#Ecuador:The Qilin ransomware group claims to have stolen 100GB of data from the Savings and Credit Cooperative of Public Servants of the Ministry of Education and Culture.

There is no information available regarding whether the members of the Savings and Credit Cooperative of Public Servants of the Ministry of Education and Culture of Ecuador (CACSPMEC) have been notified about the theft of personal data that allegedly occurred in this incident.

More details:

https://www.security-chu.com/2025/05/ransomware-qilin-cooperativa-ecuador.html

#ciberseguridad #government #cyberattack #ransomware #Qilin #LATAM #ciberseguridad #dataprotection #PII #cybersecurity #news #noticias

A stolen Facebook profile is conducting a fraudulent campaign using the image of Leonardo Farkas.

The stolen verified profile belongs to Brazilian Olympic judoka medalist Rafael Silva Baby.

Attempts to contact the medalist via Instagram were unsuccessful.

The campaign displays Russian characters in its source code, uses the design of biobiochile.cl, and requests registration details (name, surname, email, phone number).

URL: http://frogswitchtable.com

more details:

https://www.security-chu.com/2025/05/Perfil-robado-en-Facebook-hace-campana-fraudulenta-Chile.html

#scam #Chile #fake #fraud #cybersecurity #ciberseguridad #noticias #news #LATAM

A stolen Facebook profile is conducting a fraudulent campaign using the image of Leonardo Farkas.

The stolen verified profile belongs to Brazilian Olympic judoka medalist Rafael Silva Baby.

Attempts to contact the medalist via Instagram were unsuccessful.

The campaign displays Russian characters in its source code, uses the design of biobiochile.cl, and requests registration details (name, surname, email, phone number).

URL: http://frogswitchtable.com

more details:

https://www.security-chu.com/2025/05/Perfil-robado-en-Facebook-hace-campana-fraudulenta-Chile.html

#scam #Chile #fake #fraud #cybersecurity #ciberseguridad #noticias #news #LATAM

On April 24, the mining company Kolpa was listed on the website of the SafePay ransomware group.

🇵🇪 The cybercriminal group claimed in its description that it had stolen 108 GB of data from the company.

The SafePay group leaked information on a page where it compiles all the documentation belonging to this company.

Some documents titled "Constancia de Alta del Personal en Formación" contain employee identification data, such as ID number (DNI), date of birth, nationality, full name, gender, marital status, phone number, email, and address.

Another document called "Data Entrega de Tarjetas Hijos."

This file exposes personal data of workers, such as ID number (DNI), names, job title, and department, as well as information about their family members, including full names of children, ID numbers, dates of birth, age, and gender.

#PII #dataleak #databreach #dataprotection #privacy #ransomware #cyberattack #Peru #cybersecurity #ciberseguridad

If you ever worked for this company, your data may be leaked on the dark web.

In Peru, the Personal Data Protection Law (Law No. 29733) requires companies to protect personal data and notify affected individuals in case of data breaches.

More details:

https://www.security-chu.com/2025/05/Minera-kolpa-ciberataque-safepay-ransomware.html

On April 24, the mining company Kolpa was listed on the website of the SafePay ransomware group.

🇵🇪 The cybercriminal group claimed in its description that it had stolen 108 GB of data from the company.

The SafePay group leaked information on a page where it compiles all the documentation belonging to this company.

Some documents titled "Constancia de Alta del Personal en Formación" contain employee identification data, such as ID number (DNI), date of birth, nationality, full name, gender, marital status, phone number, email, and address.

Another document called "Data Entrega de Tarjetas Hijos."

This file exposes personal data of workers, such as ID number (DNI), names, job title, and department, as well as information about their family members, including full names of children, ID numbers, dates of birth, age, and gender.

#PII #dataleak #databreach #dataprotection #privacy #ransomware #cyberattack #Peru #cybersecurity #ciberseguridad

If you ever worked for this company, your data may be leaked on the dark web.

In Peru, the Personal Data Protection Law (Law No. 29733) requires companies to protect personal data and notify affected individuals in case of data breaches.

More details:

https://www.security-chu.com/2025/05/Minera-kolpa-ciberataque-safepay-ransomware.html

Here's the unlocker.exe file that the Akira ransomware contained in some of its chats with the entities I was able to analyze.

Feel free to analyze it. Best regards, your friend chum1ng0.

https://github.com/chum1ng0/akira-unlocker

#ransomware #akira #cybersecurity #Malware #ciberseguridad #noticias #news #cyberattack

Here's the unlocker.exe file that the Akira ransomware contained in some of its chats with the entities I was able to analyze.

Feel free to analyze it. Best regards, your friend chum1ng0.

https://github.com/chum1ng0/akira-unlocker

#ransomware #akira #cybersecurity #Malware #ciberseguridad #noticias #news #cyberattack

We identified four chats from different companies that attempted to negotiate with Akira after being attacked.

Some of these companies were still listed as victims on the group's website.

We analyzed 4 cases: 3 entities refused to negotiate, 1 entity paid $25,000 to a Bitcoin address, and the company was removed from Akira's ransomware site.

Akira's support sent a decryptor called unlocker.exe with instructions to proceed with system decryption and also provided their security report:

"Initial access to your network was purchased on the dark web. Subsequently, kerberoasting was performed, and we obtained the password hashes. Then, we extracted them and retrieved the domain administrator password."

More details:

https://www.security-chu.com/2025/05/entidades-negociando-con-el-grupo-akira-ransomware.html

#akira #ransomware #cybersecurity #ciberseguridad #noticias #news #cyberattack

In an effort to clarify certain aspects of the attack and the group’s strategy, SuspectFile.com submitted a series of questions to Silent, receiving direct answers that both confirm and expand upon the information published in their statement. The questions and responses will be fully reported at the end of this article.

https://www.suspectfile.com/ransomware-group-silent-claims-to-have-found-a-buyer-for-the-data-stolen-from-versa-networks/

#Infosec #Data_Breach #Ransomware #VersaNetworks #Silent

We identified four chats from different companies that attempted to negotiate with Akira after being attacked.

Some of these companies were still listed as victims on the group's website.

We analyzed 4 cases: 3 entities refused to negotiate, 1 entity paid $25,000 to a Bitcoin address, and the company was removed from Akira's ransomware site.

Akira's support sent a decryptor called unlocker.exe with instructions to proceed with system decryption and also provided their security report:

"Initial access to your network was purchased on the dark web. Subsequently, kerberoasting was performed, and we obtained the password hashes. Then, we extracted them and retrieved the domain administrator password."

More details:

https://www.security-chu.com/2025/05/entidades-negociando-con-el-grupo-akira-ransomware.html

#akira #ransomware #cybersecurity #ciberseguridad #noticias #news #cyberattack

🇬🇹 Server exposed data from Miscorp S.A.

Miscorp was alerted about this situation, and the server is no longer exposed as of a few days ago.

The server exposed files such as: identity cards, electronic records of individual employment contracts, temporary certificates of no claims, diplomas, resumes, criminal background reports, and health cards.

Data of employees or former employees, including names, DPI, phone numbers, addresses, dates of birth, nationality, marital status, home ownership information, etc.

read more:

https://newschu.substack.com/p/misconfigurations-capitulo-11-servidor

#dataprotection #leak #leaked #cybersecurity #ciberseguridad #PII #incidentresponse #Guatemala #noticias #news #substack #LATAM

🇬🇹 Server exposed data from Miscorp S.A.

Miscorp was alerted about this situation, and the server is no longer exposed as of a few days ago.

The server exposed files such as: identity cards, electronic records of individual employment contracts, temporary certificates of no claims, diplomas, resumes, criminal background reports, and health cards.

Data of employees or former employees, including names, DPI, phone numbers, addresses, dates of birth, nationality, marital status, home ownership information, etc.

read more:

https://newschu.substack.com/p/misconfigurations-capitulo-11-servidor

#dataprotection #leak #leaked #cybersecurity #ciberseguridad #PII #incidentresponse #Guatemala #noticias #news #substack #LATAM

🇵🇦 Varela Hermanos, a liquor producer (Ron Abuelo), has been listed on the dark web by the GunRa group

🔗 https://www.security-chu.com/2025/04/Gunra-Varela-Hermanos-Dark-Web.html

#ransomware #cybersecurity #cyberattack #news #noticias #panama #LATAM #ciberseguridad

🇹🇭 Thailand: Ubakong, Technology Company, Exposes Its Backups in Google Storage.

https://medium.com/@newschu.substack.com/thailand-ubakong-technology-company-exposes-its-backups-in-google-storage-31b329830c64

#cybersecurity #news #dataprotection #privacy #incidentresponse #technology #leak #databreach

🇹🇭 Thailand: Ubakong, Technology Company, Exposes Its Backups in Google Storage.

https://medium.com/@newschu.substack.com/thailand-ubakong-technology-company-exposes-its-backups-in-google-storage-31b329830c64

#cybersecurity #news #dataprotection #privacy #incidentresponse #technology #leak #databreach

"Security Researchers" should know better than to make news articles about data still being publicly exposed.

The irony of talking about the risks of this data being exposed publicly while helping others finding said data for the sake of more traffic to your website is something indeed.

It gets worse when you have no clue how your source of research, that you pay $25/month subscription for, finds said exposed data.
By simply mentioning a company name in this situation you're already giving away too much information for people to find said server.

But when you mention on the article the data is still exposed and then go ahead and show the partial link to where it is hosted, a simple query on the same service you pay for will give you all you need to know. That service is actively used by hacker groups to ransom companies.

This is not an isolated case either, multiple times now I've seen @cybernews pull this stunt.

For reference the post I'm talking about: cybernews.com/security/loop-leaks-personal-data-creatives-exposed/

This is 1 of multiple instances I've seen this happen, other times I had to intervene myself to get stuff closed: databreaches.net/2024/09/26/massive-french-citizens-data-leak-exposes-95-million-records/

#cybersecurity #infosec #news #research #security #data #leak

The Akira ransomware group's chat with the Customs Agency Browne (browne.cl) confirms it suffered a ransomware attack.

The list of files, with the most recent dated March 24, includes directories such as HR, Clients, Purchases, Petty Cash, Special Accounts, and Work Contracts.

However, the agency has not issued any statements regarding a cybersecurity incident.

🔗 https://www.security-chu.com/2025/04/confirmacion-ataque-ransomware-akira-Browne-Chile-Aduanas.html

HAPPY EASTER

#Chile #ransomware #akira #cybersecurity #cyberattack #ciberseguridad #LATAM

The Akira ransomware group's chat with the Customs Agency Browne (browne.cl) confirms it suffered a ransomware attack.

The list of files, with the most recent dated March 24, includes directories such as HR, Clients, Purchases, Petty Cash, Special Accounts, and Work Contracts.

However, the agency has not issued any statements regarding a cybersecurity incident.

🔗 https://www.security-chu.com/2025/04/confirmacion-ataque-ransomware-akira-Browne-Chile-Aduanas.html

HAPPY EASTER

#Chile #ransomware #akira #cybersecurity #cyberattack #ciberseguridad #LATAM

#Chile🇨🇱 : On April 19, the Akira ransomware group claimed to have stolen 37 GB of data from the Chilean customs agency Browne y Espinoza (Browne.cl) on its dark web site.

The data reportedly includes financial and personal files. The agency has not issued a statement. We are monitoring the incident.

🔗 https://www.security-chu.com/2025/04/Agencia-Aduanera-atacada-por-ransomware-akira.html

#cybersecurity #akira #ransomware #ciberseguridad #LATAM #noticias #news #cyberattack #incidentresponse

HAPPY EASTER

#Chile🇨🇱 : On April 19, the Akira ransomware group claimed to have stolen 37 GB of data from the Chilean customs agency Browne y Espinoza (Browne.cl) on its dark web site.

The data reportedly includes financial and personal files. The agency has not issued a statement. We are monitoring the incident.

🔗 https://www.security-chu.com/2025/04/Agencia-Aduanera-atacada-por-ransomware-akira.html

#cybersecurity #akira #ransomware #ciberseguridad #LATAM #noticias #news #cyberattack #incidentresponse

HAPPY EASTER