admin.codes » Category » Data Breaches

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials.

A Little Sunshine, Adam Boileau, CISA, Crowdstrike Falcon, Data Breaches, Dylan Ayrey, GitHub, James Wilson, Latest Warnings, Nick Andersen, Rep. Bennie Thompson, Risky Business, Sen. Maggie Hassan, The Coming Storm, TruffleHog, U.S. Cybersecurity & Infrastructure Security Agency

CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.

A Little Sunshine, AWS GovCloud, Cybersecurity & Infrastructure Security Agency, Data Breaches, GitGuardian, GitHub, Guillaume Valadon, Latest Warnings, Nightwing, Philippe Caturegli, Seralys, The Coming Storm

Canvas Breach Disrupts Schools & Colleges Nationwide

An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions.

A Little Sunshine, Canvas hack, Charles Carmakal, Cloudskope, Data Breaches, Dipan Mann, Instructure hack, Mandiant Consulting, Ne'er-Do-Well News, Ransomware, ShinyHunters, Steve Proud

Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm’s chief executive says the malicious activity resulted from a security breach and was likely the work of a competitor trying to tarnish his company’s public image.

A Little Sunshine, Data Breaches, ddos, DDoS-for-Hire, Erick Nascimento, Huge Networks, Internet of Things (IoT), Mirai, TP-Link Archer AX21, Web Fraud 2.0

‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors.

A Little Sunshine, Ahmed Hossam Eldin Elbadawy, Data Breaches, Evans Onyeaka Osiebo, Joel Martin Evans, Ne'er-Do-Well News, Noah Michael Urban, Owen Flowers, Scattered Spider, SIM Swapping, Thalha Jubair, Tyler Robert Buchanan, Tylerb

Please Don’t Feed the Scattered Lapsus Shiny Hunters

A prolific data ransom gang that calls itself Scattered Lapsus Shiny Hunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and… Read More »

Allison Nixon, Data Breaches, Latest Warnings, Mandiant, Ransomware, Scattered Lapsus Shiny Hunters, sextortion, SLSH, The Coming Storm, Unit 221