December 14, 2023 at 06:35PM Kraft Heinz confirmed their systems are normal with no evidence of a breach listed by an extortion group. Kraft Heinz, a leading food and beverage company, is being threatened by the Snatch extortion group, but no proof of breach was provided. The company is investigating claims but sees no evidence … Read more
December 14, 2023 at 05:20PM Group-IB has detected a new threat group, “GambleForce,” engaged in SQL injection attacks on organizations in the Asia-Pacific region. This group has targeted various sectors, including gambling, government, retail, travel, and job websites, using publicly available penetration-testing tools. The threat actor’s activities have led to data breaches in multiple organizations, … Read more
December 14, 2023 at 01:06PM Attackers breached Idaho National Laboratory’s (INL) Oracle HCM HR management platform, compromising data of 45,047 individuals including employees, dependents, and spouses. The breach included sensitive personal information, such as social security numbers and banking details, but did not affect the lab’s network. A hacking group claimed responsibility and leaked the … Read more
December 14, 2023 at 02:18AM From September 2023, hacker group GambleForce conducted SQL injection attacks in APAC, targeting 24 organizations in gambling, government, retail, and travel sectors. They used tools like dirsearch, sqlmap, and Cobalt Strike, and exploited a Joomla CMS flaw. Group-IB discovered and took down the group’s C2 server and notified the victims. … Read more
December 13, 2023 at 05:31AM Close to a million records containing personally identifiable information of donors to non-profits were exposed in an online database owned by DonorView, provider of a fundraising platform for schools, charities, and religious institutions. The exposed data included donor names, addresses, phone numbers, emails, and payment methods, raising concerns about potential … Read more
December 12, 2023 at 02:48PM Ex-First Republic Bank cloud engineer, Miklos Daniel Brody, was sentenced to two years in prison for causing over $220,000 in damage to his former employer’s computer network by using his company-issued laptop to watch pornography. He pleaded guilty to violating the Computer Fraud and Abuse Act and making false statements … Read more
December 12, 2023 at 10:05AM Cloud engineer Miklos Daniel Brody was sentenced to two years in prison and ordered to pay $529,000 in restitution for wiping his former employer’s code repositories, First Republic Bank. The bank, with over 7,000 employees and $6.75 billion in annual revenue, closed on May 1, 2023, and was sold to … Read more
December 12, 2023 at 09:28AM Former Uber CISO Joe Sullivan disclosed details of the 2016 data breach at Black Hat Europe, reflecting on his firing and legal issues. The breach compromised 57 million accounts, and a $100,000 payment to attackers was considered a bug bounty. Sullivan emphasizes the importance of personal protections for security professionals … Read more
December 12, 2023 at 08:48AM A review of the PSNI’s August data breach revealed vast impact on staff, including relocation for safety, mental health decline, and operational consequences. Failings in data protection and governance were highlighted, along with delayed audits and incomplete GDPR requirements. Staff responses varied, with some feeling resilient while others encountered significant … Read more
December 12, 2023 at 06:36AM The year 2023 witnessed a surge in cyber attacks, particularly through non-human access credentials like API keys, tokens, and service accounts. These credentials lack robust security measures and are often over-permissive and unused, making them an ideal target for cybercriminals. Several high-profile attacks exploited non-human access, prompting the need for … Read more