19 Jun 2024
By Mary

InfoSec News Nuggets 6/19/2024

Security bug allows anyone to spoof Microsoft employee emails A researcher has found a bug that allows anyone to impersonate Microsoft corporate email accounts, making phishing attempts look credible and more likely to trick their targets. As of this writing, the bug has not been patched. To demonstrate the bug, the researcher sent an email to TechCrunch that looked like it was sent from Microsoft’s account security team. Last week, Vsevolod Kokorin, also known online as…
Read More
29 Jan 2024
By Mary

InfoSec News Nuggets 1/29/2024

Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist  The Akira ransomware gang is claiming responsiblity for the "cybersecurity incident" at British bath bomb merchant. Akira says it has stolen 110 GB of data from the UK-headquartered global cosmetics giant, which has more than 900 stores worldwide, allegedly including "a lot of personal documents" such as passport scans. Passport scans are routinely collected to verify identities during the course of the hiring process,…
Read More
02 Dec 2022
By Mary

InfoSec News Nuggets 12/02/2022

Medibank hackers announce ‘case closed’ and dump huge data file on dark web The cybercriminals behind the Medibank cyber-attack have posted on the dark web what appears to be the remainder of the customer data they took from the health insurer, stating it is “case closed” for the hack. On Thursday morning, the blog – which returned online after several days of being offline last week – posted “Happy Cyber Security Day!!! Added folder full.…
Read More
09 Nov 2022
By Mary

InfoSec News Nuggets 11/09/2022

Medibank confirms ransomware attack impacting 9.7M customers, but doesn’t pay the ransom Medibank is one of the largest Australian private health insurance providers with approximately 3.9 million customers. The health insurer believes the attackers have not accessed credit card and banking details, and primary identity documents, such as drivers’ licenses, because it doesn’t collect them except in exceptional circumstances. The company discovered the ransomware attack on October 12 it also announced that no ransom payment will…
Read More