The ransomware group named Snatch publicly named Kraft Heinz on its website on December 14, but the post appears to have been created on August 16, which indicates that the attack occurred months ago. Indeed, in a statement issued on Thursday, Kraft Heinz said it's investigating claims of a cyberattack that occurred several months ago. The company said the target appeared to be a decommissioned marketing site hosted on an external platform, but it's currently unable to verify the hackers' claims. READ MORE...
Idaho National Laboratory (INL) has started notifying 45,000 individuals that their personal information was stolen in a data breach last month. The incident was identified on November 20 and impacted the Oracle Human Capital Management (HCM) software that INL is using for certain human resources applications. No INL systems, nor other "networks or databases used by employees, lab customers or other contractors" were compromised as part of the attack. READ MORE...
On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string "Rescator," which also was the handle chosen by the cybercriminal who was selling all of the cards stolen from Target customers. Ten years later, KrebsOnSecurity has uncovered new clues about the real-life identity of Rescator. READ MORE...
Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental is a dental insurance provider that covers 85 million people across 50 states, but this data breach notice concerns the California division of the company. According to a Delta Dental data breach notification, the company suffered unauthorized access by threat actors through the MOVEit file transfer software application. READ MORE...
Dozens of credit unions caught in a ransomware attack against a third-party vendor last month have resumed normal operations, the National Credit Union Administration said Wednesday. Ongoing Operations, a subsidiary of Trellance that provides IT services to the industry, was hit by a cyberattack isolated to a segment of its network on Nov. 26, the company said last week in an incident update. READ MORE...
Researchers have spotted a new threat actor targeting organizations in the Asia-Pacific region with SQL injection attacks using nothing more than publicly available, open source penetration-testing tools. Threat hunters at Group-IB first spotted the new group in September, targeting gambling companies in the region and named it "GambleForce." In the three months since, the group has targeted organizations in several other sectors, including government, retail, travel, and job websites. READ MORE...
ESET researchers analyzed a growing series of OilRig downloaders that the group has used in several campaigns throughout 2022, to maintain access to target organizations of special interest - all located in Israel. These lightweight downloaders, which we named SampleCheck5000 (SC5k v1-v3), OilCheck, ODAgent, and OilBooster, are notable for using one of several legitimate cloud service APIs for C&C communication and data exfiltration. READ MORE...
Since yesterday, users of Ubiquiti networking devices, ranging from routers to security cameras, have reported seeing other people's devices and notifications through the company's UniFi cloud services. Ubiquiti is a popular networking device manufacturer offering a cloud-based UniFi platform where admins can manage all their devices from a single cloud portal. The first report of these issues was when a Ubiquiti customer incorrectly received a notification from someone else's security camera. READ MORE...
U.S. authorities are struggling to contain a critical vulnerability in Citrix Netscaler Application Delivery Controller and Netscaler Gateway, widely used networking appliances that help companies enable secure remote access. Thousands of organizations worldwide use the technology, and researchers have seen attacks targeting a wide range of industries, including financial services companies, defense contractors, law firms, technology providers and government agencies. READ MORE...