NIST to limit work on CVE entries as submissions surge NIST said it will only add details and information to the records of vulnerabilities that meet a certain threshold — changing a longstanding mission to categorize every CVE, which stands for cybersecu...

NIST announced deep changes to the NVD today, writing that it would no longer enrich every vuln submission.

The only bugs that will have info added are in:

- CISA's known exploited list
- tools used by federal government
- software deemed 'critical'

therecord.media/nist-to-limi...

A North Korea expert compared last week's $280 million theft from Drift to the assassination of Kim Jong Un's brother in 2017

Pyongyang created a fake company and hired people to meet up with Drift officials in person at conferences before launching the 4/1 attack

therecord.media/drift-crypto...

After the $280 million theft from Drift, the Treasury Dept said it will start sharing cyber threat intel with the crypto industry

Crypto firms will receive the same actionable cyber information Treasury regularly shares with traditional U.S. financial institutions

therecord.media/treasury-dep...

Bitcoin ATM said someone stole more than $3 million after breaking into their corporate systems last month

therecord.media/crypto-atm-b...

Minnesota governor sends national guard to county after cyberattack Minnesota governor Tim Walz issued an executive order on Tuesday, writing that Winona county experienced a cyberattack on critical systems that began on Monday.

Winona County Administrator Maureen Holte told @therecordmedia.bsky.social that Monday's ransomware attack did not involve the same cybercriminal responsible January's ransomware attack

Minnesota governor Tim Walz sent the National Guard to help the county recover

therecord.media/minnesota-se...

FBI, Pentagon warn of Iran hacking groups targeting operational technology The advisory said Iranian actors are targeting local municipal governments, water and wastewater systems and the energy sector.

Buried in the FBI, DOD and NSA advisory on Iran cyberattacks on critical infrastructure operational technology was acknowledgement that 75 devices were compromised during the CyberAv3ngers campaign in 2023/2024

therecord.media/fbi-pentagon...

Medusa ransomware gang claims attacks on prominent Mississippi hospital, New Jersey county The Medusa ransomware operation has claimed a devastating cyberattack that knocked out systems at the biggest hospital in Mississippi for nine days.

Medusa has been on a tear lately, going after more impactful targets...

Medusa ransomware gang claims attacks on prominent Mississippi hospital, New Jersey county

Let's hope they come to regret this very soon.

via @jgreig.bsky.social & @therecordmedia.bsky.social

Interlock ransomware gang exploited Cisco firewall zero-day weeks before disclosure: Amazon The Interlock ransomware gang recently exploited a zero-day vulnerability in a popular line of Cisco firewalls before the bug was disclosed publicly, according to an Amazon report.

Interlock ransomware gang exploited Cisco firewall zero-day weeks before disclosure: Amazon

via @jgreig.bsky.social & @therecordmedia.bsky.social

FBI confirms theft of director’s personal emails by Iran-linked hacking group An FBI spokesperson told Recorded Future News that the information is “historical in nature and involves no government information,” adding that the agency has “taken all necessary steps to mitigate p...

Interesting from @jgreig.bsky.social, w/ confirmation of "historical" data from FBI. Imagine attempting to conduct hostile operations in the U.S. and **you have access to the personal email account** of the counterintelligence agency's director. What would you burn that access for? A cheap info op?

Healthcare software firm CareCloud informs SEC of potential patient data leak The healthcare software firm CareCloud warned the Securities and Exchange Commission that a cyberattack may have resulted in the leak of patient data.

Electronic health record company CareCloud told the SEC that a recent cyberattack "is material in light of the sensitivity of the potentially affected information and the potential consequences of the incident.”

therecord.media/carecloud-ha...

FBI confirms theft of director’s personal emails by Iran-linked hacking group An FBI spokesperson told Recorded Future News that the information is “historical in nature and involves no government information,” adding that the agency has “taken all necessary steps to mitigate p...

The FBI confirmed to me that director Kash Patel's personal email was hacked by an Iranian group

A spox said the info is “historical in nature and involves no government information,” adding that they took "all necessary steps to mitigate potential risks."

therecord.media/fbi-confirms...

US official accuses China of supporting, exploiting cyber scam crisis in Southeast Asia A senior U.S. official accused China’s government of implicitly backing Chinese criminal syndicates running cyber scam compounds across Southeast Asia and of exploiting a crisis that has resulted in b...

US officials claimed cyber scam compounds across SE Asia causing $16 billion in American losses each year are quietly backed by China's government

China has not prosecuted scam bosses targeting Americans and Belt + Road projects are used as scam centers

therecord.media/china-scam-c...

Supply chain attack hits widely-used AI package, risks impacting thousands of companies The incident highlights growing concerns over the security of the open-source software supply chain, where widely-used tools maintained by small teams can provide a gateway into thousands of organizat...

LiteLLM has been compromised by hackers in a supply chain attack that researchers say could impact tens of thousands of corporate environments

Important one from @alexmartin.bsky.social

therecord.media/supply-chain...

Puerto Rico government agency cancels driver’s license appointments after cyberattack Services at Centros de Servicios al Conductor (CESCO) — the agency responsible for issuing licenses, permits and vehicle registrations in Puerto Rico — cancelled all appointments due to a cyber incide...

Puerto Rican authorities continued investigating a cyberattack on Wednesday that forced them to cancel appointment's at the agency managing driver's licenses and permits

therecord.media/puerto-rico-...

Education company Kaplan reports data breach impacting more than 230,000 The educational services company Kaplan told state regulators that at least 230,000 people had Social Security and driver’s license numbers leaked following a cybersecurity incident in the fall of 202...

In an update this week, Kaplan said 1.4 million people were impacted by a data breach in October

therecord.media/kaplan-data-...

Iran-linked ransomware gang targeted US healthcare org amid military conflict The incident responders noted that there was no evidence that data was exfiltrated during the intrusion — an unusual development considering U.S. intelligence agencies previously said Pay2Key attacks ...

Iran's Pay2Key ransomware gang attacked another US healthcare firm before the Stryker wiper attack

Researchers said its likely other US organizations have been attacked by Iranian government-affiliated hacking groups

therecord.media/iran-linked-...

Anime streaming giant Crunchyroll says hacker stole data related to customer service tickets The popular anime streaming platform Crunchyroll confirmed that a batch of customer information that was stolen through a third-party customer service vendor and leaked online is legitimate.

Crunchyroll confirmed to @therecordmedia.bsky.social that a batch of customer information leaked online over the weekend is legitimate

They said the stolen info is "primarily limited to customer service ticket data following an incident with a third-party vendor."

therecord.media/crunchyroll-...

US soldier sentenced for helping North Korean IT workers The man pleaded guilty to accusations that he allowed North Korean IT workers to use his identity on resumes and during employer vetting processes that involved interviews, drug tests and fingerprints...

A US soldier was sentenced to 1 year in prison after pleading guilty to charges related to a scheme where he allowed North Koreans to use his identity for job applications

North Korea's government earned about $1.3 million through Travis and 2 other men

therecord.media/us-soldier-s...

California-based semiconductor testing company reports ransomware attack to SEC A semiconductor testing company warned regulators that its subsidiary in Singapore suffered a ransomware attack earlier this month.

A semiconductor testing company warned regulators on Friday that its subsidiary in Singapore suffered a ransomware attack earlier this month

therecord.media/ransomware-t...

California city reports ransomware attack as LA transit agency finds ‘unauthorized activity’ Foster City warned that it is possible the hackers obtained public information, urging anyone that has done business with the city to change personal passwords and take measures to protect personal da...

The Los Angeles Metro department confirmed that it had to shut down systems due to "unauthorized activity" - causing issues for bus and rail riders.

A ransomware gang claimed it attacked the city on Friday morning

therecord.media/california-c...

DHS nominee Mullin pressed on restoring CISA staffing Senator Maggie Hassan (D-NH) asked Mullin about Noem’s decision to cut CISA’s workforce by one third and remove hundreds of millions of dollars from the agency’s budget after Trump took office.

Mullin largely dodged questions about whether he plans to restore CISA funding and staffing that had been decimated by Noem

therecord.media/dhs-mullin-p...

Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records Bitrefill said hackers allegedly tied to North Korea’s Lazarus group accessed around 18,500 purchase records that contained email addresses, crypto payment addresses, and metadata including IP address...

Bitrefill, a crypto platform that allows you to pay bills and buy goods with crypto, blamed North Korea's Lazarus hacking group for a security incident that shut down the site on March 1

therecord.media/crypto-platf...

Georgia man charged for robbing NBA, NFL players through stolen Apple account details A Georgia man who had already served time for conning professional athletes is accused of impersonating a prominent adult film actress in order to break into the Apple accounts of NBA and NFL players.

A Georgia man impersonated a porn star that prosecutors referred to as "TT" and stole the Apple account details of NFL and NBA players, allowing him to conduct more than 2,000 illegal transactions

He later stole videos of their encounters with a sex worker

therecord.media/phishing-nba...

Stryker says hospital tools are safe, but digital ordering systems still down after cyberattack Electronic ordering systems belonging to the medical device company Stryker are still down a week after a cyberattack believed to have wiped thousands of company devices of all information. The compan...

Stryker sent out urgent warnings to customers on Sunday that its hospital tech - which ranges from bed sensors to hands-free communications and surgery sponge trackers - is safe to use following the recent cyberattack allegedly conducted by Iran-aligned groups

therecord.media/stryker-cybe...

Ransomware incident responder gave info to BlackCat cybercriminals during negotiations, DOJ alleges U.S. prosecutors accused an incident responder of conducting cyberattacks and helping ransomware gangs negotiate higher payouts from the same victims he was working for.

The DOJ said Martino, who turned himself in this week, helped ALPHV secure larger ransoms while working for victims as the negotiator

The ransoms Martino helped negotiate were large, including ones that reached $26 million, $25 million, $16 million, and $6 million

therecord.media/ransomware-b...

Sprawling FBI, European operation takes down Leakbase cybercriminal forum The FBI and European law enforcement agencies carried out a global crackdown on a cybercrime forum where criminals bought and sold stolen credentials and exploits of software vulnerabilities.

The FBI and European law enforcement agencies carried out a global crackdown on cybercrime forum Leakbase, a subscription-based marketplace that has operated since 2021

therecord.media/leakbase-cyb...

From @martinmatishak.bsky.social

LexisNexis says hackers accessed legacy data in contained breach The breach emerged this week when a threat actor claimed they stole 2 GB worth of information from the company that included millions of records.

LexisNexis says hackers accessed legacy data in contained breach

via @jgreig.bsky.social & @therecordmedia.bsky.social

235,000 affected by cyberattack on largest ambulance provider in Wisconsin The company said Social Security numbers, driver’s license numbers, financial accounts, medical information and health insurance information was stolen during the cyberattack.

235,000 affected by cyberattack on largest ambulance provider in Wisconsin

via @jgreig.bsky.social & @therecordmedia.bsky.social

US sanctions North Korea IT worker networks in Laos, Vietnam The latest round of sanctions targeted Amnokgang Technology Development Company — a North Korean company that manages delegations of IT workers — and Quangvietdnbg International Services Company — a V...

The US sanctioned six people and two companies for their role in North Korea IT worker operations in Vietnam, Laos and Spain

therecord.media/us-sanctions...

Ransomware incident responder gave info to BlackCat cybercriminals during negotiations, DOJ alleges U.S. prosecutors accused an incident responder of conducting cyberattacks and helping ransomware gangs negotiate higher payouts from the same victims he was working for.

The DOJ said Martino, who turned himself in this week, helped ALPHV secure larger ransoms while working for victims as the negotiator

The ransoms Martino helped negotiate were large, including ones that reached $26 million, $25 million, $16 million, and $6 million

therecord.media/ransomware-b...