December 15, 2023 at 11:56AM Ransomware group Hunter’s International attacked Fred Hutch Cancer Center, threatening to leak 533.1GB of stolen data. Patient records and personal information, including Social Security numbers and medical history, were allegedly compromised. Threat actors emailed patients, offering to prevent data sale for $50. The group targets companies with ransom demands of … Read more
December 15, 2023 at 10:01AM Delta Dental of California has notified almost seven million patients of a data breach. The breach involved unauthorized access through MOVEit software, leading to the exposure of personal data, including names, financial account numbers, and credit/debit card details. Impacted customers are offered 24 months of free credit monitoring and identity … Read more
December 15, 2023 at 06:42AM INL has notified 45,000 individuals of a data breach where personal information was stolen from the Oracle Human Capital Management software. The compromised data includes names, birthdates, Social Security numbers, salary, and banking details. Impacted individuals will receive identity protection and credit monitoring services. INL is investigating the attack with … Read more
December 14, 2023 at 06:35PM Kraft Heinz confirmed their systems are normal with no evidence of a breach listed by an extortion group. Kraft Heinz, a leading food and beverage company, is being threatened by the Snatch extortion group, but no proof of breach was provided. The company is investigating claims but sees no evidence … Read more
December 14, 2023 at 05:20PM Group-IB has detected a new threat group, “GambleForce,” engaged in SQL injection attacks on organizations in the Asia-Pacific region. This group has targeted various sectors, including gambling, government, retail, travel, and job websites, using publicly available penetration-testing tools. The threat actor’s activities have led to data breaches in multiple organizations, … Read more
December 14, 2023 at 01:06PM Attackers breached Idaho National Laboratory’s (INL) Oracle HCM HR management platform, compromising data of 45,047 individuals including employees, dependents, and spouses. The breach included sensitive personal information, such as social security numbers and banking details, but did not affect the lab’s network. A hacking group claimed responsibility and leaked the … Read more
December 14, 2023 at 02:18AM From September 2023, hacker group GambleForce conducted SQL injection attacks in APAC, targeting 24 organizations in gambling, government, retail, and travel sectors. They used tools like dirsearch, sqlmap, and Cobalt Strike, and exploited a Joomla CMS flaw. Group-IB discovered and took down the group’s C2 server and notified the victims. … Read more
December 13, 2023 at 05:31AM Close to a million records containing personally identifiable information of donors to non-profits were exposed in an online database owned by DonorView, provider of a fundraising platform for schools, charities, and religious institutions. The exposed data included donor names, addresses, phone numbers, emails, and payment methods, raising concerns about potential … Read more
December 12, 2023 at 02:48PM Ex-First Republic Bank cloud engineer, Miklos Daniel Brody, was sentenced to two years in prison for causing over $220,000 in damage to his former employer’s computer network by using his company-issued laptop to watch pornography. He pleaded guilty to violating the Computer Fraud and Abuse Act and making false statements … Read more
December 12, 2023 at 10:05AM Cloud engineer Miklos Daniel Brody was sentenced to two years in prison and ordered to pay $529,000 in restitution for wiping his former employer’s code repositories, First Republic Bank. The bank, with over 7,000 employees and $6.75 billion in annual revenue, closed on May 1, 2023, and was sold to … Read more