Mastodawn

📢 Lovesac signale une violation de données; le gang RansomHub revendique l’attaque
📝 Source: BleepingComputer (Bill Toulas), 8 septembre 2025.
📖 cyberveille : https://cyberveille.ch/posts/2025-09-15-lovesac-signale-une-violation-de-donnees-le-gang-ransomhub-revendique-lattaque/
🌐 source : https://www.bleepingcomputer.com/news/security/lovesac-confirms-data-breach-after-ransomware-attack-claims/
#RansomHub #commerce_de_détail #Cyberveille

Lovesac signale une violation de données; le gang RansomHub revendique l’attaque

Source: BleepingComputer (Bill Toulas), 8 septembre 2025. Le fabricant et détaillant américain de meubles Lovesac avertit par courriel d’une violation de données ayant exposé des informations personnelles, à la suite d’un accès non autorisé à ses systèmes internes. https://ago.vermont.gov/sites/ago/files/documents/2025-09-04%20The%20LoveSac%20Company%20Data%20Breach%20Notice%20to%20Consumers.pdf – Chronologie et faits clés: • 📅 Accès malveillant: du 12 février au 3 mars 2025. • 📍 Découverte: 28 février 2025; remédiation en 3 jours pour bloquer l’accès de l’attaquant. • 🧾 Données compromises: noms complets et autres informations personnelles (détails non communiqués). • 👥 Population touchée: nombre d’individus non divulgué; Lovesac n’a pas précisé s’il s’agit de clients, employés ou sous‑traitants. • 🛡️ Mesures offertes: surveillance de crédit 24 mois via Experian (inscription jusqu’au 28 novembre 2025). • 🔎 État d’usage: la société indique n’avoir aucune indication d’un usage abusif et appelle à la vigilance face au phishing.

CyberVeille

ITSEC News Sep 10

Lovesac warns customers their data was breached after suspected RansomHub attack six months ago - American furniture maker Lovesac, known for its modular couches and comfy beanbags, has w... https://www.bitdefender.com/en-us/blog/hotforsecurity/lovesac-warns-customers-their-data-was-breached-after-suspected-ransomhub-attack-six-months-ago #ransomware #databreach #guestblog #ransomhub #dataloss

Lovesac warns customers their data was breached after suspected RansomHub attack six months ago

American furniture maker Lovesac, known for its modular couches and comfy beanbags, has warned customers that their data was breached by hackers earlier this year, and that they should remain vigilant to the threat of identity theft.

Hot for Security

TechNadu Aug 13

🚨 Manpower confirms Dec–Jan breach after RansomHub’s claim.

📊 144K+ victims across the U.S., data stolen includes SSNs, IDs, and medical info.
https://www.technadu.com/six-months-on-manpower-confirms-data-breach-after-ransomhubs-december-january-access/605907/

#Manpower #RansomHub #DataBreach #Cybersecurity #InfoSec

Prof. Dr. Dennis-Kenji Kipker Jul 9

Immer wieder hört man von Geschäftsleitern, dass #Cyberrisiken vernachlässigbar seien, weil man im unwahrscheinlichen Zweifelsfall einfach ein #Lösegeld zahlen kann und der Fall damit erledigt ist.

Doch nicht umsonst gibt es den Spruch "Wer einmal zahlt, zahlt auch zweimal." Am Beispiel der der rivalisierenden #Cybercrime-Gruppierungen "#DragonForce" und "#RansomHub" wird deutlich, dass "Ehre" unter Cyberkriminellen ein sehr zweifelhafter Begriff ist:

https://www.heise.de/news/Doppelte-Erpressung-moeglich-Cyberkriminelle-im-Clinch-10477705.html #cybersecurity

Doppelte Erpressung möglich: Cyberkriminelle im Clinch

Zwischen zwei rivalisierenden kriminellen Ransomware-Gruppen ist Streit ausgebrochen. Cyberexperten warnen, dass Unternehmen doppelt erpresst werden könnten.

heise online

Marcel SIneM(S)US Jul 8

Doppelte Erpressung möglich: Cyberkriminelle im Clinch | heise online https://www.heise.de/news/Doppelte-Erpressung-moeglich-Cyberkriminelle-im-Clinch-10477705.html #CyberCrime #Ransomware #Malware #DragonForce #RansomHub

Doppelte Erpressung möglich: Cyberkriminelle im Clinch

Zwischen zwei rivalisierenden kriminellen Ransomware-Gruppen ist Streit ausgebrochen. Cyberexperten warnen, dass Unternehmen doppelt erpresst werden könnten.

heise online

Just Another Blue Teamer Jun 30

Happy Monday everyone and what a way to start it!

I encourage you to read the latest report from The DFIR Report where they document an attack that started with a "password spray attack against an exposed RDP server" and ended in the #RansomHub ransomware strain being deployed in the victim's environment and spread over SMB.

I am going to forgo the brief summary because I truly believe these reports need to be read by you! But a bunch of LOLBINs were leveraged, including PowerShell and Windows Command Shell, of course RDP connections, MimiKatz, the Advanced IP Scanner, and many more! One behavior I will point out is that Persistence was gained by the actors deploying the legitimate RMM tools AteraAgent and Splashtop and then created services to run them!

This is another great example of an extremely thorough report and I hope you enjoy it as much as I do! Enjoy and Happy Hunting!

Hide Your RDP: Password Spray Leads to RansomHub Deployment
https://thedfirreport.com/2025/06/30/hide-your-rdp-password-spray-leads-to-ransomhub-deployment/

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Hide Your RDP: Password Spray Leads to RansomHub Deployment

Key Takeaways Initial access was via a password spray attack against an exposed RDP server, targeting numerous accounts over a four-hour period. Mimikatz and Nirsoft were used to harvest credential…

The DFIR Report