serisec

Category: ShinyHunters

  • FBI warns students and staff that ShinyHunters may come knocking after Canvas breach

    FBI warns students and staff that ShinyHunters may come knocking after Canvas breach Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. Read more in my article on the Hot for Security blog. Graham Cluley Go…

  • Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities

    Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities Welcome to the largest educational data breach in history – affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-finals. When Canvas’s parent company refused to pay and announced they had deployed “security patches” instead, the hackers were less than impressed.…

  • Canvas Breach Disrupts Schools & Colleges Nationwide

    Canvas Breach Disrupts Schools & Colleges Nationwide An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students…

  • Hackers get hacked, as BreachForums database is leaked

    Hackers get hacked, as BreachForums database is leaked Have you ever stolen data, traded a hacking tool, or just lurked on a dark web forum believing that you are anonymous? If so, I might have some unsettling news for you. Read more in my article on the Hot for Security blog. Graham Cluley Go to…

  • Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

    Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ A prolific cybercriminal group that calls itself “Scattered LAPSUS$ Hunters” has dominated headlines this year by regularly stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for “Rey,” the moniker chosen by the technical operator and public…

  • A miracle: A company says sorry after a cyber attack – and donates the ransom to cybersecurity research

    A miracle: A company says sorry after a cyber attack – and donates the ransom to cybersecurity research One of the sad truths about this world of seemingly endless hacks and data breaches is that companies just won’t apologise. Even when customers, partners, and employees are left wondering when their data will be published by…

  • ShinyHunters Wage Broad Corporate Extortion Spree

    ShinyHunters Wage Broad Corporate Extortion Spree A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility…

  • The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

    The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google…

  • Taking the shine off BreachForums

    Taking the shine off BreachForums ShinyHunters threat group members were arrested in a coordinated law enforcement action for their association with BreachForums mindimcdowell Go to sophos