Information Technology Security

By Bill Toulas,  Bleeping Computer Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company's external VPN and shut down systems to receive a ransom. The car maker discovered the breach in early November 2023 and discovered recently that the incident exposed personal data belonging to more than 53,000 current and former employees. “As shared during the Nissan Town Hall meeting on December 5, 2023, Nissan learned on November 7, 2023, that it was the victim of a targeted cyberattack. Upon learning of the attack, Nissan promptly notified law enforcement and began taking immediate actions to investigate, contain, and successfully terminate the threat,” the company said in a notification to impacted individuals. Nissan disclosed that the threat actor targeted its external VPN and then shut down certain company systems before asking for a ransom. The company notes that none of its systems were encrypted during the attack. Working with extern...

By Bill Toulas,  Bleeping Computer The Singing River Health System is warning that it is now estimating that 895,204 people are impacted by a ransomware attack it suffered in August 2023. Singing River Health System is a major healthcare provider located in Mississippi, operating the Singing River Hospital in Pascagoula, Ocean Springs Hospital , and the Singing River Gulfport Hospital , collectively providing over 700 beds. The health system, which employs over 3,500 people, also operates two hospices, four pharmacies, six imaging centers, ten specialty centers, and twelve medical clinics in the Gulf Coast region. On August 19, 2023, Singing River announced that it had been targeted by a sophisticated ransomware attack, which resulted in operational disruptions at its hospitals and potentially data theft. Singing River was added to the HHS' Office for Civil Rights breach portal in late August, with a temporary figure of 501 impacted individuals. On September 13, 2023, the healthca...

By Solomon Klappholz, IT Pro The hacker trying to sell a Dell database containing 49 million customer records claims he was able to persist on the company’s systems for several weeks The threat actor behind the recent Dell data breach that exposed 49 million customer records claims they were able to access internal systems for weeks before being discovered.  The hacker, Menelik, was reported to be selling access to a database storing 49 million records related to systems purchased from Dell between 2017 and 2024. Dell disclosed the breach on 9 May, notifying customers that their names, addresses, and Dell customer info were exposed, warning them to watch out for social engineering attacks impersonating the technology giant. Menelik told TechCrunch they were able to gain access to the database by registering several accounts on a Dell portal as a partner that resells Dell products and services. According to Menelik, the process of registering and being approved as a partner was re...

By Sergiu Gatlan, Bleeping Computer The Government of British Columbia is investigating multiple "cybersecurity incidents" that have impacted the Canadian province's government networks. Premier David Eby said in a Wednesday statement that there is no evidence that the attackers had accessed or stolen sensitive information from the compromised networks. However, an ongoing investigation is assessing the incidents' impact and looking into what data, if any, may have been accessed. "Recently, the Government of B.C. has identified sophisticated cybersecurity incidents involving government networks," Eby said. "The government is working closely with the Canadian Centre for Cyber Security (Cyber Centre) and other agencies to determine the extent of the incidents and implement additional measures to safeguard data and information systems." The Government of B.C. has yet to disclose the number of cybersecurity incidents that impacted its networks and when...

By Lawrence Abrams, Bleeping Computer AT&T's email servers are blocking connections from Microsoft 365 due to a "high volume" spam wave originating from Microsoft's service. Starting on Monday, AT&T customers began reporting they could no longer receive email from Microsoft 365 email addresses. When Microsoft 365 customers attempted to email an address at @att.com, @sbcglobal.net, or @bellsouth.com, AT&T servers would refuse the connection and not accept the email for delivery.

By Lawrence Abrams, Bleeping Computer Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. The computer maker began emailing data breach notifications to customers yesterday, stating that a Dell portal containing customer information related to purchases was breached. "We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell," reads a Dell data breach notification. "We believe there is not a significant risk to our customers given the type of information involved." Dell states that the following information was accessed by the threat actor during the breach: Name Physical address Dell hardware and order information, including service tag, item description, date of order, and related warranty information The company stresses that the stolen information does not include fina...

By Krebs On Security Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user. When a device initially tries to connect to a network, it broadcasts a message to the entire local network stating that it is requesting an Internet address. Normally, the only system on the network that notices this request and replies is the router responsible for managing the network to which the user is trying to connect. The machine on a network responsible for fielding these requests is called a Dynamic Host Configuration Protocol (DHCP) server, which will issue time-based leases for IP addresses. The DHCP server also takes care of setting a specific local address — known ...

By Charlie Nash,  Mediaite Two conservative news websites – Human Events and The Post Millennial – were hacked on Thursday evening and replaced with a page leaking private information. Both websites were taken down by unnamed hackers and replaced with a fake coming out letter purported to be written by Post Millennial senior editor Andy Ngo. “Dear Readers of The Post Millennial, I am writing to you today to share something deeply personal and important to me,” the letter opened. “After much soul-searching, I have come to the realization that I am a trans individual, and I would like to officially introduce myself as Angelina Ngo, a woman.” At the end of the letter, the hacker concluded, “P.S. I am also sharing with you all of our mailing lists, our subscriber database and the personal details of all our writers and editors,” along with links to download the private information. The official Twitter accounts for both Human Events and The Post Millennial – which was acquired by ...

By Bill Toulas, Bleeping Computer A former cybersecurity consultant was arrested for allegedly attempting to extort a publicly traded IT company by threatening to disclose confidential and proprietary data unless they paid him $1,500,000. A staffing company assigned Vincent Cannady, 57, to assess and remediate potential vulnerabilities in a New York-based multinational information technology infrastructure services provider. After the termination of his employment for performance reasons, on June 23, 2023, Cannady allegedly used a company-issued laptop to download proprietary and confidential information, including architectural maps, trade secrets, and lists of potential vulnerabilities, from the victim company's network, to which he still had access. The Department of Justice says Cannady threatened to publicly disclose this sensitive information unless the company agreed to pay him up to $1.5 million as a settlement for what he claimed was employment discrimination. When confron...

By Solomon Klappholz, IT Pro Hackers are increasingly targeting remote desktop tools in their attacks, new research reveals, prompting warnings for enterprises globally In the era of hybrid work, remote desktop tools have become vital business enablers, but due to their pervasiveness on corporate networks they have become a popular entry point for cyber criminals. If successfully exploited, remote access tools can provide hackers with a direct pathway into a system or network, and once access is gained attackers can move laterally within the network, escalating privileges and maintaining persistence. In an investigation into which remote desktop tools are targeted the most, Jonathan Tanner, senior security researcher at Barracuda Networks, explained that remote desktop software poses a particular challenge to IT teams to secure. “Among the security challenges facing IT teams implementing remote desktop software is that there are many different tools available, each using different and ...