today, Globe Life said it was recently contacted by an unknown threat actor asking for money in exchange for not publishing "certain information held and used by the Company and its independent agents." READ MORE...
California network of health centers Omni Family Health is notifying close to 470,000 individuals that their personal information was stolen in a cyberattack earlier this year. The data breach, Omni says, was discovered on August 7, after learning that threat actors had posted on the dark web data allegedly stolen from its network. The leaked information, the healthcare provider says, pertains to current and former patients and employees. READ MORE...
Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being "USDoD," a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI's InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population. READ MORE...
North Korean IT professionals who trick Western companies into hiring them are stealing data from the organization's network and asking for a ransom to not leak it. Dispatching IT workers to seek employment at companies in wealthier nations is a tactic that North Korea has been using for years as a means to obtain privileged access for cyberattacks or to generate revenue for the country's weapons programs. READ MORE...
Attackers have tried to deliver wiper malware to employees at organizations across Israel by impersonating cybersecurity company ESET via email. The attack took the form of a phishing email ostensibly sent by the "Eset Advanced Threat Defense Team", warning that state-backed hackers have tried compromising the target's device(s). The email was posted on ESET Security Forum's on October 8 by a recipient asking for confirmation that it was a phishing attempt. READ MORE...
The Internet Archive, a nonprofit digital library website, is beginning to come back online after a data breach and distributed denial-of-service (DDoS) attacks, prompting a week of its systems going offline. Founded in 1996 by Brewster Kahle, the archive offers users free access to a historical Web collection, known as the Wayback Machine. This including access to more than 150 billion webpages, nearly 250,000 movies, 500,000 audio items, and more. READ MORE...
Hong Kong police arrested 27 people Monday for their involvement in a deepfake scam operation, stealing $46 million from the scam's victims. The scammers used AI face-swapping technology to create female personas for online dating, using tools to alter their appearance and voices. They then contacted their victims via social media platforms using these AI-generated photos of people with made-up personalities, occupations, and backgrounds. READ MORE...
Since Redbox went bankrupt, many have wondered what will happen to those red kiosks and DVDs. Another question worth examining is: What will happen to all the data stored inside the Redboxes? Redbox parent company Chicken Soup for the Soul filed for Chapter 7 bankruptcy in June and is in the process of liquidating its assets. Meanwhile, stores with Redboxes are eager to remove the obsolete hardware. READ MORE...
Microsoft on Thursday warned of a recently patched macOS vulnerability potentially being exploited in adware attacks. The issue, tracked as CVE-2024-44133, allows attackers to bypass the operating system's Transparency, Consent, and Control (TCC) technology and access user data. Apple addressed the bug in macOS Sequoia 15 in mid-September by removing the vulnerable code, noting that only MDM-managed devices are affected. READ MORE...