Threat intelligence analysts, incident responders, and federal law enforcement alike all seem to know all about the threat group with an array of monikers - The Com, Scattered Spider, Muddled Libra, UNC3944, Starfraud, and Octo Tempest, among others. So why is the group (which was behind the MGM Resorts and Caesars Entertainment hacks) still successfully attacking US organizations with impunity, with no disruptions to date? READ MORE...
Stanley Steemer International was the target of an external hack that impacted almost 67,000 customers, according to a consumer breach notification posted Wednesday with the Maine Attorney General's office. The Dublin, Ohio-based carpet cleaning company said it originally detected suspicious activity on March 6. After an initial investigation, the company determined the attackers gained access to its systems starting Feb. 10 and acquired certain records after lingering inside the company's network. READ MORE...
The personal information of employees was stolen in a ransomware attack targeting a Philippines subsidiary of Yamaha Motor. The incident, the Japanese mobility and industrial giant says, occurred on October 25, and only impacted one server managed by Yamaha Motor Philippines, the company's motorcycle manufacturing and sales subsidiary in the country. The server, Yamaha Motor says, "was accessed without authorization by a third party and hit by a ransomware attack." READ MORE...
Wisconsin teenager Joseph Garrison has pleaded guilty to his involvement in a scheme to access user accounts at a fantasy sports and betting website. According to court documents, on November 18, 2022, Garrison launched a credential stuffing attack against the betting site, obtaining access to approximately 60,000 user accounts. The defendant and others then stole about $600,000 from approximately 1,600 victim accounts. READ MORE...
The Rhysida ransomware group says it's behind the highly disruptive October cyberattack on the British Library, leaking a snippet of stolen data in the process. A low-res image shared to its leak site appears to show a handful of passport scans, along with other documents, some of which display the format of HMRC employment documents. Rhysida started an auction for the stolen data with a deadline for bids ending just before 0800 UTC on November 27. READ MORE...
The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox. Lumma (or LummaC2) is a malware-as-a-service information stealer rented to cybercriminals for a subscription between $250 and $1,000. READ MORE...
Morgan Stanley has agreed to a $6.5 million settlement over insecurely disposing of hardware containing unencrypted personal information. Through negligent internal data security practices, the multinational investment bank and financial services company potentially exposed the personal information of millions of customers, the Florida Attorney General's Office says. An investigation into the company uncovered that it did not properly erase unencrypted personal information stored on devices. READ MORE...
After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names (UNC3524,/NobleBaron/Dark Halo/NOBELIUM/Cozy Bear/CozyDuke, SolarStorm) and has been targeting embassy entities with a BMW car sale lure. The CVE-2023-38831 security flaw affects WinRAR versions before 6.23. READ MORE...