< ciso
brief />
Tag Banner

All news with #insider threat tag

132 articles · page 2 of 7

Vimeo Data Breach Exposes 119,000 Users' Personal Data

🔒 Vimeo disclosed an April breach tied to compromised Anodot credentials that allowed the ShinyHunters extortion group to exfiltrate data. After failed extortion, the group published a 106GB archive and Have I Been Pwned says roughly 119,200 email addresses and some names were exposed. Vimeo states that user login credentials, payment card data, and video content were not accessed, and it disabled the Anodot integration while engaging third-party investigators and notifying law enforcement.
read more →

Hacking Polymarket: Verification Failures and Insider Risks

⚠ Polymarket, a platform for betting on real-world events, faces serious integrity problems. Participants have attempted to manipulate outcome verification — including threats to a journalist whose reporting served as an adjudicating source and physical tampering with weather sensors (using hair dryers) to rig weather markets. The site also suffers widespread insider trading, creating legal and ethical exposure. These dynamics undermine trust and the reliability of event-based markets.
read more →

Two Cybersecurity Workers Jailed for BlackCat Ransomware

🔒 Two American cybersecurity workers, Ryan Goldberg and Kevin Martin, were each sentenced to four years in prison for helping the BlackCat (ALPHV) ransomware gang carry out attacks in 2023, the US Department of Justice said. The pair — who pleaded guilty in December 2025 — worked with a former negotiator, Angelo Martino, and shared proceeds from ransoms, including a $1.2m Bitcoin payout. Prosecutors said they abused specialist cyber skills; the FBI tracked Goldberg across ten countries before his arrest.
read more →

Negotiator Pleads Guilty to Aiding Ransomware Gang

⚖️ He pleaded guilty after secretly working for a ransomware gang while ostensibly negotiating payments for victims. The arrangement permitted a trusted intermediary to funnel information and influence negotiations in the gang’s favor, undermining client trust and incident response. Prosecutors say the conduct included clandestine communications that advantaged criminals and complicated recovery. The plea underscores risks in relying on third-party negotiators without robust oversight.
read more →

Two Cybersecurity Experts Get 4-Year Terms in BlackCat Case

🔒 The U.S. Department of Justice has sentenced two cybersecurity professionals to four years in prison for their roles in deploying ALPHV/BlackCat ransomware against multiple U.S. victims between April and December 2023. Ryan Goldberg and Kevin Martin pleaded guilty in December 2025 after conspiring with Angelo Martino to gain access to the ransomware in exchange for a share of ransoms. Authorities say one extortion yielded approximately $1.2 million in Bitcoin, which the defendants laundered, and that the men abused their security expertise while employed by Sygnia and DigitalMint.
read more →

FBI Links Cybercriminals to Sharp Rise in Cargo Thefts

🔒The FBI warned transportation and logistics firms of a marked increase in cyber-enabled cargo thefts, estimating losses in the U.S. and Canada could reach nearly $725 million in 2025. Criminals are using phishing, typosquatting domains, and account compromise to post fraudulent load listings and impersonate carriers, rerouting high-value shipments. The bureau urged multi-factor authentication, dual-channel verification of shipment requests, and reporting incidents to IC3 and local law enforcement.
read more →

Developer's Roblox cheat triggers $2M data breach

🔒 A developer at an AI startup downloaded a dubious Roblox script onto a work laptop, a single error that cascaded into a costly breach and caused roughly $2 million in remediation. The episode also highlights the long-standing SS7 telecom weakness that enables pervasive mobile tracking and interception. Host Graham Cluley and guest James Ball interview Rob Edmondson of CoreView about how to lock down Microsoft 365 before misconfigurations are exploited.
read more →

Former Ransomware Negotiator Pleads Guilty Over Collusion

🔒Angelo Martino, a 41-year-old former ransomware negotiator, has pleaded guilty to conspiring with the BlackCat (ALPHV) ransomware group after secretly supplying negotiation and insurance details from clients to the gang. While working for incident response firm Digital Mint, he passed policy limits and internal positions to maximize extortion profits and was paid for the information. He also admitted collaborating with associates to deploy ransomware between April and November 2023, and authorities have seized about $10m in assets; he faces up to 20 years and will be sentenced on July 9.
read more →

Ransomware Negotiator Pleads Guilty After Betrayal

🔒 Angelo Martino, a former ransomware negotiator, pleaded guilty to conspiring with the BlackCat ransomware group to extort U.S. companies in 2023. From April through November 2023, he provided confidential negotiation details — including victims' insurance limits and internal bargaining positions — to maximize ransom demands in exchange for payment. Martino admitted collaborating with incident responders Ryan Goldberg and Kevin Martin while working at DigitalMint and Sygnia, and authorities say the defendants extorted at least $1.2 million in a single case. Investigators seized roughly $10 million in assets; Martino faces up to 20 years and is scheduled for sentencing on July 9, 2026.
read more →

Cross‑tenant helpdesk impersonation and exfiltration

🔐 Microsoft Defender Security Research outlines a human-operated intrusion playbook where attackers abuse cross-tenant Microsoft Teams collaboration to impersonate IT/helpdesk staff and socially engineer users into granting remote assistance. With user consent, adversaries gain interactive access via Quick Assist or similar tools, then execute attacker modules by side-loading them into trusted vendor-signed applications. The chain leverages native administrative protocols such as WinRM and commercial RMM tooling to move laterally and stage sensitive business data for exfiltration. Microsoft Defender provides correlated identity, endpoint, and collaboration telemetry to surface and disrupt this pathway.
read more →

US Nationals Jailed for Facilitating North Korean IT Scam

🔒 Two US nationals were sentenced after admitting they helped operate a scheme that placed North Korean remote IT workers into roles at more than 100 US organisations, including several Fortune 500 firms. Court filings say Kejia Wang (42) and Zhenxing Wang (39) used the stolen identities of at least 80 Americans, received laptops at their US addresses, provided remote access to DPRK-based operators and set up shell companies to launder payments to DPRK. They received prison terms of 108 and 92 months respectively after pleading guilty to conspiracy charges including wire fraud and money laundering; Zhenxing Wang also pleaded guilty to conspiracy to commit identity theft.
read more →

U.S. Nationals Sent to Prison for Assisting DPRK IT Hires

🔒 Two U.S. nationals were sentenced to prison for facilitating a scheme that placed North Korean IT workers as faux U.S. employees at more than 100 American companies, including Fortune 500 firms. Between 2021 and October 2024 the pair generated over $5 million for DPRK-linked operations and caused roughly $3 million in corporate losses by using the stolen identities of more than 80 U.S. citizens. They set up shell companies, fake websites, bank accounts, and even hosted company-issued laptops in U.S. homes to mask the remote workers' true locations.
read more →

Kraken Faces Extortion After Insider Access to Support Data

🔒 Kraken says a criminal group is attempting to extort the exchange by threatening to release videos that show internal support systems containing client data. The company says the incident resulted from an insider threat, with two instances of improper access by support employees and exposure limited to client support data. About 2,000 accounts (0.02% of users) were affected; Kraken says funds were never at risk. The exchange will not pay or negotiate and is working with federal law enforcement.
read more →

Mailbox Rule Abuse in Microsoft 365: A Rising Threat

🔒 Security researchers report a rise in attackers abusing mailbox rules inside Microsoft 365 accounts to maintain post-compromise access, exfiltrate data and manipulate communications. The Proofpoint analysis found that roughly 10% of breached accounts in Q4 2025 had malicious rules created within seconds of takeover. Rules are often given minimal or nonsensical names and configured to delete messages or move them to low-visibility folders to evade detection. Defensive steps include disabling external auto-forwarding, enforcing MFA, monitoring OAuth and promptly removing malicious rules and revoking sessions.
read more →

Drift $280M Crypto Heist Tied to Six-Month In-Person Plot

🔒 Drift Protocol says a coordinated, six-month operation led to a $280M+ theft after attackers built "a functioning operational presence" inside the platform and engaged contributors in person and via Telegram. The attackers reportedly hijacked Security Council administrative powers and drained assets in about 12 minutes. Drift suspects two contributors were compromised via a malicious code repository (possible VSCode/Cursor exploit) and a fake TestFlight wallet app. Blockchain firms attribute the campaign to UNC4736, linked to North Korea.
read more →

Core infrastructure engineer pleads guilty in insider attack

🔒 A core infrastructure engineer, Daniel Rhyne, pleaded guilty on April 1 after launching an insider extortion attack that used routine admin tools and techniques to disable systems and accounts. He initiated unauthorized RDP sessions, deleted administrator accounts, changed passwords, and scheduled tasks on the domain controller, then claimed to have erased backups while demanding roughly $750,000 in bitcoin. Security experts say the methods were alarmingly predictable and could have been prevented by immutable backups, strict least privilege controls, and behavioral alerts for high‑risk tools.
read more →

Engineer Pleads Guilty to Extortion, Locks Windows Servers

🔒 A former core infrastructure engineer pleaded guilty after remotely accessing his employer's network and scheduling tasks that deleted domain administrator accounts and changed hundreds of passwords. Prosecutors say Daniel Rhyne targeted an industrial company in Somerset County, New Jersey, altering passwords to TheFr0zenCrew! and scheduling shutdowns that affected 254 servers and 3,284 workstations. He emailed coworkers demanding 20 BTC (roughly $750,000) and threatened to shut down 40 servers daily; investigators found web searches and a hidden VM used to plan the extortion. Rhyne was arrested in August and faces charges carrying up to 15 years in prison.
read more →

Adversaries Exploit Vacant Homes to Intercept Mail

📬 Flare analysts examined a step‑by‑step fraud tutorial showing how attackers identify and abuse vacant residential properties to intercept mail for identity theft and financial fraud. The guide recommends using real‑estate sites (Zillow, Rightmove, Zoopla) to find “drop” addresses, enrolling in services such as Informed Delivery, and filing change‑of‑address or forwarding requests with forged or purchased identities. By combining digital discovery with physical mail forwarding, actors gain persistent access to verification letters, credit cards, and financial correspondence.
read more →

Smashing Security #461: Lost $400M Bitcoin, Ajax Breach

🎣 In episode 461 of Smashing Security, host Graham Cluley and guest Danny Palmer discuss a remarkable Bitcoin mystery: an Irishman who converted drug proceeds into BTC in 2011 now allegedly controls $400 million, but the access codes were hidden in a fishing-rod case that disappeared — until one frozen wallet unexpectedly moved $35 million. The episode also covers a major data breach at Ajax Football Club that may have exposed the personal details of around 300,000 supporters, enabling ticket theft and manipulation of stadium ban lists. Additional topics include an Iran-linked compromise of the FBI director’s personal email, reliability differences between Windows and macOS, and a UK court case in which CCTV footage was used in a crypto theft claim.
read more →

Smashing Security Podcast 460: Extortion and Trespass

🔒 In episode 460 of the Smashing Security podcast, Graham Cluley and guest Jenny Radcliffe examine a string of notable security stories, including an alleged insider who stole a company payroll database and demanded $2.5 million in Bitcoin while signing extortion messages as 'Loot'. They also cover an incident in which two people were charged after attempting to approach the gates of the UK's Faslane nuclear submarine base. The show mixes incident analysis with cultural items — a spotlight on the Muslim punk group LadyParts and a recommendation of Lee McIntyre's On Disinformation — drawing practical lessons for security professionals and the public.
read more →