In May 2015, DataBreaches reported that on April 30, 2015, the Department of Justice had announced the indictment of twin brothers Muneeb and Sohaib Akhter of Virginia. The twins. who were 23 years old, were indicted on charges of aggravated identity theft, conspiracy to commit wire fraud, conspiracy to access a protected computer without authorization,...

Source

From the U.S. Attorney’s Office, District of Maryland: A Maryland man is facing federal indictment stemming from an unauthorized computer access scheme involving a Maryland medical system. Matthew Bathula, 41, of Clarksville, is charged with two counts of unauthorized access to a protected computer, and one count of aggravated identity theft while working as a...

Source

DysruptionHub reports: Kentwood Public Schools said districtwide Wi-Fi was disrupted after a student used malicious software designed to interfere with the school system’s network. The district said outside experts helped isolate the issue, which affected Wi-Fi connectivity across its schools, and that the problems “appear” to have been resolved. Kentwood Public Schools serves students in...

Source

NISOS writes: Last month, our research on DPRK IT worker fraud made headlines on NBC News. Security teams, hiring managers, and executives all came back with the same reaction: this is happening, and many organizations aren’t equipped to detect it. This isn’t a traditional cyber threat. It’s a human one and it’s not going away....

Source

And then there were three…. A third man has pleaded guilty to conspiring with two other cybersecurity professionals and BlackCat to use BlackCat’s ransomware and negotiation platform to target U.S. firms. Ryan Goldberg of Georgia and Kevin Martin of Texas pleaded guilty in December, and are scheduled to be sentenced on April 30.  Two of...

Source

Laura Cress reports: A former Meta employee suspected of downloading around 30,000 private images of Facebook users is being investigated by the Metropolitan Police. The engineer, who lives in London, is believed to have designed a program to be able to access personal pictures on the site while avoiding security checks. A Meta spokesperson told...

Source

RTHK reports: Police said they have arrested a man working for a contractor commissioned by the Hospital Authority for allegedly stealing the personal data of tens of thousands of patients. The data breach resulted in details of more than 56,000 patients from the Kowloon East cluster being taken without authorisation and leaked on a third-party...

Source

From the Garante’s press release, below, it sounds like the banking group experienced an insider-wrongdoing breach in which an employee improperly accessed  3,573 customer accounts over a period of two years. Data breach: The Italian Data Protection Authority fines Intesa Sanpaolo €31.8 million for unauthorized access to the banking information of over 3,500 customers for...

Source

Gary Fineout reports:  Sen. Rick Scott is suing a major government contractor for damages after his tax returns were leaked along with other prominent and wealthy figures, including President Donald Trump. The Florida Republican on Monday filed a lawsuit against Booz Allen Hamilton, a management and technology consulting company, and a former employee of the contractor who...

Source

On February 23, HHS received a breach submission from Weill Cornell Medicine in New York. The submission reported that 516 patients were affected by an incident involving Unauthorized Access/Disclosure of data in Electronic Medical Records (EMR). DataBreaches emailed the hospital to request an explanation and received the following statement from a spokesperson: After thorough investigation,...

Source

Paul Reynolds provides today’s reminder of the insider threat. This one involves a univeristy in Dublin, Ireland. A UCD staff member is due in court this morning charged in connection with unlawfully accessing student data at the college. The man, who is in his 50s, was arrested this morning following an investigation by the Garda...

Source

Matt Kapko reports: A 27-year-old North Carolina man was found guilty of six counts of extortion for a series of crimes he committed while working as a data analyst contractor for a D.C.-based international technology company, the Justice Department said Thursday. Cameron Nicholas Curry, also known as “Loot,” stole a trove of corporate data, including sensitive...

Source

It’s not like threat actors weren’t telling some of us about rogue negotiators. They were. Now I wonder how many other journalists also disbelieved the threat actors when they were telling the truth.  Jonathan Greig reports: The Justice Department is accusing an incident responder of conducting cyberattacks and helping ransomware gangs negotiate higher payouts from...

Source

Scottish Legal News reports: The Information Commissioner’s Office (ICO) issued the fine and reprimand after finding that a series of data protection failures resulted in the excessive collection, handling and unlawful disclosure of sensitive personal information. The data protection authority says the case highlights key data protection practices that all police services and criminal justice...

Source

Meryl Kornfield, Elizabeth Dwoskin, and Lisa Rein report: The Social Security Administration’s internal watchdog is investigating a complaint that alleges a former U.S. DOGE Service employee claimed he had access to two highly sensitive agency databases and planned to share the information with his private employer — a claim that, if true, would constitute an unprecedented...

Source

Dutch Police reports: Nearly 1,700 police officers will receive a letter in the coming period because they used police systems when there was likely no need to do so. These colleagues were looking for information about the violent death of 17-year-old Lisa from Abcoude. The letter is primarily intended to remind police officers of the...

Source

Ashley Nyquist, Ashden Fein, Caleb Skeath, John Webster Leslie, Matthew Harden, Catherine McGrath, and Samar Amidi of Covington and Burling write: On January 28, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a new resource on Assembling a Multi-Disciplinary Insider Threat Management Team.The guidance is intended to assist critical infrastructure stakeholders, which includes private...

Source

Joff Thyer // It has been known for some time that an executable payload generated with msfvenom can leverage an alternative template EXE file, and be encoded to better evade […]

The post Advanced Msfvenom Payload Generation appeared first on Black Hills Information Security, Inc..