January 10, 2024 at 03:46PM Fidelity National Financial confirmed a cyberattack by the BlackCat ransomware gang on November 19, 2023, affecting 1.3 million customers. The attack prompted containment measures and data exfiltration from breached systems. FNF is providing affected customers with credit monitoring and identity theft services and is prepared to defend against potential lawsuits. … Read more
January 10, 2024 at 01:03PM HMG Healthcare has announced a data breach affecting 40 facilities. The compromised information includes names, contact details, dates of birth, health info, medical treatment details, Social Security numbers, and employee records. Based on the meeting notes provided, it appears that the compromised information includes names, contact information, dates of birth, … Read more
January 10, 2024 at 12:07PM Ransomware victims facing extortion attempts from a third party posing as a security researcher. Arctic Wolf Labs highlighted cases involving victims of Royal and Akira gangs being extorted by an individual or group, requesting a fee of 5 Bitcoin. The victims, US-based SMBs in finance and construction, did not pay … Read more
January 10, 2024 at 10:37AM ShinyHunters group member Sebastien Raoult, 22, was sentenced to three years and must return $5 million in proceeds after developing fake websites to steal victims’ credentials, leading to data theft and financial harm. The French national caused substantial losses to companies, and his extradition from Morocco resulted in a 36-month … Read more
January 10, 2024 at 08:33AM Kyocera Device Manager vulnerability enables attackers to capture credentials and compromise accounts. As a result, enterprise credentials are exposed, posing a security risk. Based on the meeting notes, it appears that there is an improper input validation flaw in the Kyocera Device Manager. This vulnerability allows attackers to capture credentials … Read more
January 9, 2024 at 04:13PM Threat actors impersonating security researchers targeted ransomware victims, offering to hack back attackers and delete stolen data for a fee. Arctic Wolf found instances of this scam targeting organizations hit by Royal and Akira ransomware. The scammers used consistent communication methods, indicating a single actor behind both attempts. This adds … Read more
January 9, 2024 at 02:00PM Delinea, a Silicon Valley access management vendor, has acquired Israeli startup Authomize, enriching its product portfolio with identity threat detection and response technologies. The undisclosed but reportedly “several tens of millions of dollars” acquisition aims to combat the surge in identity-related data breaches by providing tools to detect and mitigate … Read more
January 9, 2024 at 09:06AM Mortgage firm LoanDepot was hit by a ransomware attack, leading to system disruptions. The company took immediate steps to contain the incident and initiated an investigation. It shut down certain systems and started notifying regulators and law enforcement. It’s uncertain if personal information was compromised, and the company is assessing … Read more
January 9, 2024 at 09:06AM The LockBit ransomware gang claimed responsibility for a November 2023 cyberattack on Capital Health. The healthcare organization restored all systems and services following an investigation of the incident. The gang stole over 10 million files including medical confidentiality data, and threatened to make the information public unless a ransom of … Read more
January 8, 2024 at 05:19PM The Toronto Zoo experienced a ransomware attack with no impact on animals or operations. They are investigating potential effects on guest and donor records and are working with law enforcement and cybersecurity experts. In a similar incident, the Toronto Public Library was attacked, causing service disruptions and data theft. The … Read more