The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 to get in contact with them – or they will post their name on their dedi…
Continue reading Cl0p announces rules for extortion negotiation after MOVEit hack →
A number of ransomware gangs have stopped using malware to encrypt targets’ files and have switched to a data theft/extortion approach to get paid; 0mega – a low-profile and seemingly not very active threat actor – seems to be among t…
Continue reading 0mega ransomware gang changes tactics →
The Russia-linked cybercrime gang thought to be behind a hack that has impacted companies around the world has posted a message to its corporate victims.
In short, firms affected by the MOVEit hack are being told to congtact the Cl0p ransomware grou…
Continue reading Cl0p gang tells MOVEit hack victims to contact it before June 14, or else… →
The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been stolen. Victimized organizations The confirmed victims so far are Zellis, “…
Continue reading MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims →
Posted in 0-day, British Airways, cybercrime, data theft, Don't miss, Enterprise, extortion, Hot stuff, News, Orange Cyberdefense, progress, Rapid7, SMBs, supply chain attacks
The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Based on information shared by Mandiant, Rapid7 and other security rese…
Continue reading MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362) →
Posted in 0-day, data theft, Don't miss, Enterprise, extortion, File sharing, Hot stuff, Mandiant, News, Rapid7, Vulnerability
13 years jail for spoofing scammer, a rogue IT security expert’s Bitcoin blackmail goes wrong, and Facebook’s eyewatering GDPR fine may be only the beginning of its problems.
All this and much much more is discussed in the latest edition of the “Sma…
Continue reading Smashing Security podcast #323: Botched Bitcoin blackmail, iSpoof, and Meta’s billion dollar data bungle →
Posted in Data loss, extortion, Facebook, GDPR, iSpoof, Law & order, malware, Mobile, Podcast, privacy, Ransomware, Smashing Security
es, you should be worried about the threat posed by external hackers. But also consider the internal threat posed by insiders and rogue employees – the people you have entrusted to act responsibly with the data of your company and your customers.
Continue reading Six years prison for ex-Ubiquiti staffer who stole data and attempted to extort millions of dollars →
Did the sentence fit the crime? Read the backstory, and then have your say in our comments! (You may post anonymously.)
Continue reading Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security →
Stealing private keys is like getting hold of a medieval monarch’s personal signet ring… you get to put an official seal on treasonous material.
Continue reading Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert →