What is a JSON feed? Learn more

JSON Feed Viewer

Browse through the showcased feeds, or enter a feed URL below.

Now supporting RSS and Atom feeds thanks to Andrew Chilton's feed2json.org service

CURRENT FEED

Cyber Security & Privacy News | Hippogriff LLC

Every week Hippogriff shares some of the most alarming data breach and privacy infringing occurrences throughout the world. Keep stopping by to see the most recent entries.

A feed by Wizards that are not wee at work...

XML


Cyber Attack on Mississippi Schools Costs $300k

Permalink - Posted on 2020-10-19 16:00

A Mississippi school district has voted to pay $300,000 to recover files that were encrypted during a suspected ransomware attack. A federal investigation was launched after threat actors accessed Yazoo County School District’s information technology system without authorization. Superintendent Dr. Ken Barron told WLBT news that the school became aware of the cyber-attack on Monday, October 12. Barron did not state how the attackers had gained access to the system or what information had been compromised as a result of the incident.


Google Reveals It Was Hit by 2.5Tbps DDoS

Permalink - Posted on 2020-10-19 15:00

Google has revealed a nation state DDoS campaign against it originating from China, which may have been the biggest attack of its kind ever recorded. The 2.5Tbps DDoS struck in September 2017 but was made public for the first time on Friday in a report designed to share best practices on cyber-defense and plug Google Cloud mitigations. According to Google security reliability engineer, Damian Menscher, the attack topped a six-month campaign against the firm.


Instagram's Handling of Children's Data Under Investigation

Permalink - Posted on 2020-10-19 16:00

Social media app Instagram is being investigated by the EU for allegedly failing to protect the privacy of children's data. Instagram's alleged data mishandling allowed the email addresses and phone numbers of children aged under 18 to become visible to other users of the platform. Facebook, which owns the social media app, has denied breaking any privacy laws. The investigation into the app is being led by Ireland's Data Protection Commissioner (DPC), the lead European Union regulator under the EU's General Data Protection Regulation (GDPR), which came into force in 2018.


Singapore: Courts Fined $9,000 for Second Data Breach in Two Tears

Permalink - Posted on 2020-10-19 15:00

Electronics retailer Courts has been fined $9,000 for failing to secure customers' personal details such as names, mobile numbers and addresses, the second time in two years that it has been found to have breached data protection laws.


Commission Kings' Brands Suffer Cyber Attack Outage

Permalink - Posted on 2020-10-19 15:00

Commission Kings, one of the largest affiliate networks catering to a global sports betting and iGaming audience, has come under a heavy cyber-attack.


Global Adoption of Data and Privacy Programs Still Maturing

Permalink - Posted on 2020-10-19 16:00

The importance of privacy and data protection is a critical issue for organizations as it transcends beyond legal departments to the forefront of an organization’s strategic priorities.


Albion Online Game Maker Discloses Data Breach

Permalink - Posted on 2020-10-19 15:00

"The intruder was able to access forum user profiles, which include the email addresses connected to those forum accounts," said Sandbox Interactive GmbH, the company behind Albion Online. The attacker also harvested encrypted passwords. Sandbox Interactive said the passwords were hashed with the Bcrypt password-hashing function and then salted with random data to make it harder for attackers to reverse and crack the password.


DDoS Attacks Triple in Size as Ransom Demands Re-Emerge

Permalink - Posted on 2020-10-19 15:00

The last quarter of 2020 has seen a wave of web application attacks which have used ransom letters to target businesses across a number of industries. According to research from Akamai, the largest of these attacks sent over 200Gbps of traffic at their targets as part of a sustained campaign of higher Bits Per Second (BPS) and Packets Per Second (PPS) than similar attacks had displayed a few weeks prior.


Kleenheat Customer Names and Addresses Exposed in System Breach

Permalink - Posted on 2020-10-19 15:00

Australian gas producer Kleenheat has warned a number of its customers about a data breach that may have resulted in information such as name and address being exposed. The Perth-based retailer and distributor believes the breach occurred in 2014 on a third-party system. ZDNet understands that system is no longer in use.


More Details Emerge on Hall County, Georgia Ransomware Attack

Permalink - Posted on 2020-10-16 16:00

Hall County, Georgia had revealed a ransomware attack on October 7, but until now, we didn’t know who attacked them. Now the threat actors known as DoppelPaymer have added Hall County to their dedicated leak site.


Ohio: Potential Cass Action Against Health Recovery Services Survives Motion to Dismiss

Permalink - Posted on 2020-10-16 16:00

This Court finds the Third Circuit’s reasoning in Horizon persuasive. The disclosure of plaintiff’s sensitive medical information to a third party—even where, as here, that third party is a hacker— constitutes an invasion of privacy, the very type of injury that Congress enacted the FCRA to remedy.


Cosmote Reveals Cyber Attack Exposed Telephone Data from Thousands of Customers

Permalink - Posted on 2020-10-16 16:00

The largest mobile network operator in Greece, Cosmote, revealed that thousands of customers’ information was accessed during a cyber attack that occurred between September 1-5.


India: Hackers Attack Haldiram's Servers, Demand Rs 7.5 Lakh

Permalink - Posted on 2020-10-16 15:00

Unidentified hackers attacked the servers of Noida-based Haldiram’s Snacks private limited with ransomware, stealing sensitive data and demanding a ransom of Rs 7.5 lakh to release the information. A case was registered at Noida Sector 58 police station on Wednesday. The incident occurred on the intervening night of July 12 and 13 when issues were reported with the company server which later turned out to be ransomware attacks.


British Airways Hit with U.K. Data Watchdog's Biggest-Ever Fine

Permalink - Posted on 2020-10-16 15:00

Britain’s data protection watchdog said on Friday it has fined British Airways 20 million pounds - its biggest such penalty to date - for failing to protect data that left more than 400,000 of its customers’ details the subject of a 2018 cyber attack.


Personal Data of Bharatmatrimony Users Breached

Permalink - Posted on 2020-10-16 15:00

Personal data of customers of online matchmaking website Bharatmatrimony.com suffered a breach and was available for sale on the darkweb on Thursday, according to Atlanta-based cyber security firm Cyble. The company said that it is investigating the issue and added that there has been "no breach of its current active database of customers". According to Cyble, the leaked data includes sensitive personal information like names, phone numbers, user IDs and date and time of account creation. A sample of the leaked data has been reviewed by ET. Customer data worth 1.7 GB belonging to thousands of users was up for sale in exchange for $500 in cryptocurrency, according to researchers at the firm. ET could not independently verify the number of users whose data was compromised.


Card Details for 3 Million Dickey's Customers Posted on Carding Forum

Permalink - Posted on 2020-10-16 15:00

ickey's Barbecue Pit, the largest barbecue restaurant chain in the US, suffered a POS breach between July 2019 and August 2020.


Hackers Target Puerto Rico Firefighting Department Servers

Permalink - Posted on 2020-10-16 15:00

Puerto Rico’s firefighting department said Wednesday that its database was hacked by unknown people demanding $600,000 in an act of alleged extortion.


Cyber Attack on London Council Still Having Significant Impact

Permalink - Posted on 2020-10-15 16:00

In an update on the situation the council said that its staff are working with the National Cyber Security Centre, National Crime Agency, external experts and the Ministry of Housing, Communities and Local Government to investigate and understand the impact of the cyberattack on its servers. It has also reported the incident to the Information Commissioner's Office.


Online Proctor Service ProctorTrack Disables Service After Hack

Permalink - Posted on 2020-10-15 16:00

Starting yesterday, students began receiving emails sent by the hacker from the Verificient Support account. This email contained racial slurs, and falsely stated that the company and ProctorTrack were ceasing operations.


Privacy Nightmare for Toledo Public Schools: Hackers Dumped SEtudent and Employee Data

Permalink - Posted on 2020-10-15 16:00

On September 14, DataBreaches.net reached out to TPS to ask them to confirm or deny Maze’s claim of a successful attack. TPS did not respond, and the data Maze dumped as “proof” was not proof of any attack on TPS at all — in fact, the “proof” data appeared to come from a construction firm, which is why DataBreaches.net referred to the breach claim but did not name the school district in the September post. But now Maze has dumped all of the data they claim to have acquired from TPS, and the data appear real. Worryingly, the more than 9 GB of compressed data contains a lot of personal and/or sensitive student and employee data.


Barnes & Noble Warns Customers About Data Breach

Permalink - Posted on 2020-10-15 16:00

The notification comes on the heels of a "system failure" that led to users of Nook, Barnes and Noble's e-book reader, to lose access to their books and purchases on their mobile devices.


Carnival Corp. Ransomware Attack Affects Three Cruise Lines

Permalink - Posted on 2020-10-15 16:00

Hackers accessed personal information of guests, employees and crew for Carnival Cruise, Holland America and Seabourn as well as casino operations.


Ubisoft, Crytek Data Posted on Ransomware Gang's Site

Permalink - Posted on 2020-10-15 16:00

Details about hackers obtained the files remain unclear. Ransomware gang also threatened to leak the source code of Watch Dogs: Legion, an upcoming Ubisoft game.


Social Media App Leaks Data of 172,000 Users, Including Location Coordinates

Permalink - Posted on 2020-10-15 16:00

The CyberNews investigations team discovered an unsecured data bucket that belongs to Panion, a Swedish software company. The unprotected bucket contains more than 2.5 million user records, including full names, email addresses, genders, interests, location coordinates and last login dates, as well as selfies and document photos.


Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts

Permalink - Posted on 2020-10-15 16:00

The data includes hundreds of thousands of voicemail transcripts, many involving sensitive information such as details about medical prescriptions and financial loans.


Robinhood Estimates Hackers Infiltrated Almost 2,000 Accounts

Permalink - Posted on 2020-10-15 16:00

A person with knowledge of an internal review, who asked not to be identified because the findings aren’t public, provided the estimated figure. When Bloomberg first reported on the hacking spree last week, the popular online brokerage disclosed few details. It said “a limited number” of customers had been struck by cyber-criminals who gained access by breaching personal email accounts outside of Robinhood, an assertion that some of the victims acknowledge and others reject.


Ransomware Victims Struggle to Recover, Hire and Spend on Threat Prevention

Permalink - Posted on 2020-10-14 16:00

IT managers at organizations hit by ransomware are nearly three-times as likely to feel “significantly behind” when it comes to understanding cyber-threats. According to new research from Sophos, organizations “are never the same after being hit by ransomware” and a third (35%) of victims reported that recruiting and retaining skilled IT security professionals was their single biggest challenge when it comes to cybersecurity.


Compliance Activities Cost Organizations $3.5 Million Annually

Permalink - Posted on 2020-10-14 16:00

Organizations are struggling to keep up with IT security and privacy compliance regulations, according to a Telos survey.


Privacy Watchdog to Probe Klarna After Email Backlash

Permalink - Posted on 2020-10-14 16:00

The Information Commissioner's Office said it will make enquiries into Klarna after scores of angry people questioned why it had their details despite never doing business with the payments firm.


Marketing Agency for NFL, Mastercard, MLB and Soundcloud Exposes Clients' Sensitive Data

Permalink - Posted on 2020-10-14 16:00

CyberNews recently discovered that the digital marketing agency teamDigital was exposing multiple environment config files which contain sensitive data. By exposing this type of data, teamDigital is putting their own data and the data of their clients – big names like the NFL, Mastercard, Soundcloud, and more – at risk, potentially leading to ransomware, targeted phishing campaigns, and others.


Executive Overconfidence a Security Risk

Permalink - Posted on 2020-10-13 16:00

Executives are out of touch and overconfident when it comes to their organizations' web application security practices, according to new research published today by Netsparker. Netsparker teamed up with Dimensional Research to survey security professionals from 382 organizations worldwide about the maturity and effectiveness of web application security in their organizations. Respondents worked in roles spanning development, DevOps, and C-suite.


U.S. GAO Calls for Greater Cyber Security for Commercial Airplanes

Permalink - Posted on 2020-10-13 17:00

The US Government Accountability Office (GAO) has urged the Federal Aviation Administration to take action to better protect modern commercial airplanes from cyber-risks. In a post on its website, the GAO wrote: “Modern airplanes are equipped with networks and systems that share data with the pilots, passengers, maintenance crews, other aircraft and air-traffic controllers in ways that were not previously feasible.


Election Systems Under Attack via Microsoft Zerologon Exploits

Permalink - Posted on 2020-10-13 17:00

Cybercriminals are chaining Microsoft’s Zerologon flaw with other exploits in order to infiltrate government systems, putting election systems at risk, a new CISA and FBI advisory warns.


Home Security Cams Hacked in Singapore, and Stolen Footage Sold on Adult Websites

Permalink - Posted on 2020-10-13 17:00

Clips stolen from more than 50,000 hacked cameras have been uploaded to pornographic websites, and X-rated footage sold to people prepared to pay a subscription fee of US $150.


Singapore Tightens Security Requirements for New Home Routers

Permalink - Posted on 2020-10-13 17:00

Effective from April 13 next year, home routers will have to meet new security requirements before they can be sold in Singapore.


Miami-Based Tech Company Suffers Massive 1TB Customer and Business Data Leak

Permalink - Posted on 2020-10-13 16:00

The Miami-based “value-added solutions and technology products” company Intcomex has suffered a major data breach, with nearly 1 TB of its users’ data leaked. The leaked data includes credit cards, passport and license scans, personal data, payroll, financial documents, customer databases, employee information and more.


Global Firms Seek Zero-Trust as 58% Suffer COVID-Era Breach

Permalink - Posted on 2020-10-13 16:00

Over half of global organizations have suffered a data breach during the COVID-19 crisis, with even more arguing that they need to shift to a zero-trust model to bolster security, according to Forrester.


Serious Cyber Attack Targets London City Council

Permalink - Posted on 2020-10-13 16:00

Hackney Council in north London says it has been the target of a serious cyberattack, which is affecting many of its services and IT systems.


Software AG Continues Efforts Against $20M Ransomware Attack

Permalink - Posted on 2020-10-13 16:00

The attack began on October 3 as a ransomware attack in which the attackers demanded the unusually high ransom in return for a decryption key. According to reporting from ZDNet, stolen confidential employee information began to be released on the Dark Web on October 9 after negotiations between the company and attackers failed.


25% of BEC Cybercriminals Based in the U.S.

Permalink - Posted on 2020-10-13 16:00

A new analysis of business email compromise (BEC) attacks reveals the global footprint of BEC activity: Twenty-five percent of perpetrators behind these threats are located in the United States. Of these attackers, nearly half are based in five states: California, Georgia, Florida, Texas, and New York.


Seyfarth Shaw LLP Law Firm Discloses Ransomware Attack

Permalink - Posted on 2020-10-12 18:00

Seyfarth Shaw LLP, disclosed a ransomware attack. The fact that they disclosed it themselves immediately removed one of the threats these groups make — to make the attack public and harm the entity’s reputation by showing that they failed to secure sensitive information.


Spotless Hit by Ransomware Attack

Permalink - Posted on 2020-10-12 18:00

Spotless Group, the Downer-owned facilities services provider, is the latest high-profile Australian company to fall victim to ransomware attackers. iTnews learned that the company had been attacked on Friday last week, and a Downer spokesperson confirmed the infection.


OCR Announces 9th Financial Penalty under its HIPAA Right of Access Initiative

Permalink - Posted on 2020-10-12 18:00

The HHS’ Office for Civil Rights (OCR) is continuing its crackdown on healthcare providers that are not fully complying with the HIPAA right of access. Last week, OCR announced its ninth enforcement action against a HIPAA-covered entity for the failure to provide patients with timely access to their medical records at a reasonable cost.


228,000 Individuals Impacted by Legacy Community Health Services Phishing Attack

Permalink - Posted on 2020-10-12 18:00

Legacy Community Health Services in Texas is alerting 228,009 patients about a data breach involving some of their protected health information (PHI). The PHI was stored in an email account that was accessed by an unauthorized individual. The breach was detected on July 29, 2020, one day after an employee responded to a phishing email and disclosed login credentials to the attacker.


Bitcoin Wallet Update Trick Has Netted Criminals More Than $22 Million

Permalink - Posted on 2020-10-12 17:00

A simple technique has helped cybercrime gangs steal more than $22 million in user funds from users of the Electrum wallet app; a ZDNet investigation has discovered. This particular technique was first seen in December 2018. Since then, the attack pattern has been reused in multiple campaigns over the past two years. ZDNet has tracked down multiple Bitcoin accounts where criminals have gathered stolen funds from attacks they carried out over the course of 2019 and 2020, with some attacks taking place as recently as last month, in September 2020.


Children and Parent Info. Exposed in Georgia DHS Data Breach

Permalink - Posted on 2020-10-12 17:00

The security breach took place over the spring. Georgia DHS officials said that between May 3, 2020, and May 15, 2020, hackers managed to gain access to several employee email accounts.


Carnival Corp. Confirms Personal Information Compromised in Ransomware Incident

Permalink - Posted on 2020-10-12 17:00

Carnival, which owns 10 global cruise line brands and a tour company, employs more than 120,000 people and has a fleet of 102 ships. Prior to the COVID-19 pandemic, which forced the company to suspend operations, Carnival served more than 11 million guests per year.


Hackers Publish Public School District's Stolen Data Online

Permalink - Posted on 2020-10-12 17:00

Computer hackers who obtained information about a Virginia public school district’s students and employees have posted stolen data online, school officials said Friday in an email to parents and staff.


Uganda’s Banks Have Been Plunged into Chaos by a Mobile Money Fraud Hack

Permalink - Posted on 2020-10-12 17:00

The Oct. 3 hack was a result of a security breach on a consumer finance aggregator, Pegasus Technologies, which mainly affected bank to mobile wallet transfers, according to an Oct. 8 statement by MTN Uganda, the country’s largest mobile phone company. Kampala-based Pegasus Technologies provides financial and billing solutions for various companies including all the affected entities.


Tyler Technologies Finally Paid the Ransom to Receive the Decryption Key

Permalink - Posted on 2020-10-12 17:00

Some reports circulating online speculate the company was infected with the RansomExx ransomware. The RansomEXX is human-operated ransomware, this means that attackers manually infected the systems after gained access to the target network. In June 2020, the same ransomware was employed in an attack on the Texas Department of Transportation, in September it infected the systems at the IPG Photonics high-performance laser developer.


Community Health Systems Pays $5 Million to Settle Multi-State Breach Investigation

Permalink - Posted on 2020-10-09 16:00

A joint investigation, led by Tennessee Attorney General Herbert H. Slatery III, was launched following a breach of the protected health information (PHI) of 6.1 million individuals in 2014. At the time of the breach, Community Health Systems owned, leased, or operated 206 affiliated hospitals. According to a 2014 8-K filing with the U.S. Securities and Exchange Commission, the health system was hacked by a Chinese advanced persistent threat group which installed malware on its systems that was used to steal data. PHI stolen by the hackers included names, phone numbers, addresses, dates of birth, sex, ethnicity, Social Security numbers, and emergency contact information.


Parents Using School Payment Service Have Card Details Compromised

Permalink - Posted on 2020-10-09 16:00

UK school payment service Wisepay has revealed that the card details of parents who made transactions on its site between October 2 and 5 have been compromised. This was after Wisepay’s website was hacked, resulting in an attacker harvesting payment details via a spoof page. The attack begun on the evening of Friday October 2 and was not noticed until the following Monday morning at 10.00am.


Marketing Firm Spills Nearly Three Million Records

Permalink - Posted on 2020-10-09 16:00

A US digital marketing provider has exposed almost three million records containing personally identifiable information (PII) after another cloud configuration mistake. The privacy snafu at Friendemic, whose main clients are reportedly US car dealerships, was discovered by Aaron Phillips at Comparitech.


Tennessee Health Data Management Firm Agrees to $2m Data Breach Settlement

Permalink - Posted on 2020-10-09 16:00

A Tennessee firm that provides health data management services has agreed to pay the United States Office for Civil Rights (OCR) $2.3m to settle charges related to a data breach. Charges were brought against Tennessee-based Community Health Systems (CHSPSC LLC) by 28 states after the personal health information (PHI) of millions of people ended up in the hands of cyber-criminals.


Fitbit Allowed Spyware on Official App Store

Permalink - Posted on 2020-10-09 16:00

Miscreants had the ability to upload a malicious app containing spyware to Fitbit’s official website, a security researcher has discovered. Fitbit markets fitness trackers which can monitor a users’ heart rate, calorie intake, and exercise sessions, among other data. Its devices are compatible with a number of apps which can be downloaded from its official website and other app stores. Customers can also download watch faces.


Online Romance Scams Spike Under Lockdown

Permalink - Posted on 2020-10-09 16:00

Police and banks are celebrating after revealing that £19 million in fraud was stopped in the first half of the year, although romance scams are reportedly on the rise. Over 600 reports of romance scams each month were made in June, July and August, contributing to a 26% year-on-year increase in cases recorded by Action Fraud, according to Sky News.


Crypto Exchange Leaks Every User's Support Ticket to Every Other User

Permalink - Posted on 2020-10-09 16:00

CyberNews recently discovered a bug affecting the cryptocurrency exchange platform Bitexlive in which support tickets were exposed to every visitor of the site via the socket. This data can be mundane or extremely sensitive, depending on the type of information being communicated between the customer and the customer support agents.


Most Enterprises Struggle with IoT Security Incidents

Permalink - Posted on 2020-10-09 16:00

According to new data released by Cybersecurity Insiders, 72% of organizations experienced an increase in endpoint and IoT security incidents in the last year, while 56% anticipate their organization will likely be compromised due to an endpoint or IoT-originated attack with the next 12 months.


Town of Franklin Lloses Over $500K to Phishing Scam

Permalink - Posted on 2020-10-09 16:00

Officials in Franklin have announced that the town has been the victim of a phishing scam in which over half a million dollars of town money was sent to the scammers. The scam was part of “a recent ‘spear-phishing attack,’” Town Administrator Jamie Hellen said in a news release. A total of $522,000 “was misdirected to a third party.”


Sam's Club Customer Accounts Hacked in Credential Stuffing Attacks

Permalink - Posted on 2020-10-08 17:00

Over the past two weeks, Sam's Club has started sending automated password reset emails and security notifications to customers who were hacked in credential stuffing attacks.


Massachusetts School District Shut Down by Ransomware Attack

Permalink - Posted on 2020-10-08 17:00

Springfield is the third largest school district in Massachusetts with over 25,000 students, 4,500 employees, and more than sixty schools. Due to the COVID-19 pandemic, the school district opened in a remote learning model, with a planned transition to hybrid learning towards the end of October.


ACAS X Just as Vulnerable to Spoofing as Its Predecessor

Permalink - Posted on 2020-10-08 17:00

In a paper distributed via ArXiv, computer scientists at the UK's University of Oxford and Switzerland's Federal Office for Defence Procurement analyzed the Airborne Collision Avoidance System X (ACAS X), due to be deployed on commercial aircraft in the next few years, and found that it can be manipulated by a miscreant to produce fake collision alerts that prompt pilots to take evasive action.


One-Fifth of Organizations Did Not Make Cyber Security a Priority During the Pandemic

Permalink - Posted on 2020-10-08 17:00

56% of IT and OT security professionals at industrial enterprises have seen an increase in cybersecurity threats since the start of the COVID-19 pandemic in March, a Claroty research reveals. Additionally, 70% have seen cybercriminals using new tactics to target their organizations in this timeframe.


Data from Airlink International U.A.E. Leaked on Multiple Dark Web Forums

Permalink - Posted on 2020-10-08 17:00

Airlink International U.A.E. is a leading company for any travel and logistics requirements. It has more than than 200 employees with around $250 million in revenue. The data leak is the result of a misconfigured server containing 60 directories with approximately 5,000 files each.


Indonesia Soon to Become the Fifth ASEAN Country to Adapt Data Privacy Laws

Permalink - Posted on 2020-10-08 17:00

On January 28th, Indonesia’s Ministry of Communication and Information Technology announced that the final draft for the Personal Data Protection Act has been submitted to the president of Indonesia. The PDP Draft Law is now sitting with the House of Representatives and other concerned government officials. The press has been informed that they expect the draft law to be enacted this year. Indonesia’s adaptation of the law heavily resembles the European Union’s GDPR. The draft bill accedes to almost all rights of data subjects as per the GDPR as well as the general regulations in regards to personal data processing.


Number of Corporate Credentials Exposed on the Dark Web Increased by 429%

Permalink - Posted on 2020-10-08 17:00

For a typical organization, this means there are now, on average, 17 sets of corporate credentials available on the dark web that could be used by hackers.


School Meal Payment System Wisepay Attacked

Permalink - Posted on 2020-10-08 17:00

UK cashless school payments firm Wisepay has pulled its website offline after spotting a miscreant trying to spoof its card payment page.


CPS Under Fire Again After Data Breach Cases Jump 18%

Permalink - Posted on 2020-10-08 17:00

The UK’s Crown Prosecution Service (CPS) has recorded over 1600 data breaches over the course of a year, including scores of unauthorized disclosures classed as “severe,” it has emerged. The data featured in the CPS annual report revealed a total of 1627 recorded data breaches in the 2019-20 financial year, up 18% from the previous year. These included 59 incidents that were serious enough to be reported to the Information Commissioner’s Office (ICO).


OCR Imposes $160,000 Penalty on Healthcare Provider for HIPAA Right of Access Failure

Permalink - Posted on 2020-10-08 17:00

The Department of Health and Human Services’ Office for Civil Rights has announced its 12th HIPAA penalty of 2020 and its 8th under the HIPAA Right of Access enforcement initiative that was launched in 2019. The $160,000 settlement is the largest HIPAA penalty to date for a failure to provide an individual with timely access to their requested medical records.


Office of the Comptroller of the Currency Fines Morgan Stanley $60 Million for 2016 Data Breach

Permalink - Posted on 2020-10-08 17:00

The consent order by the Comptroller of the Currency cited failures at both Morgan Stanley Bank NA and Morgan Stanley Private Bank NA related to the shutdown of two wealth management data centers and the company's use of third-party vendors to help with the closings. The OCC found that the bank did not take proper precautions in dismantling and disposing of outgoing hardware that contained sensitive customer data and failed to properly supervise the vendors Morgan Stanley tasked with wiping customer data from the old equipment before it was resold.


Hall County, Georgia Reports Ransomware Attack

Permalink - Posted on 2020-10-08 17:00

Hall County first posted a notice about a ransomware attack on October 7. Since then, they have posted updates on their site, including the restoration of their phone services. Nothing has been revealed about who the attackers might be or what any ransom demand might have been.


Dr. Lal PathLabs, One of India's Largest Blood Test Labs, Exposed Patient Data

Permalink - Posted on 2020-10-08 17:00

The lab testing giant, headquartered in New Delhi, serves some 70,000 patients a day, and quickly became a major player in testing patients for COVID-19 after winning approval from the Indian government. But the company was storing hundreds of large spreadsheets packed with sensitive patient data in a storage bucket, hosted on Amazon Web Services (AWS), without a password, allowing anyone to access the data inside.


AAA Ambulance Service Experienced Ransomware Attack

Permalink - Posted on 2020-10-07 16:00

On August 26, 2020, after thorough investigation, AAA learned that the personal information of certain individuals may have been accessed or taken during the incident.


U.K. Department for Education Fails to Meet U.K., GDPR Data Protection Standards

Permalink - Posted on 2020-10-07 16:00

In light of data protection concerns and potential violations of the EU's General Data Protection Regulation (GDPR), the ICO launched a compulsory audit into the department's data practices. The results are in and it appears the DFE has a long way to go before coming close to complying with UK protection laws. In total, 139 recommendations for improvement have been made, with over 60% classified as "urgent" or "high priority."


37% of Remote Employees Have No Security Restrictions on Corporate Devices

Permalink - Posted on 2020-10-07 16:00

ManageEngine unveiled findings from a report that analyzes behaviors related to personal and professional online usage patterns. 63% of respondents report that their organization has provided them with a corporate device to utilize while working remotely. Interestingly, 37% of those respondents also say that there are no security restrictions on these corporate devices. Therefore, risky online activities such as visiting unsecured websites, sharing personal information, and downloading third-party software could pose potential threats. For example, 54% said they would still visit a website after receiving a warning about potential insecurities. This percentage is also significantly higher among younger generations – including 42% of people 18-24 years and 40% of 25-34 years.


Comcast TV Remote Hack Opens Homes to Snooping

Permalink - Posted on 2020-10-07 16:00

A security flaw allowing attackers to remotely snoop in on victims’ private conversations was found to stem from an unexpected device – their TV remotes. The flaw stems from Comcast’s XR11, a popular voice-activated remote control for cable TV, which has more than 18 million units deployed across the U.S. The remote enables users to say the channel or content they want to watch rather than keying in the channel number or typing to search.


USPS and FedEx Phishing Attack Texts Flood Mobile Phones

Permalink - Posted on 2020-10-07 16:00

Most of these attacks attempted to steal Google account credentials, while some pointed to fake casino games. Back in February, the Federal Trade Commission issued an alert on such scams, but it wasn’t until last month that these types of texts went mainstream.


Corporate Credentials on the Dark Web Up by 429% This Year

Permalink - Posted on 2020-10-06 16:00

There has been a 429% growth in the number of corporate credentials with plaintext passwords on the dark web so far this year, according to Arctic Wolf’s 2020 Security Operations Annual Report. This amounts to an average of 17 separate sets of credentials per a typical organization, leaving businesses particularly vulnerable to account takeover attacks (ATO).


Over Half of IT and OT Professionals in Industrial Enterprises Experiencing Rise in Cyber Threats

Permalink - Posted on 2020-10-06 16:00

ver half (56%) of IT and operational technology (OT) security professionals from industrial enterprises have experienced a rise in cybersecurity threats since the start of the COVID-19 pandemic in March, with 72% finding that their jobs have become more challenging.


Canada Bombarded with COVID-19-Themed Cyber Attacks

Permalink - Posted on 2020-10-06 16:00

More than a quarter of Canadian IT workers say their organization has suffered a COVID-19-themed cyber-attack, according to a new survey. The "2020 Cybersecurity Report" released today by the Canadian Internet Registration Authority (CIRA) surveyed more than 500 Canadian IT security decision-makers to learn more about their experience with cyber-threats.


Magnolia Pediatrics and Accents on Health Suffer Ransomware Attacks

Permalink - Posted on 2020-10-06 16:00

Prairieville, LA-based Magnolia Pediatrics is notifying 12,861 patients that some of their protected health information has potentially been compromised in a ransomware attack that occurred on or around March 26, 2020.


U.N. Maritime Agency Hit by Sophisticated Cyber Attack

Permalink - Posted on 2020-10-06 16:00

The United Nations’ International Maritime Organization (IMO) last week said some of its systems were disrupted as a result of a cyberattack. IMO has not shared any technical information about the attack. It may have been a distributed denial-of-service (DDoS) attack, a ransomware attack, or a different type of breach.


Heartland Community College Experiences Cyber Attack

Permalink - Posted on 2020-10-06 16:00

Heartland Community College is working with outside consultants to address a security breach in its computer system. The college’s online operations, including classes, remained shut down on Tuesday morning as a safety measure after the college detected an outside source had compromised some of its systems on Monday, college officials said.


Cyber Attack on UJIA Centenary Event Being Investigated

Permalink - Posted on 2020-10-06 16:00

UJIA is investigating a cyber-attack which targeted its virtual centenary event last week, as it reported the incident to the regulator and Charity Commission. The British Jewish charity’s event was targeted last Wednesday evening, with hundreds of participants kicked off a video platform or prevented from joining the virtual event.


Hackers Breached Telegram, Email Accounts of 20 Israeli Crypto Execs

Permalink - Posted on 2020-10-06 16:00

Many of the executives had their Telegram apps hacked; others had their Gmail and Yahoo mail accounts breached.


Insurance firm Ardonagh Group Hit with Ransomware

Permalink - Posted on 2020-10-06 16:00

Jersey-headquartered insurance company Ardonagh Group has suffered a potential ransomware infection. Informed sources whispered to The Register that the insurance firm had been forced to suspend 200 internal accounts with admin privileges as the "cyber incident" progressed through its IT estate. The UK's second largest privately owned insurance broker, according to the Financial Times, Ardonagh Group has spent the year to date acquiring other companies. The timing of the most recent attack is unfortunate: Ardonagh recently published its financials, showing a loss of £94.m, according to reports.


Chowbus Delivery Service Breached, Hacker Emails Data to Users

Permalink - Posted on 2020-10-06 16:00

A threat actor has hacked into the Chowbus food delivery service and emailed links to the stolen data to all customers.


Ransomware Threat Surge, Ryuk Attacks About 20 Orgs per Week

Permalink - Posted on 2020-10-06 16:00

Malware researchers monitoring ransomware threats noticed a sharp increase in these attacks over the past months compared to the first six months of 2020. At the top of the list are Maze, Ryuk, and REvil (Sodinokibi) ransomware families, according to recently published data from Check Point and IBM Security X-Force Incident Response team. Both companies observed a surge in ransomware incidents at a global level between June and September, with some threats being more active than others.


HMRC Hit by Multiple Phishing and Spam Emails

Permalink - Posted on 2020-10-05 17:00

According to data obtained by think tank Parliament Street, an average of over 5000 spam, phishing and malware attacks were recorded by the organization in the three month period between June and September, while spam and junk made up the largest proportion of attacks, contributing 377,820 of the total 521,582 recorded by HMRC.


Clinical Trial Software Provider Hit with Ransomware Attack

Permalink - Posted on 2020-10-05 17:00

Philadelphia-based eResearchTechnology, a company that sells software that is used in clinical trials, including clinical trials of Covid-19 vaccines, was hit with a ransomware attack that has affected several of its clients, including at least one company running Covid-19 vaccine trials. The attack occurred on September 20, 2020 and forced some clinical trial researchers to switch to pen and paper to track their patients. While patient safety was never put at risk, the attack has had an effect on clinical trials and has slowed progress.


Chinese Hackers Steal Personal Data of Half of Taiwan's Workforce

Permalink - Posted on 2020-10-05 17:00

The data sets belonged to Taiwan's popular online job site 104 and hackers were selling the data on the dark web for $500 to $1,000 each.


Ransomware Victims Aren't Reporting Attacks to Police. That's Causing a Big Problem

Permalink - Posted on 2020-10-05 17:00

Europol's annual cyber crime report says ransomware is under-reported by victims - some of which appear to be simply hoping that nobody finds out they were a victim.


Testing Mistake Triggered Telstra Route "Hijacks"

Permalink - Posted on 2020-10-05 17:00

An erroneous bulk upload of static routes to a Telstra production network edge router was the cause of last Wednesday's internet-wide service disruption that saw data traffic take a long detour via Australia, causing performance degradation for other providers in the process. Telstra senior network engineer Mark Duffell apologised for the error, which meant that 500 internet protocol version 4 (IPv4) prefixes, or subnetworks, were advertised as belonging to Telstra.


Hackers Stole a Six-Figure Amount from Swiss Universities

Permalink - Posted on 2020-10-05 17:00

The hackers carried out spear-phishing attacks against the Swiss universities in an attempt of tricking its employees into providing their access data.


Cyber Attack Grounds Transport Malta Online Systems

Permalink - Posted on 2020-10-02 17:00

A cyber attack has shut down Transport Malta's online systems for five days and no date has been given as to when they will be back up, leaving motorists unable to renew their road licences.


Hacked Hospital Chain says All 250 U.S. Facilities Affected

Permalink - Posted on 2020-10-02 16:00

Doctors and nurses at affected hospitals and clinics, many already burdened with coronavirus care, have had to rely on manual record-keeping, with lab work slowed. Employees have described chaotic conditions impeding patient care.


Financial information and SSNs Potentially Accessed in Blackbaud Ransomware Attack

Permalink - Posted on 2020-10-02 16:00

On Wednesday, Blackbaud filed a Form 8-K with the U.S. Securities and Exchange Commission (SEC) that provides further information on the ransomware attack the company suffered in May 2020. Blackbaud explained that the forensic investigation into the breach has revealed further information was potentially compromised in the breach. For certain customers, unencrypted fields that were intended for Social Security numbers, bank account information, and usernames and passwords may also have been accessed by the hackers.


Edtech Startup Edureka Suffers Server Breach, Data of 2 Million Users Exposed

Permalink - Posted on 2020-10-02 16:00

The SafetyDetectices report mentions that the vulnerability was with Edureka’s US-based Elasticsearch server which was left unsecured, without password protection. The SafetyDetectices security research team, led by Anurag Sen is said to have found 25 gigabytes of data, containing more than 45 Mn breached records of personal data. Since some of the records were duplicated, the number of users affected by the data breach is conservatively estimated to be around 2 Mn, with most of them in India and a handful in other countries such as the US as well.


Germany Fines H&M 35 Million Euros for Data Protection Breaches

Permalink - Posted on 2020-10-01 17:00

Sweden’s H&M has been fined 35 million euros ($41 million) by the German authorities for internal data security breaches at its customer service centre in Nuremberg, the fashion retailer said on Thursday.


Click & Collect Fraud Up by 55% Following Shift to Online Shopping

Permalink - Posted on 2020-10-01 17:00

Buy online, pick-up in store fraud rose by 55% in the first half of 2020, according to the latest edition of the Forter Fraud Attack Index, published today. The study demonstrates that e-commerce is increasingly being targeted by fraudsters following the huge shift to online shopping since the start of the COVID-19 pandemic.


PHI of 26,861 Patients Potentially Compromised in Oaklawn Hospital Phishing Attack

Permalink - Posted on 2020-10-01 17:00

It is unclear when the breach was detected, but the forensic investigation revealed on July 28, 2020 that the email accounts of certain employees had been accessed by unauthorized third parties between April 14 and April 15, 2020. Access to the accounts was gained after employees responded to phishing emails and disclosed their email credentials. The breach was detected when suspicious emails were found in several employee email accounts.


InterPlanetary Storm Botnet Infects 13K Mac, Android Devices

Permalink - Posted on 2020-10-01 17:00

A new variant of the InterPlanetary Storm malware has been discovered, which comes with fresh detection-evasion tactics and now targets Mac and Android devices (in addition to Windows and Linux, which were targeted by previous variants of the malware). Researchers say, the malware is building a botnet with a current estimated 13,500 infected machines across 84 countries worldwide – and that number continues to grow. Half of the infected machines are in Hong Kong, South Korea and Taiwan. Other infected systems are in Russia, Brazil, the U.S., Sweden and China.


Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam

Permalink - Posted on 2020-10-01 17:00

Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today.


Northern California Casino Shut Down by External Computer Attack

Permalink - Posted on 2020-10-01 17:00

Northern California’s Cache Creek Casino Resort, which has been shut down since Sept. 20 because of what it called a “systems infrastructure failure,” confirmed Wednesday that its computer systems were the target of an outside attack and that the incident is under investigation.


VOXX Notifies Employees and Dependents Enrolled in Health Plan of Ransomware Attack

Permalink - Posted on 2020-10-01 17:00

On July 7, 2020, VOXX identified a security incident that resulted in data on certain devices becoming encrypted by ransomware. VOXX immediately began to investigate, a cybersecurity firm was engaged, and measures were taken to address the incident and restore operations. The investigation then determined that in the weeks before encryption of data occurred, there was unauthorized access to files saved to VOXX file servers between June 4, 2020 and July 7, 2020.


Recover Our Youth Notifies Clients and Guardians of Data Security Incident

Permalink - Posted on 2020-10-01 17:00

Recover Our Youth has posted a notice of a data security incident that does not specifically say there was a ransom demand involving exfiltrated data, but it sounds like they may have paid some ransom to get copies of data destroyed. Recover Our Youth offers residential treatment programs and group homes for behaviorally and emotionally disturbed youth and adults in South Carolina and North Carolina.


70% of Consumers Would Cut Tes with Doctors Over Unprotected Health Data

Permalink - Posted on 2020-10-01 17:00

There are growing privacy concerns among Americans due to COVID-19 with nearly 70 percent citing they would likely sever healthcare provider ties if they found that their personal health data was unprotected, a CynergisTek survey reveals.


Two Telus Health Medical Service Providers Pay Ransom After 60K Client Files Accessed

Permalink - Posted on 2020-10-01 17:00

The Medisys Health Group and its affiliate Copeman Healthcare say they paid an unspecified ransom to retrieve personal information for about 60,000 clients after detecting a security breach on Aug. 31. An email from Medisys head office in Montreal says privacy officials were notified Sept. 4, four days after the breach was discovered, and began notifying customers last week. They say hackers got demographic information, such as ages and addresses, and some personal health numbers but no financial information or Social Insurance Numbers..


People of Praise Reportedly Suffered a Data Breach Ahead of Member A.C. Barrett's SCOTUS Nomination

Permalink - Posted on 2020-09-30 17:00

On September 23, 2020, our security staff identified an incident via our website involving unauthorized access to contact information in our membership directory.


Kylie Jenner's Makeup Company Warns of Data Breach

Permalink - Posted on 2020-09-30 17:00

Kylie Jenner's makeup company has warned customers that their information may have been compromised in a recently detected security incident at a Canadian e-commerce merchant. Earlier this month, Shopify reported the theft, by members of its own support team, of transactional records belonging to up to 200 of the company's merchants. The incident, which is now under investigation by the FBI, involved two Shopify employees who no longer have access to the company's network.


Click & Collect Fraud Up by 55% Following Shift to Online Shopping

Permalink - Posted on 2020-09-30 17:00

Buy online, pick-up in store fraud rose by 55% in the first half of 2020, according to the latest edition of the Forter Fraud Attack Index, published today. The study demonstrates that e-commerce is increasingly being targeted by fraudsters following the huge shift to online shopping since the start of the COVID-19 pandemic.


Account Takeover Fraud Rates Skyrocketed 282% Over Last Year

Permalink - Posted on 2020-09-30 17:00

Account takeover (ATO) fraud attempts to steal from consumers and e-commerce merchants swelled 282% between Q2 2019 to Q2 2020, new data from digital trust and safety provider Sift finds. The ATO rate is the ratio of attempted fraudulent logins over total logins. ATO rates for physical e-commerce businesses jumped 378% since the start of the COVID-19 pandemic, Sift's Q3 2020 Digital Trust & Safety Index found. This indicates that fraudsters are leaning heavily on this attack vector to steal payment information and rewards points stored in online accounts on merchant websites, according to the company.


Anthem to Pay Nearly $40 Million to Settle Data Breach Probe by U.S. States

Permalink - Posted on 2020-09-30 17:00

Anthem Inc said on Wednesday it would pay $39.5 million as part of a settlement with U.S. states attorneys general following an investigation into a massive cyber-attack at the company in 2015. The second largest U.S. health insurer said a state sponsored criminal group had perpetrated the attack, adding that it does not believe the company had violated the law in connection with its data security.


Inspector General's Report Confirms CBP Contractor Was Hacked

Permalink - Posted on 2020-09-29 16:00

Last year, a CBP vendor suffered a data breach affecting more than 100,000 people who had crossed the border at checkpoints. The CBP refused to name the contractor involved in the breach, but internal documents indicated it was Perceptics. Perceptics provided and maintained the system that photographed cars and their occupants as they crossed the border. The vendor's involvement in the breach has now been publicly confirmed, thanks to an Inspector General's investigation of the incident. Sensitive information that was never supposed to be located on Perceptics' servers was obtained by hackers and (partially) distributed on the dark web.


Swatch Shuts Down Some Technology Systems After Cyber Attack

Permalink - Posted on 2020-09-29 16:00

Swatch Group UHR.S shut down some of its technology systems after detecting a cyberattack over the weekend, the world's biggest watchmaker said on Tuesday.


Arthur J. Gallagher Targeted in Ransomware Attack

Permalink - Posted on 2020-09-29 16:00

“We promptly took all of our global systems offline as a precautionary measure, initiated response protocols, launched an investigation, engaged the services of external cybersecurity and forensics professionals, and implemented our business continuity plans to minimize disruption to our customers,” Arthur J. Gallagher reported.


Security Lapse Exposes Hundreds of Addresses of Minnesotans Infected with COVID-19

Permalink - Posted on 2020-09-29 16:00

5 EYEWITNESS NEWS obtained internal city and state documents which show there have been numerous times, starting in August, where those protocols were not followed and the privacy of addresses of COVID-19 patients was compromised. In a letter from the Minneapolis City Attorney's Office to MDH Commissioner Jan Malcolm and DPS Commissioner John Harrington, there were serious warnings and examples of the data breach.


MU Health Care Phishing Attack Impacts 5,000 Patients

Permalink - Posted on 2020-09-29 16:00

MU Health Care in Missouri has experienced a phishing attack that saw several employee email accounts compromised between May 4 and May 6, 2020. An investigation into the breach revealed the compromised email accounts contained patient information including names, account numbers, dates of birth, health insurance information, Social Security numbers, and driver’s license numbers.


Las Vegas Students' Personal Data Leaked, Post-Ransomware Attack

Permalink - Posted on 2020-09-29 16:00

Personal information for students in the Clark County School District, which includes Las Vegas, has reportedly turned up on an underground forum, following a ransomware attack that researchers say was carried out by the Maze gang.


Flightradar24 Hit by Third Cyber Attack in Two Days

Permalink - Posted on 2020-09-29 16:00

Popular real-time flight-tracking website Flightradar24 was hit by a cyber-attack that knocked out access to its services for hours. The attack is the third the company has suffered in two days, it said. Early attempts to restore the site failed, with "significant instability due to the sustained attacks", it said. It said the Distributed Denial of Service (DDoS) attack had hit "the availability of our services" but not compromised user data.


Fashion Retailer BrandBQ Exposes Seven Million Customer Records

Permalink - Posted on 2020-09-28 16:00

A European fashion retailer has become the latest big-name brand to expose personal data on millions of its customers after misconfiguring a cloud database. Researchers at vpnMentor discovered the unencrypted Elasticsearch server on June 28 and parent company BrandBQ finally secured it around a month later, on August 20. The Krakow-based retailer operates online and physical stores across Eastern Europe, in: Poland, Romania, Hungary, Bulgaria, Slovakia, Ukraine and the Czech Republic. Its main brands are Answear and WearMedicine.com.


UHS Hospitals Hit by Reported Country-Wide Ryuk Ransomware Attack

Permalink - Posted on 2020-09-28 16:00

Universal Health Services (UHS), a Fortune 500 hospital and healthcare services provider, has reportedly shut down systems at healthcare facilities around the US after a cyber-attack that hit its network during early Sunday morning. UHS operates over 400 healthcare facilities in the US and the UK, has more than 90,000 employees and provides healthcare services to approximately 3.5 million patients each year.


Logistics Giant CMA CGM Goes Offline to Block Malware Attack

Permalink - Posted on 2020-09-28 16:00

CMA CGM S.A., a French maritime transport and logistics giant, today disclosed a malware attack affecting some servers on the edge of its network. The attack forced CMA CGM's IT teams to cut Internet access to some applications to block the malware from spreading to other network devices.


Most Canadians Reluctant to Use Businesses After Data Breach

Permalink - Posted on 2020-09-28 16:00

A data breach can have lasting impacts on a company, according to polling data. The survey of more than 2,000 people was conducted online by KPMG, a consulting firm, earlier this month. It found about 84 per cent of Canadians say they would be reluctant to do business with companies that suffer a data breach. Nearly all (90 per cent) say they are “leery” about sharing personal or financial information with any organization that had been hit by hackers. Of those surveyed, roughly one-quarter of them report their login credentials being stolen from a trusted site.


20% of Remote Staff Have Downloaded Company Data on Personal Devices

Permalink - Posted on 2020-09-28 16:00

One in five (20%) UK employees have downloaded commercially sensitive or confidential company files on a personal device whilst working from home, a new study from gadget insurance firm Protect Your Bubble has found. What is more, of these respondents, 40% admitted that there was either no password protection or up-to-date security installed on these devices, which include desktops, laptops, tablets or smartphones. A further 7% had neither.


$150 Million Stolen From Singaporean Crypto-Exchange KuCoin

Permalink - Posted on 2020-09-28 16:00

The exchange announced that it identified a number of large withdrawals in Bitcoin, ERC-20 and other tokens from its hot wallets, and that it launched an investigation into the matter, while suspending the deposit and withdrawal service.


Data Security Incident Shuts Down Montgomery, TN County's Computer Network

Permalink - Posted on 2020-09-28 16:00

Montgomery County’s government networks were taken down over the weekend during a “data security incident” that started on Friday. While several websites were accessible to the public on Sunday, they had limited functionality.


Legal Action Underway Over University of Cumbria Data Breach

Permalink - Posted on 2020-09-25 16:00

Students, staff and partners of universities across the UK who may have had their personal details leaked online are preparing to take legal action against the organisations amidst concerns that more should have been done to protect their data. Confidential information including names, dates of birth, addresses, phone numbers and email addresses are thought to have been stolen by hackers in the ransomware attack which took place this year on Blackbaud – a cloud computing provider that serves non-profits, foundations, corporations, education institutions and healthcare organisations.


Premera Blue Cross Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People

Permalink - Posted on 2020-09-25 16:00

HHS has announced another big settlement and corrective action plan. This one stems from a hack of Premera Blue Cross (PBC) in 2014 that went undetected until March of 2015. DataBreaches.net had covered this incident at the time and the follow-ups that included a class action lawsuit that settled, a settlement with state attorneys general, and news that federal auditors had warned Premera of security issues three weeks before the hack. Not surprisingly, the settlement starts out by noting the entity’s failure to perform a risk assessment, and that becomes the first element in the corrective action plan.


Nebraska Medicine Was Vctim of Cyber Attack

Permalink - Posted on 2020-09-25 16:00

Nebraska Medicine confirmed Thursday night that it was the victim of a cyber attack. The attack caused a significant downtime for its information technology system, leading to many postponed appointments throughout the week.


Slew of Lawsuits Filed Over Recent Healthcare Data Breaches

Permalink - Posted on 2020-09-25 16:00

Individuals impacted by the recent data breaches at Blackbaud, Assured imaging, and BJC Healthcare have taken legal action over the exposure and theft of their personal and protected health information.


Elderly People in the U.K. Lost Over £4m to Cybercrime Last Year

Permalink - Posted on 2020-09-25 16:00

A freedom of information (FOI) request submitted by the charity to the UK’s national fraud reporting center, Action Fraud, showed that the police received 4173 reports of cybercrime from people aged 55+ from April 2018 to March 2019. Of those that became victims, a total loss of just over £4m was recorded. Those in this age group represented 19% of the overall number of reported cybercrime victims in this period.


Government Software Provider Tyler Technologies Hit by Possible Ransomware Attack

Permalink - Posted on 2020-09-24 16:00

Tyler Technologies, a major Texas-based provider of software and services for the U.S. government, started informing customers on Wednesday of a security incident that is believed to have involved a piece of ransomware.


Data Breach at New York Sports Clubs Owner Exposed Customer Data

Permalink - Posted on 2020-09-23 16:00

Town Sports International, the parent company of New York Sports Clubs and Christi’s Fitness gyms, is mopping up after a security lapse exposed customer data. Security researcher Bob Diachenko received a tip from a contact, Sami Toivonen, about an unprotected server containing almost a terabyte of spreadsheets representing years of internal company data, including financial records and personal customer records. But because there was no password on the server, anyone could access the files inside. The server was exposed for almost a year, Diachenko told TechCrunch.


Bit-and-Piece DDoS Attacks Increased 570% in Q2 2020

Permalink - Posted on 2020-09-23 16:00

Analysts witnessed attacks using much smaller sizes—more than 51% of bit-and-piece attacks were smaller than 30Mbps—to force communications service providers (CSPs) to subject entire networks of traffic to risk mitigation. This causes significant challenges for CSPs and typical threshold-based detection, which is unreliable for pinpointing the specific attacks to apply the correct mitigation.


Shopify says Customer Data Likely Exposed as Employees Accessed Records

Permalink - Posted on 2020-09-23 16:00

Shopify Inc said on Tuesday data of customers who shopped at fewer than 200 merchants listed on the company’s e-commerce platform was likely exposed after two employees tried to steal transaction records. The data exposed includes email, name, and address, as well as order details, but does not involve complete payment card numbers or financial information, the Canadian company said.


eBay Execs to Plead Guilty to Cyber-Stalking

Permalink - Posted on 2020-09-23 16:00

Four former eBay executives accused of cyber-stalking and intimidating a Massachusetts couple are to admit their guilt before a court next month.Horrific parcels sent to the couple included a bloody pig mask, live spiders and cockroaches, a book on surviving the death of a spouse, and a wreath of funeral flowers. In addition, pornographic magazines addressed to the husband were received by one of the couple's neighbors. The four defendants due to plead guilty in October are among six former senior employees of the American multinational e-commerce corporation who were charged in June with carrying out the terrifying cyber-campaign.


Business Associate Fined $2.3 Million for Breach of 6 Million Records and Multiple HIPAA Failures

Permalink - Posted on 2020-09-23 16:00

The Department of Health and Human Services’ Office for Civil Rights has announced its 10th HIPAA violation fine of 2020. This is the 7th financial penalty to resolve HIPAA violations that has been announced in as many days.


St. Clair County Is Latest Victim of Cyber Attack

Permalink - Posted on 2020-09-23 16:00

The attack will cause some inconveniences for the general public over the upcoming days, but county leaders and its professionals are working closely with cyber-security specialists to restore the county to a fully functioning environment.


Just 13% of SMEs Have Cyber Insurance

Permalink - Posted on 2020-09-22 16:00

Less than 13% of small and medium-sized businesses (SMBs) have cyber-insurance, potentially leaving large numbers exposed to the serious financial impact of online attacks, according to GlobalData.


Data Breach at Long Island Hospital

Permalink - Posted on 2020-09-22 16:00

Long Island's only tertiary care center and Regional Trauma Center has issued a warning to patients that their personal data may have been exposed as a result of a ransomware attack.


Details of 540,000 Sports Referees Taken in Ransomware Attack

Permalink - Posted on 2020-09-22 16:00

In a data breach notification letter filed with multiple states across the US [1, 2], the company said that despite detecting and blocking the hackers from encrypting its files, the intruders managed to steal a copy of its backups. This backup contained data from ArbiterGame, ArbiterOne, and ArbiterWorks — three of the web applications used by schools and sports leagues to assign and manage the schedules and training programs of referees and game officials.


Microsoft Leaves Entire Bing Search Engine Log File Storage Open for Public Access

Permalink - Posted on 2020-09-22 16:00

Microsoft has suffered a rare cyber-security lapse earlier this month when the company's IT staff accidentally left one of Bing's backend servers exposed online. The server was discovered by Ata Hakcil, a security researcher at WizCase, who exclusively shared his findings with ZDNet last week. According to Hakcil's investigation, the server is believed to have exposed more than 6.5TB of log files containing 13 billion records originating from the Bing search engine. The Wizcase researcher was able to verify his findings by locating search queries he performed in the Bing Android app in the server's logs.


Only 44% of Healthcare Providers Conform to Protocols Outlined by the NIST CSF

Permalink - Posted on 2020-09-22 16:00

Analysts examined nearly 300 assessments of provider facilities across the continuum, including hospitals, physician practices, ACOs and Business Associates. The report also found that healthcare supply chain security is one of the lowest ranked areas for NIST CSF conformance. This is a critical weakness, given that COVID-19 demonstrated just how broken the healthcare supply chain really is with providers buying PPE from unvetted suppliers.


Ray-Ban Owner Luxottica Reportedly Hit with Cyber Attack

Permalink - Posted on 2020-09-22 16:00

Italy-based eyewear and eyecare giant Luxottica has reportedly suffered a cyberattack that has led to the shutdown of operations in Italy and China.


Kentucky Unemployment Breach: Legal Misinterpretation to Blame for Delay in Reporting

Permalink - Posted on 2020-09-21 16:00

An inspector general report has found there were "unacceptable" delays in reporting an April security breach of Kentucky's unemployment system but that residents' personal information doesn't appear to have been misused. The report primarily blames the month-long delay in reporting the breach on current legal staff who relied on a holdover procedure from the previous administration that misinterpreted state law governing when breaches need to be reported. Under state law, security breaches are required to be reported within 72 hours.


U.K. Home Office Data Loss Incidents Surge by 120%

Permalink - Posted on 2020-09-21 16:00

Figures from the Home Office’s Annual Report and Accounts 2019-20 that were compiled by the think tank Parliament Street showed that there were 4204 individual incidents in 2019-20 compared to 1895 in 2018-19. The most common type of data loss in the last financial year was inadequately protected electronic equipment, devices or paper documents from outside secured government premises, with 2404 incidents occurring in 2019-20, representing a 242% increase on the previous year. This was followed 946 incidents of lost electronic equipment or documents from secured government premises, a rise of 552% from the 145 recorded in 2018-19.


Systemic Noncompliance with HIPAA Results in $1.5 Million Financial Penalty for Athens Orthopedic Clinic

Permalink - Posted on 2020-09-21 16:00

The HHS’ Office for Civil Rights has announced a settlement has been reached with Athens Orthopedic Clinic PA to resolve multiple violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules.


Attack on Ontario's Nurses College Puts at Risk Personal Information of Nearly 190,000 Individuals

Permalink - Posted on 2020-09-21 16:00

The College of the Nurses of Ontario (CNO) has recently announced that it has been dealing with a cyberattack that has forced the nurses’ regulatory body to shut down its services. Moreover, a list of stolen CNO document files has surfaced on the dark web. The perps gave the college 12 days to respond to their demands and avoid the publication of stolen information.


University of Tasmania Students' Personal Information Exposed in Email Bungle

Permalink - Posted on 2020-09-21 16:00

The University of Tasmania has apologised after an email bungle released almost 20,000 students’ personal details to its entire faculty. The data leak, which contained personally identifiable information, was made accessible to all users with a utas.edu.au email address.


Hackers Leak Details of 1,000 High-Ranking Belarus Police Officers

Permalink - Posted on 2020-09-21 16:00

A group of hackers has leaked on Saturday the names and personal details of more than 1,000 high-ranking Belarusian police officers in response to violent police crackdowns against anti-government demonstrations. The leaked data included names, dates of birth, and the officers' departments and job titles.


ATO Declines to Fix Code Replay Flaw Within myGovID

Permalink - Posted on 2020-09-21 16:00

Security researchers advise users to not use the system until it is patched, and given the taxation office's response, that could be a long time coming.


500,000 Activision Games Customers Have Data Exposed in Attack

Permalink - Posted on 2020-09-21 16:00

According to reports, more than 500,000 Activision accounts may have been hacked with login data being compromised. The eSports site Dexerto has reported that a data breach occurred on Sunday, September 20. The credentials to access these accounts are, Dexerto said, being leaked publicly, and account details changed to prevent easy recovery by the rightful owners. Activision accounts are mostly used by players of the hugely popular Call of Duty franchise.


University of Missouri Health Care Email Hack Exposes Info. of 5,000 Patients

Permalink - Posted on 2020-09-21 16:00

Patient information in the compromised email accounts included names, birth dates, medical record numbers and health insurance and procedure data. Social Security numbers of some patients were in the email accounts.


Patient Breach Victims File Lawsuits Against Assured Imaging, BJC Health

Permalink - Posted on 2020-09-21 16:00

On August 26, Arizona-based Assured Imaging, a mobile digital mammography provider, began notifying 244,813 patients that their data was potentially breached after a ransomware attack, which lasted from May 15 to May 17. In the process, patient data was exfiltrated. But the investigation could not determine just what data was stolen. A review of all impacted systems found that the hacker could have accessed patient names, contact details, medical histories, patient IDs, provided services, testing recommendations, and other sensitive information.


32 Million Americans (14%) Have Been Victims of New Account Fraud in Only Four Months

Permalink - Posted on 2020-09-21 16:00

A new study by IDology captures the impact of increasing fraud complexity and changing consumer behavior in new research comparing data among a representative sample of online American adults collected in March 2020 and July 2020. Rapid rise in fraud: Fraud is growing at a faster rate. 32 million Americans (14%) have been victims of new account fraud in only four months compared to (19%) in the 12 months leading up to COVID-19.


Health Care Patient, Donor Data May Have Been Breached in Blackbaud Attack

Permalink - Posted on 2020-09-18 16:00

Patients and donors to at least four different health care providers in Minnesota are being notified that their personal information may have been compromised. The potential data breach involves hundreds of thousands of patients and donors at Children’s Minnesota, Allina Health, Regions Hospital and Gillette Children’s Specialty Healthcare. The hack is part of a ransomware attack on a cloud computing company called Blackbaud, which manages databases for a number of nonprofits.


Chinese Hackers "Stole Data from Spanish Vaccine Labs"

Permalink - Posted on 2020-09-18 16:00

Chinese hackers have stolen information from Spanish laboratories working on a vaccine for Covid-19. Spain's secret service chief Paz Esteban said hackers had mounted "a particularly virulent campaign targeting laboratories working on the search for a vaccine" not only in Spain but elsewhere. Speaking to journalists on Thursday, Esteban who heads the CNI intelligence services, said there had been a "qualitative and quantitative" increase in attacks during lockdown, with hackers targeting "sensitive sectors such as healthcare and pharmaceuticals".


Leading U.S. Laser Developer IPG Photonics Hit with Ransomware

Permalink - Posted on 2020-09-18 16:00

IPG Photonics, a leading U.S. developer of fiber lasers for cutting, welding, medical use, and laser weaponry has suffered a ransomware attack that is disrupting their operations.


Glow Inc. Settles Consumer Privacy Violation with California AG

Permalink - Posted on 2020-09-18 16:00

alifornia Attorney General Xavier Becerra today announced a landmark settlement against Glow, Inc. (Glow), a technology company that operates a fertility-tracking mobile app that stores personal and medical information. The settlement, which is subject to court approval, resolves the Attorney General’s investigation of Glow's app for serious privacy and basic security failures that put women’s highly-sensitive personal and medical information at risk. In addition to a $250,000 civil penalty, the settlement includes injunctive terms that require Glow to comply with state consumer protection and privacy laws, and a first-ever injunctive term that requires Glow to consider how privacy or security lapses may uniquely impact women.


Patient Dies After Ransomware Attack Reroutes Her to Remote Hospital

Permalink - Posted on 2020-09-17 17:00

A woman seeking emergency treatment for a life-threatening condition died after a ransomware attack crippled a nearby hospital in Duesseldorf, Germany, and forced her to obtain services from a more distant facility.


Universities Face Increase in Ransomware Attacks as Students Return

Permalink - Posted on 2020-09-17 17:00

According to an alert issued by the National Cyber Security Centre (NCSC) there has been a recent spike in ransomware attacks against UK schools, colleges and universities. It claimed that, in recent incidents, it has observed remote desktop protocols and unpatched software and hardware being utilized, as well as attackers using phishing emails to deploy ransomware. Attackers have also sabotaged backup or auditing devices to make recovery more difficult, encrypted entire virtual servers and used scripting environments (including PowerShell) to deploy tooling or ransomware


DDoS Attacks Rise in Intensity, Sophistication and Volume

Permalink - Posted on 2020-09-17 17:00

There have been significant shifts in DDoS attack patterns in the first half of 2020, a Neustar report reveals. There has been a 151% increase in the number of DDoS attacks compared to the same period in 2019. These included the largest and longest attacks that Neustar has ever mitigated at 1.17 Terabits-per-second (Tbps) and 5 days and 18 hours respectively.


German Shopping Site Exposes Data of Over 500,000 Customers

Permalink - Posted on 2020-09-17 17:00

The company in the discussion is German shopping giant Windeln.de who did not secure its database despite being alerted by researchers.


U.S. Staffing Firm Hit by Ransomware Again

Permalink - Posted on 2020-09-16 16:00

One of the largest IT staffing companies in America has been hit by a second ransomware attack in nine months. At the start of September, Artech Information Systems disclosed a data breach caused by a ransomware attack perpetrated between January 5 and 8, 2020.


Attacks on Mid-Market Organizations Soar

Permalink - Posted on 2020-09-16 16:00

According to global data gathered by specialist insurer Beazley Group, middle-market organizations have been especially hard hit by online social engineering attacks. Of all the social engineering attacks reported to Beazley Breach Response (BBR) Services globally in Q2 2020, 60% of organizations targeted were in the middle market (defined as over $35m in annual revenue), up from 46% in Q1. In more than 80% of the incidents reported, the attack was stymied before a direct financial loss occurred. Fraudulent instruction attacks also primarily hit middle-market organizations, which were the target in 55% of incidents, compared to 24% in Q1.


Lawsuit Filed Against Warner Music Group Over Data Breach

Permalink - Posted on 2020-09-16 16:00

A lawsuit has been filed against Warner Music Group following the disclosure of a data breach that compromised customers' sensitive personal information. Warner notified customers of a breach earlier this month after discovering a number of its e-commerce websites had fallen victim to a prolonged skimming attack.


U.S. House Passes IoT Cyber Security Bill

Permalink - Posted on 2020-09-16 16:00

First introduced in 2017 and reintroduced in 2019, the IoT Cybersecurity Improvement Act will now have to pass the Senate before it can be signed into law by the president.


Floral Park-Bellerose School District Hit with Ransomware Attack

Permalink - Posted on 2020-09-16 16:00

Floral Park-Bellerose school district officials announced at their Board of Education meeting Monday that the district’s computer system had been infected with a type of malware known as “ransomware,” impeding its progress in delivering virtual education to students.


Dunkin' Donuts Settles Data Breach Lawsuit

Permalink - Posted on 2020-09-16 16:00

Dunkin' Donuts today settled a lawsuit in which it was accused of hushing up the fact hackers siphoned its customers' personal information from its systems in 2015. The US coffee-and-pastry slinger will refund said customers as part of an agreement [PDF] that will end a lawsuit brought against it by New York. The US state claimed Dunkin failed to warn its sugar addicts that miscreants had gained access to their DD accounts, downloaded their details, and sold them on underground internet forums. That information included their Dunkin' loyalty card details, which miscreants could use to buy stuff from the coffee houses using money stored on the cards. In addition to refunding its sugar addicts for fraudulent charges made to their cards, Dunkin will pay New York $650,000 and agree to the standard "we won't let this happen again" promise.


University Hospital New Jersey Hit by SunCrypt Ransomware, Data Leaked

Permalink - Posted on 2020-09-16 16:00

University Hospital New Jersey (UHNJ) has suffered a massive 48,000 document data breach after a ransomware operation leaked their stolen data. Established in 1994, the University Hospital is a New Jersey state-owned teaching hospital that provides medical care to residents. The hospital runs on a $626 million budget and has over 3,500 employees, 519 licensed beds, and over 172,000 annual outpatient visits.


More Cyberattacks in the First Half of 2020 Than in All of 2019

Permalink - Posted on 2020-09-16 16:00

A study by CrowdStrike of recent threat activity on networks belonging to its customers showed more intrusion attempts in the first six months of this year than in all of 2019. The security vendor's threat-hunting team blocked some 41,000 potential intrusions just between Jan. 1 and June 30 this year compared with 35,000 for all of last year. Incidents of hands-on-keyboard intrusions in the first six months of 2020 — where a threat actor is actively engaged in malicious activity — was some 154% higher than the number of similar instances that CrowdStrike's researchers observed in 2019.


JIA Computer System Infiltrated in Ransomware Attack

Permalink - Posted on 2020-09-16 16:00

Jekyll Island Authority fell victim last week to a ransomware attack that has since been mostly addressed. JIA Executive Director Jones Hooks informed the authority’s board at its monthly meeting Tuesday that JIA computer systems were infected by a ransomware attack designed to damage or gain unauthorized access to the system.


European Police Malware Could Harvest GPS, Messages, Passwords, More

Permalink - Posted on 2020-09-15 16:00

The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest "all data stored within the device," and was expected to include chat messages, geolocation data, usernames, passwords, and more, according to a document obtained by Motherboard.


Magento Online Stores Hacked in Largest Campaign to Date

Permalink - Posted on 2020-09-15 16:00

Almost 2,000 Magento stores have been compromised over the weekend in the largest hacking campaign since 2015.


Research Finds Nearly 800,000 Access Keys Exposed Online

Permalink - Posted on 2020-09-15 16:00

When AWS keys were exposed in GitHub repositories, GitHub responded by invalidating those keys. Researchers at Digital Shadows have found that this proper action doesn't end the issue of exposed keys as they have found almost 800,000 keys available on the Web. The researchers searched approximately 150 million entities across GitHub, GitLab, and Pastebin during a 30-day period in August and September to find the roughly 800,000 keys. They discovered that more than 40% of the keys were database keys while 38% were for cloud services. Redis was the most common database involved, while Google Cloud API was the most common cloud service key.


Unsecured Chinese Database Leaks 2.4 Million Peoples' Information

Permalink - Posted on 2020-09-15 16:00

A US academic has revealed the existence of 2.4-million-person database he says is compiled by a Chinese company known to supply intelligence, military, and security agencies. The academic alleges the purpose of the database is enabling overseas influence operations to be conducted against prominent or influential people outside China.


Wales says Personal Data of 18,000 COVID Patients Accidentally Published

Permalink - Posted on 2020-09-15 16:00

The data breach was a result of individual human error, the public health body said, adding that it had commissioned an external investigation into the data breach and taken steps to prevent any similar incident.


Department of Veteran Affairs Discloses Breach Impacting 46,000 Veterans

Permalink - Posted on 2020-09-15 16:00

The Department of Veterans Affairs (VA) has disclosed today a security breach during which the personal information of around 46,000 veterans was obtained by a malicious third-party. Officials said the breach took place after "unauthorized users" accessed an online application managed by the VA Financial Services Center (FSC). The VA said the hackers used "social engineering techniques" and exploited the "authentication protocol" to gain access to the FSC app and then divert VA payments intended for healthcare providers for the­ medical treatment of US veterans


39% of Employees Access Corporate Data on Personal Devices

Permalink - Posted on 2020-09-14 16:00

The Head in the Clouds study, which surveyed more than 13,000 remote workers globally, found that many of the personal devices used to access company data were not as secure as their corporate equivalents.


Bill Requiring Notification of Security Breaches Compromising Personal Information Approved

Permalink - Posted on 2020-09-14 16:00

The Senate Communications & Technology Committee approved a bill requiring timely public notification when a security breach compromises personal information, according to Senator Dan Laughlin, prime sponsor of the bill. Senate Bill 487 updates the Breach of Personal Information Notification Act to require state agencies victimized by a breach involving personally identifiable information to report the incident to those affected within seven days.


Leaky Server Exposes Users of Dating Site Network

Permalink - Posted on 2020-09-14 16:00

Personal details of hundreds of thousands of dating site users were temporarily exposed online earlier this month.


Development Bank of Seychelles Hit by Ransomware

Permalink - Posted on 2020-09-14 16:00

The Central Bank of Seychelles (CBS) on Friday announced that the network of the Development Bank of Seychelles (DBS) was recently targeted in a ransomware attack.


U.S. Staffing Firm Artech Suffers Data Breach, Delays Reporting

Permalink - Posted on 2020-09-14 16:00

Artech Information Systems, a minority- and women-owned diversity supplier and one of the largest IT staffing companies in the U.S., has disclosed a data breach exposing personal, financial, and health information of some of its clients. Notably, the attack occurred in January, eight months ago.


Staples Discloses Data Breach Exposing Customer Information

Permalink - Posted on 2020-09-14 16:00

Giant office retail company Staples informed some of its customers that data related to their orders has been accessed without authorization.


Virginia's Largest School System Hit with Ransomware

Permalink - Posted on 2020-09-14 16:00

Fairfax County Public Schools (FCPS), the largest school system in Virginia, is investigating a cyberattack on its technology systems. Ransomware group Maze has claimed responsibility.


Ransomware Hits U.S. District Court in Louisiana

Permalink - Posted on 2020-09-14 16:00

The ransomware attack has exposed internal documents from the court and knocked its website offline.


U.S. Court Documents Published in Ransomware Attack

Permalink - Posted on 2020-09-11 15:00

Attackers claim to have successfully targeted the Fourth Judicial District Court of Louisiana with a ransomware strain known as Conti, first detected in the wild in December 2019. The malware has been observed to use the same ransom note deployed by the Ryuk crypto-malware family, and code similarities have been spotted between the two ransomware strains.


Travel Industry Giants Failed to Secure their Websites Despite High-Profile Data Breaches

Permalink - Posted on 2020-09-11 15:00

Major airlines and hotel chains have failed to secure their online platforms even after previous data breaches and cyberattacks exposed information of millions of customers’ and drew fines from privacy regulators. That’s the conclusion of an investigation by Which?, which found hundreds of data security vulnerabilities on popular travel companies including Marriott, British Airways, and EasyJet, all of who have previously suffered a severe data breach.


Razer Gaming Fans Caught Up in Data Leak

Permalink - Posted on 2020-09-11 15:00

An estimated 100,000 customers of Razer, a purveyor of high-end gaming gear ranging from laptops to apparel, have had their private info exposed, according to a researcher. Security consultant Bob Diachenko ran across a misconfigured Elasticsearch cloud cluster that exposed a segment of Razer’s infrastructure to the public internet, for anyone to see. It contained a raft of information of use to cybercriminals, including full name, email, phone number, customer internal ID, order number, order details, billing and shipping address.


Japan Regulator Is Set to Ask Nomura to Report on Data Leak

Permalink - Posted on 2020-09-11 15:00

Japan’s Financial Services Agency is set to order Nomura Holdings Inc. to submit a report on how client information was leaked to a rival firm, a person with knowledge of the matter said. The regulator has asked Nippon Institutional Securities Co., the company that received the information from a Nomura employee, to provide a separate report, the person said, asking not to be identified because the matter is confidential.


Development Bank of Seychelles Hit by Ransomware Attack

Permalink - Posted on 2020-09-11 15:00

DBS was founded in 1977 as a joint venture by the Seychelles government and several other shareholders including the European Investment Bank, Standard Chartered Bank, Barclays Bank, Deutsche Investitions und Entwicklungsgesellschaft (DEG), and Caisse Francaise de Cooperation.


SoftServe Hit by Ransomware, Windows Customization Tool Exploited

Permalink - Posted on 2020-09-11 15:00

Ukrainian software developer and IT services provider SoftServe suffered a ransomware attack on September 1st that may have led to the theft of customers' source code.


Nine Out of Ten IT Pros Have Experienced a Data Breach

Permalink - Posted on 2020-09-10 17:00

Exonar, has today published research revealing that 94 percent of IT pros have experienced a data breach, and an overwhelming majority (79 percent) are worried that their current organization could be next.


Portland Adopts Strictest Facial Recognition Ban in Nation to Date

Permalink - Posted on 2020-09-10 17:00

The Portland City Council voted on two ordinances related to facial recognition: one prohibiting use by public entities, including the police, and the other limiting its use by private entities. Both measures passed unanimously, according to local NPR and PBS affiliate Oregon Public Broadcasting.


Inova Suffers Third-Party Data Breach Affecting 1.5 Million Patients

Permalink - Posted on 2020-09-10 17:00

Inova Health Systems has notified customers that it was hit by a ransomware attack through a third-party vendor. Blackbaud, a vendor that provides fundraising support to nonprofit organizations, was itself hit by an attack that resulted in Inova data being exfiltrated from the Blackbaud servers.


Eterbase Crypto Exchange Attacked and Hot Wallets Fully Emptied

Permalink - Posted on 2020-09-10 17:00

In its official announcement, the exchange has also confirmed assets worth approximately $5.4 million were stolen.


Leading U.S. Video Delivery Provider Confirms Ransomware Attack

Permalink - Posted on 2020-09-10 17:00

SeaChange International, a US-based leading supplier of video delivery software solutions, has confirmed a ransomware attack that disrupted its operations during the first quarter of 2020.


Data Center Giant Equinix Discloses Ransomware Incident

Permalink - Posted on 2020-09-10 17:00

Equinix, one of the world's largest providers of on-demand colocation data centers, has disclosed today a security breach. In a short statement published on its website, Equinix said it found ransomware on its internal systems.


Ransomware Accounted for 41% of All Cyber Insurance Claims in H1 2020

Permalink - Posted on 2020-09-10 17:00

In the first half of 2020 alone, we observed a 260% increase in the frequency of ransomware attacks amongst policyholders, with the average ransom demand increasing 47%. Cyber insurance claims ranged in size from $1,000 to well over $2,000,000 per security incident.


Thailand: Ransomware Attack on Saraburi Hospital

Permalink - Posted on 2020-09-09 15:00

The director of Saraburi Hospital on Wednesday confirmed the hospital computer system had been attacked with ransomware, but said no demand for money was received. Patients were being advised to bring their own medical records and old medicine packaging with them if they visit the hospital.


Up to 308,000 Patients Potentially Affected by Baton Rouge Clinic Ransomware Attack

Permalink - Posted on 2020-09-09 15:00

The Baton Rouge Clinic in Louisiana experienced a cyberattack in early July that took its email and phone system out of action and limited its lab and radiology services. The cyberattack, which involved ransomware, took certain systems out of action for several weeks. It is now two months after the attack and the external email system is still not working.


Businesses Fear Insider-Enabled Data Breaches

Permalink - Posted on 2020-09-09 15:00

Businesses fear suffering a data breach and expect it to be caused by an insider or internal error. A survey of 500 IT professionals by Exonar found that 94% of respondents have experienced a data breach, and 79% were worried their organization could be next.


A Data Fail Left Banks and Councils Exposed by a Quick Google Search

Permalink - Posted on 2020-09-09 15:00

Details of more than 50,000 letters sent by banks and local authorities were left online for anyone to see.


PHI of Almost 140,000 Individuals Potentially Compromised in Imperium Health Phishing Attack

Permalink - Posted on 2020-09-08 17:00

Imperium Health Management, a Louisville, KY-based provider of development services to Accountable Care Organizations (ACOs), is notifying 139,114 individuals that some of their protected health information was potentially compromised in a recent phishing attack.


Webmaster Forum Database Exposed Data of 800,000 Users

Permalink - Posted on 2020-09-08 17:00

On July 1, the WebsitePlanet research team and cybersecurity researcher Jeremiah Fowler uncovered an unsecured Elasticsearch database containing over 62 million records. In total, data belonging to 863,412 Digital Point users was included in the leak.


Chilean Bank Shuts Down All Branches Following Ransomware Attack

Permalink - Posted on 2020-09-08 17:00

Details about the attack have not been made public, but a source close to the investigation told ZDNet that the bank's internal network was infected with the REvil (Sodinokibi) ransomware.


143mn Windows Malware Hit Consumer Smart Devices in Q2

Permalink - Posted on 2020-09-08 17:00

According to researchers at cybersecurity firm Quick Heal, attackers are still using COVID-19 as bait to drop malicious payloads to consumer devices, usually in the form of phishing emails that contain infected attachments.


City of Hartford Postpones First Day of School After Ransomware Attack

Permalink - Posted on 2020-09-08 17:00

Ransomware attack impacted the IT system that the school district uses to manage school buses and transportation routes.


Israel's Tower Semi Halts Some Operations After Cyber Attack

Permalink - Posted on 2020-09-08 17:00

Israeli chip manufacturer Tower Semiconductor said on Sunday some of its systems were hit by a cyberattack and as a result, it was putting on hold some servers and manufacturing operations.


Service NSW Reveals 738GB of Customer Data Was Stolen During Email Breach

Permalink - Posted on 2020-09-08 17:00

Service NSW has revealed that the personal information of 186,000 customers was stolen because of a cyber attack earlier this year on 47 staff email accounts.


DDoS Attacks on Virtual Education Rise 350%

Permalink - Posted on 2020-09-04 16:00

Distributed denial of service (DDoS) attacks against online educational resources are over three times more prevalent in 2020 than they were last year, according to new research by Kaspersky.


Assured Imaging Ransomware Attack Affects Almost 245,000 Patients

Permalink - Posted on 2020-09-04 16:00

Tucson, AZ-based Assured Imaging, a subsidiary of Rezolut Medical Imaging and provider of Health Screening and Diagnostic Services, has announced it has suffered a ransomware attack that resulted in the encryption of its medical record system.


Blackbaud Data Breach Healthcare Victim Count Rises to Almost 1 Million

Permalink - Posted on 2020-09-04 16:00

The number of healthcare providers confirmed to have been affected by the Blackbaud ransomware attack and data breach is growing, with a further four healthcare providers issuing breach notifications in the past few days.


Cyber Attack on Lugar Laboratory in Georgia Confirmed

Permalink - Posted on 2020-09-04 16:00

A cyber attack has been carried out on the Georgian Ministry of Health and the Lugar laboratory. The Ministry of Internal Affairs says the cyberattack was executed on the territory of a neighboring country. Some of the stolen documents have been uploaded to a foreign website and are available to the general public.


Warner Music Discloses Months-Long Web Skimming Incident

Permalink - Posted on 2020-09-04 16:00

Music recording powerhouse Warner Music Group has disclosed today a security incident that involved some of the company's online stores. Called "web skimming" or "magecart," this type of attack happens when hackers take control over a website and insert malicious code that logs customer details entered inside payment forms.


Australia says Cyber Attacks Rise, Cites 4,500 Hacking Attempts in One Day

Permalink - Posted on 2020-09-04 16:00

Cyber attacks against Australia have increased in frequency in recent months, Defence Minister Linda Reynolds said on Friday, as the country released its first cybersecurity threat report which cited 4,500 hacking attempts in one day.


Northumbria Uni Campus Closed After Serious Cyber Attack

Permalink - Posted on 2020-09-03 17:00

Northumbria University is still reeling from a cyber-attack which forced it to reschedule exams and close its entire campus in Newcastle-Upon-Tyne.


U.S. Surveillance Exposed by Snowden Ruled Unlawful

Permalink - Posted on 2020-09-03 17:00

A surveillance program undertaken by America's National Security Agency has been ruled unlawful.The program involved the collection of data from the private phone records of millions of Americans. It was exposed by whistleblower Edward Snowden, whose revelations were published by the Guardian newspaper. Intelligence leaders who publicly defended the program have now been classed as liars following a ruling by the US Court of Appeals.


One Year Compliance Deadline for New Children's Code

Permalink - Posted on 2020-09-03 17:00

Online service providers, app developers and other relevant businesses have one year to comply with a new statutory code introduced on Wednesday to help protect children’s privacy. The Age Appropriate Design Code or Children’s Code will apply to any business providing “online services and products” likely to be used by UK youngsters under 18, according to the Information Commissioner’s Office (ICO).


56,000 Northwestern Memorial HealthCare Donors Impacted by Blackbaud Ransomware Attack

Permalink - Posted on 2020-09-03 17:00

Northwestern Memorial HealthCare has discovered the personal information of individuals who had previously made donations to Northwestern Memorial HealthCare was potentially compromised in the recent Blackbaud ransomware attack. An unauthorized individual first gained access to Blackbaud systems on February 7, 2020, with the access possible until May 20,2020 when ransomware was deployed.


Jewish Federation of Greater Washington Reports $7.5 Million Hack

Permalink - Posted on 2020-09-03 17:00

CEO Gil Preuss announced the hack to employees in a virtual call Wednesday morning, saying the initial attack targeted an employee using a personal computer while working from home.


The Cost of an Insider Attack Is as Much as $2 Million

Permalink - Posted on 2020-09-03 17:00

Employees, whether careless or malicious, can pose a great risk to organizations, a Bitglass survey reveals. 61% of survey respondents reported at least one insider attack over the last 12 months (22% reported at least six separate attacks).


Hackers Are Exploiting a Critical Flaw Affecting >350,000 WordPress Sites

Permalink - Posted on 2020-09-03 16:00

Hackers are actively exploiting a vulnerability that allows them to execute commands and malicious scripts on Websites running File Manager, a WordPress plugin with more than 700,000 active installations, researchers said on Tuesday.


55% of Cyber-Squatted Domains Are Malicious or Potentially Fraudulent

Permalink - Posted on 2020-09-03 16:00

n Palo Alto Networks' research, almost 19% of the 13,857 cybersquatted domains are classified as "malicious," either used for malware distribute or phishing attacks. Another 37% of the cybersquatted domains are considered "suspicious," which includes domains that are questionable, appear to be parked, have insufficient content, or host legally questionable software.


Online Marketing Company Exposes 38+ Mllion U.S. Citizen Records

Permalink - Posted on 2020-09-03 16:00

The CyberNews research team discovered an unsecured data bucket that belongs to View Media, an online marketing company. The bucket contains close to 39 million US user records, including their full names, email and street addresses, phone numbers and ZIP codes. The database was left on a publicly accessible Amazon Web Services (AWS) server, allowing anyone to access and download the data. Following the 350 million email leak covered by CyberNews earlier in August, this is the second time this summer we encountered an unsecured Amazon bucket containing such massive amounts of user data.


European ISPs Report Wave of DDoS Attacks

Permalink - Posted on 2020-09-03 16:00

Over the past week, multiple ISPs in Belgium, France, and the Netherlands reported DDoS attacks that targeted their DNS infrastructure.


Virtual Classes for Miami-Dade School District Dsrupted by Cyber Attack

Permalink - Posted on 2020-09-03 16:00

Miami-Dade County Public Schools (M-DCPS) announced late Tuesday that its virtual classroom systems had been hit by a cyberattack that temporarily disrupted online classes amid the pandemic. In a statement, the district noted that its My School Online distance learning platform had been hit by a distributed denial of service, or DDoS attack, that negatively impacted the first two days of the 2020-2021 school year.


Big Ransomware Attacks Overshadowing Other Alarming Trends

Permalink - Posted on 2020-09-02 16:00

The attacks on major enterprises, which have been publicized by Maze and other gangs on their "news" sites, have overshadowed many other attacks that haven't been publicized. "For every ransomware attack you're reading in the news, there's several hundred you're not reading about. Some of them are very large. Some of them are business divisions of larger units. But if you're looking at the cyber insurance industry, they're looking at upwards of 100 claims per day that are ransomware-oriented."


Morgan Stanley Hit with $5 Million Data Breach Suit

Permalink - Posted on 2020-09-02 16:00

The suit is being brought by Morgan Stanley customer Timothy Smith in the U.S. District Court for the Southern District of New York on behalf of about 100 other customers affected by the data breach. The case is tied to incidents in 2016 and 2019 when the firm decommissioned several pieces of computer equipment without properly scrubbing the personal data.


33% of Companies Expose Unsafe Network Services to the Internet

Permalink - Posted on 2020-09-02 16:00

A new report finds that 33% of companies within the digital supply chain expose common network services such as data storage, remote access, and network administration to the internet. As such, admins should either eliminate direct internet access or deploy compensating controls for when/if such services are required, according to the report by RiskRecon, a Mastercard company, and the cybersecurity research services firm Cyentia Institute. The research is based on RiskRecon's assessment of millions of internet-facing systems across approximately 40,000 commercial and public institutions, the company said. Cyentia and RiskRecon analyzed the data in two ways: The direct proportion of internet-facing hosts running unsafe services, as well as the percentage of companies that expose unsafe services somewhere across their infrastructure.


CEOs Could Face Jail Time for IoT Attacks by 2024

Permalink - Posted on 2020-09-02 16:00

Corporate CEOs could soon be personally liable if they fail to adequately secure IT systems connected to the physical world, Gartner has warned. The analyst firm predicted that as many as 75% of business leaders could be held liable by 2024 due to increased regulations around so-called “cyber-physical systems” (CPSs) such as IoT and operational technology (OT).


American Payroll Association User Data Stolen in Skimmer Attack

Permalink - Posted on 2020-09-01 16:00

According to APA, information that was compromised during the attack included user login information and payment card information.


Apple Accidentally Approved Malware to Run on MacOS

Permalink - Posted on 2020-09-01 16:00

The ubiquitous Shlayer adware has picked up a new trick, slipping past Cupertino's “notarization” defenses for the first time.


Norway's Parliament Hit by 'Cyber Attack

Permalink - Posted on 2020-09-01 16:00

The Norwegian parliament suffered a cyber attack during the past week and the e-mail accounts of several elected members as well as employees were hacked, the national assembly and a counter-intelligence agency said on Tuesday.


Phishing Gangs Mounting High-Ticket BEC Attacks, Average Loss Now $80,000

Permalink - Posted on 2020-09-01 16:00

Agari reported average wire transfer loss from BEC attacks smashed all previous frontiers, spiking from $54,000 in the first quarter to $80,183 in Q2 2020 as spearphishing gangs reached for bigger returns. Scammers also requested funds in 66 percent of BEC attack in the form of gift cards, which are easier to cash out. During the second quarter of 2020, the average amount of gift cards requested by BEC attackers was $1,213, down from $1,453 in the first quarter of 2020. The number of phishing sites detected in the second quarter of 2020 was 146,994, down from the 165,772 observed in the first quarter. Phishing that targeted webmail and SaaS users continued to be biggest category of phishing.


Ransomware Attacks Continue to Dominate the Threat Landscape

Permalink - Posted on 2020-09-01 16:00

The ubiquitous Shlayer adware has picked up a new trick, slipping past Cupertino's “notarization” defenses for the first time.


PULAU Corporation Notifies Employees of June Hack

Permalink - Posted on 2020-08-31 15:00

An unauthorized party acquired certain employment-related records stored on the affected systems. The affected records contained certain personal information, such as name, contact information, date of birth, government-issued ID (such as Social Security, passport, military ID, tax ID and/or driver’s license numbers), financial account information (such as bank account and/or payment card information), online account usernames and passwords, and/or health-related information (including health insurance information).


Class Action Lawsuit Questions Blackbaud's Hacker Payoff

Permalink - Posted on 2020-08-31 15:00

In its breach notification, Blackbaud notes that it paid a ransom to secure a promise from attackers that they would delete all stolen data. Following the breach notification, Blackbaud was hit on Aug. 12 by a lawsuit seeking class action status, filed by Whitfield Bryson & Mason LLP on behalf of U.S. resident William Allen, whose "private information was compromised as a direct and proximate result of the data breach." The lawsuit seeks, in part, seven years of prepaid identity theft monitoring for victims. It alleges that the company's security defenses were inadequate and that attackers may have compromised massive quantities of PII, including Social Security, credit card and bank account numbers.


Utah Pathology Services Email Breach Potentially Affects 112,000 Patients

Permalink - Posted on 2020-08-31 15:00

Utah Pathology Services has announced an unauthorized individual has gained access to the email account of an employee and attempted to redirect funds from Utah Pathology.


Bypass of PINs for Visa Contactless Payments Proven

Permalink - Posted on 2020-08-28 15:00

A team of academics from Switzerland has discovered a security bug that can be abused to bypass PIN codes for Visa contactless payments. This means that if criminals are ever in possession of a stolen Visa contactless card, they can use it to pay for expensive products, above the contactless transaction limit, and without needing to enter the card's PIN code. The attack is extremely stealthy, academics said, and can be easily mistaken for a customer paying for products using a mobile/digital wallet installed on their smartphone. However, in reality, the attacker is actually paying with data received from a (stolen) Visa contactless card that is hidden on the attacker's body.


New Zealand Stock Exchange Disrupted by Fourth Cyber Attack

Permalink - Posted on 2020-08-28 15:00

The New Zealand government has activated national security systems after the nation’s stock exchange was disrupted by cyber attacks for a fourth day. There was no clarity on who was behind the “offshore” attacks, but the failure to stop them has raised questions about New Zealand’s security systems, experts said.


Over 54,000 Scanned NSW Driver's Licences Found in Open Cloud Storage

Permalink - Posted on 2020-08-28 15:00

Tens of thousands of scanned NSW driver's licenses and completed tolling notice statutory declarations were left exposed on an open Amazon Web Services storage instance, but Transport for NSW doesn't know how the sensitive personal data ended up in the cloud.


Fake Login Page Detections Top 50,000 in 2020

Permalink - Posted on 2020-08-28 15:00

Over 50,000 fake login pages were detected in the first half of 2020, with some able to be polymorphic and represent different brands. According to research from Ironscales, fake login pages are commonly used to support hacks and spear-phishing campaigns, and its researchers found more than 200 of the world’s most prominent brands were spoofed with fake login pages.


NCR Confirms Malware in Lab Environment

Permalink - Posted on 2020-08-28 15:00

NCR Corporation has confirmed to SC Media that it found malware-infected computers in an isolated non-production lab environment outside of the U.S., but claims its clients were never at risk of a secondary infection. The confirmation came after the CEO of cybersecurity firm Prevailion exclusively told SC Media that a trojan had infected the popular point-of-sale and ATM software developer, and expressed concern that this could potentially pose a supply-chain risk to customers. Prevailion had not alerted NCR of the infection, but SC Media reached out to the company to disclose the issue and request comment.


The Global Cost of Cyber Crime per Minute to Reach $11.4 Million by 2021

Permalink - Posted on 2020-08-28 15:00

Cybercrime costs organizations $24.7, YOY increase of more than $2 every minute, a RiskIQ report reveals. It will also have a per-minute global cost of $11.4 million by 2021, a 100% increase over 2015.


Southern Water Customers Could View Others' Personal Data

Permalink - Posted on 2020-08-28 15:00

Southern Water - British supplier of the liquid of life - botched its internal Sharepoint implementation so badly that a customer was able to view other people’s account details.


Local Government Organizations Most Frequently Targeted by Ransomware

Permalink - Posted on 2020-08-27 16:00

Local government bodies are more likely to be targeted by ransomware attacks than any other type of organization, according to a new study by Barracuda Networks, which looked at 71 global ransomware incidents over the last 12 months. It found that 44% of global ransomware attacks that have taken place so far in 2020 have been aimed at municipalities, which is virtually the same proportion as in 2019 (45%). Barracuda highlighted the attack on Redcar and Cleveland council’s computer system in the UK, which is believed to have cost the local authority over £10m. Of the municipalities subjected to ransomware attacks in 2020, 15% have confirmed they have made payments, compared to no ransoms being paid last year.


A Quarter of the Alexa Top 10K Websites Are Using Browser Fingerprinting Scripts

Permalink - Posted on 2020-08-27 16:00

Academics also discover many new previously unreported JavaScript APIs that are currently being used to fingerprint users.


Browsing Histories Can Be Used to Track Users

Permalink - Posted on 2020-08-27 16:00

Browsing histories can be used to compile unique browsing profiles, which can be used to track users, Mozilla researchers have confirmed. There are also many third parties pervasive enough to gather web histories sufficient to leverage browsing history as an identifier.


Medical Data Leaked on GitHub Due to Developer Errors

Permalink - Posted on 2020-08-26 16:00

Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls.


Dynasplint Systems Data Breach Impacts Almost 103,000 Individuals

Permalink - Posted on 2020-08-26 16:00

Severna Park, MD-based Dynasplint Systems, a manufacturer of proprietary stretching devices to improve joint motion, has experienced a cyberattack in which personal and protected health information may have been accessed or stolen.


Wellington-Dufferin-Guelph Public Health Notification of Privacy Breach

Permalink - Posted on 2020-08-26 15:00

Wellington-Dufferin-Guelph Public Health is informing community members of a recent breach of privacy that affected an information dashboard that was used to display information about influenza cases in our community. This dashboard was posted on our public website between January 2020 and May 2020.


Global Pandemic Opening Up Can of Security Worms

Permalink - Posted on 2020-08-26 15:00

Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.


New Zealand Stock Exchange Hit by Cyber Attack for Second Day

Permalink - Posted on 2020-08-26 15:00

Trading halted again, one day after overseas DDoS bombardment that forced stock market to shut down.


Malware Attack Stifles Philadelphia Area Transit Agency

Permalink - Posted on 2020-08-26 15:00

A malware attack two weeks ago continues to stifle the Southeastern Pennsylvania Transit Authority (SEPTA) and has left some employees exasperated while they search for answers with little communication from the authority.


Cyber Attack on Rialto School District Confirmed

Permalink - Posted on 2020-08-26 15:00

A cyber-attack has shut down virtual classes in a Los Angeles school district two weeks after the FBI issued a cybersecurity warning to schools offering online learning.


U.S. Military Personnel Lost $379 Mn to Fraudulent Schemes in Last 5 Years

Permalink - Posted on 2020-08-26 15:00

An investigation from AtlasVPN revealed that the U.S Military personnel have lost around $379.6 million to a range of fraudulent schemes from 2015 to June 30, 2020. According to the report, military staff have reported more than 680,000 complaints about fraud, identity theft, or other consumer issues to the Federal Trade Commission (FTC).


Nearly Half of U.K. IT Leaders Have Not Upgraded to Cloud Security

Permalink - Posted on 2020-08-25 16:00

Nearly half (47%) of UK IT leaders have not updated their security strategies to account for their move to cloud environments, putting their organizations at higher risk of cyber-attack, according to a new study by Trend Micro commissioned for CLOUDSEC Online. This is despite the fact that traditional on-premises security such as firewalls, network intrusion prevention systems (IPS/IDS) and anti-virus are unsuitable for cloud environments as they tend to create performance bottlenecks and security gaps.


Personal and COVID-19 Status Data Stolen from South Dakota Fusion Center in 'BlueLeaks' Hacking Incident

Permalink - Posted on 2020-08-25 16:00

In June 2020, the Houston, TX-based web developer Netsential had its web servers hacked and almost 270 gigabytes of data were stolen and was published online on June 19, 2020 by the hacking group Distributed Denial of Secrets (DDoSecrets). The hack and data leak incident was termed “BlueLeaks” and included 10 years of law enforcement data from around 200 police departments and fusion centers. Fusion centers gather and analyze threat information and share the data with states, government organizations, and private sector firms. The leaked data contained more than 1 million lines and included scanned documents, video and audio files, and emails.


38 Japan Firms' Authentication Data Stolen amid Surge in Teleworkers

Permalink - Posted on 2020-08-25 16:00

The cyberattacks took place in June and July. Around 900 items of authentication data for access to VPN servers, provided by Pulse Secure LLC of the United States, were found to have been stolen and leaked online, of which 90 were linked to Japan, according to the expert and others familiar with the matter.


Brookfield Residential Confirms Ransomware Attack

Permalink - Posted on 2020-08-25 16:00

DarkSide ransomware operators claimed to have attacked Brookfield Asset Management, they appear to have attacked Brookfield Residential, a North American land developer and residential home builder.


Freepik Discloses Data Breach Impacting 8.3 Million Users

Permalink - Posted on 2020-08-24 16:00

The attackers, Freepik Company explains, exploited an SQL injection vulnerability in Flaticon, which allowed them to access user information.


Average Cost of a Data Breach in 2020: $3.86M

Permalink - Posted on 2020-08-24 16:00

A recent survey of 3,200 people in 524 organizations that suffered data breaches is a bit of a mixed bag. Ponemon's "Cost of a Data Breach Report 2020" (commissioned by IBM) reveals that despite an apparent decline in the average cost of a data breach — from $3.92 million in 2019 to $3.86 million this year — the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes. In the same vein, Ponemon's examination of the average cost per record varied widely according to the kind of data that was exposed or stolen.


Indian Travel Site Exposed 37 Million Records Before Meow Attack

Permalink - Posted on 2020-08-24 16:00

The company behind one of India’s most popular travel booking sites exposed 43GB of customer and corporate data before it was deleted by the infamous “Meow” attacker, according to researchers.


Canadian Shipping Company Canpar Hit by Ransomware

Permalink - Posted on 2020-08-24 16:00

The Canuck parcel-mover's website fell offline for days as it tackled a ransomware outbreak on its internal systems. We are also told by readers who reside in America's Hat that deliveries have been negatively affected – things like package tracking and scheduling pickups are not possible right now, for instance.


HealthEngine Ordered to Pay $2.9m for Misleading Conduct

Permalink - Posted on 2020-08-21 16:00

The settlement saw HealthEngine admit to providing non-clinical personal information – such as names, dates of birth, phone numbers and email addresses – to nine different third-party private health insurance brokers without properly informing consumers.


Mitsukoshi and MI Card Announce Data Breach Affecting Approximately 19,000 Customers

Permalink - Posted on 2020-08-21 16:00

Isetan Mitsukoshi Co., Ltd and MI Card Co., Ltd announced, on 5 August 2020, that they had suffered a data breach affecting approximately 19,000 customers as a result of unauthorised access. In particular, MI Card noted that the data breach occurred on the Isetan Mitsukoshi Online Store as well as MI Card's homepage. In addition, MI Card highlighted that personal information such as name, address, phone number, email address, and date of birth of customers of the Mitsukoshi online store were accessed, whereas the member name, expected billing amount, and current membership points held on the MI Card homepage were also accessed.


University of Utah Pays $457,000 to Ransomware Gang

Permalink - Posted on 2020-08-21 16:00

The university said its staff restored from backups; however, the ransomware gang threatened to release student-related data online, which, in turn, made university management re-think their approach towards not paying the attackers.


Millions of Devices Affected by Vulnerability in Thales Wireless IoT Modules

Permalink - Posted on 2020-08-21 16:00

A vulnerability in components used in millions of IoT devices could be exploited by hackers and used to steal sensitive information and gain control of vulnerable devices, which could then be used in attacks on internal networks. Thales components are used by more than 30,000 companies, whose products are used across a broad range of industry sectors including energy, telecommunications, and healthcare.


Reports of Cyber Crimes Against Children Double During Pandemic

Permalink - Posted on 2020-08-21 16:00

The Tennessee Bureau of Investigation said yesterday that the number of tips received regarding cybercrimes against children has increased sharply since the outbreak of COVID-19. Speaking to media, TBI Director David Rausch said investigators had received more than twice the usual number of tips concerning this type of cybercrime since the pandemic began.


Student, Financial Info. Published in Suspected RMC data Leak After Cyber Attack

Permalink - Posted on 2020-08-21 16:00

What seems to be data from the Royal Military College (RMC) of Canada was leaked on the dark web this week, after the institution was targeted by a cybersecurity attack in early July. The Department of National Defence (DND) did not confirm the leak contains RMC information, but Global News has viewed many of the files from the leak, including student progress reports, acceptance letters, as well as a myriad of financial documents like tax receipts and budgets for various departments that all appear to be from the college.


Former Uber Security Chief Charged Over Covering Up 2016 Data Breach

Permalink - Posted on 2020-08-21 16:00

The federal prosecutors in the United States have charged Uber's former chief security officer, Joe Sullivan, for covering up a massive data breach that the ride-hailing company suffered in 2016. According to the press release published by the U.S. Department of Justice, Sullivan "took deliberate steps to conceal, deflect, and mislead the Federal Trade Commission about the breach" that also involved paying hackers $100,000 ransom to keep the incident secret.


Texas County Notified Thousands of Residents of Data Breach

Permalink - Posted on 2020-08-21 16:00

More than 2,000 residents in North Texas received letters notifying them that their personal information may have been compromised during a July cyberattack against the Cooke County Sheriff’s Office.


Myerscough College Hit by Cyber Attack on Exam Results Day

Permalink - Posted on 2020-08-21 16:00

A higher education college suffered "a significant malicious cyber attack" meaning students could not access their GCSE and other exam results online.


Remote Working Linked to Data Breach in 66% of Indian Firms

Permalink - Posted on 2020-08-20 17:00

While 64 per cent of organisations expect an incident to occur in the next month, 70 per cent are concerned about unknown threats that will cause business disruption in the next six months. Additionally, 53 per cent of organisations in India do not have an up-to-date cybersecurity strategy and solutions in place that cover all the vulnerabilities posed by full-time remote working.


SnapFulfil Hit by Ransomware

Permalink - Posted on 2020-08-20 17:00

Emails from SnapFulfil, a trading name of Synergy Logistics, sent to its customers late last week and shown to The Register, revealed how a ransomware attack targeted the company's services, disrupting warehouse operations for at least one of its customers.


Utah Gun Exchange Confirms Data Breach after Bad Actors Publishes Stolen Customer Records Online

Permalink - Posted on 2020-08-20 17:00

Earlier this month, datasets containing over 240,000 records of the Utah Gun Exchange website were posted openly on a popular hacking forum. In total, 195,000 user records for the utahgunexchange.com and 45,000 records for their video, site UGETube, were exposed.


Businesses Opt to Outsource Cyber Security Services

Permalink - Posted on 2020-08-20 17:00

According to research by Skurio, there is a lack of in-house expertise in the area of digital risk protection – the ability to monitor risks, threats and breaches outside the network. The research found 80% of respondents stated their teams lack skills and knowledge in this area.


62% of Blue Teams Have Difficulty Stopping Red Teams During Adversary Simulation Exercises

Permalink - Posted on 2020-08-20 17:00

While 37 percent of blue teams always or often catch these ‘bad actors,’ 55 percent say they only succeed sometimes, and 7 percent rarely or never achieve this feat. On a positive note, these numbers indicate a trend in the right direction compared to last year’s study, which showed one-third rarely or never catching red teams.


Banking Cients Swept Up in New Massive Experion Data Breach

Permalink - Posted on 2020-08-19 16:00

Standard Bank, the continent’s largest bank by assets, has said some of its clients are among victims of a data breach at one of the world’s top credit bureaus, while FNB and African Bank also warned their customers to be vigilant. The hack of Experian SA exposed some personal information of as many as 24-million South Africans and almost 800,000 businesses, the SA Banking Risk Centre (Sabric), a non-profit organisation set up by major lenders to combat bank-related organised crime, said in a statement on Wednesday.


Data Firm Exposes 235 Million Social Media Profiles

Permalink - Posted on 2020-08-19 16:00

A social media data broker has exposed the public-facing profiles of 235 million users via a misconfigured online database, according to researchers. Comparitech teamed up with Bob Diachenko to uncover three identical copies of the data on August 1, left online with no password or other authentication required to access it. In total, 192 million profiles were scraped from Instagram, 42 million from TikTok and four million from YouTube. Each record contained some of the following: profile name, real name, profile pic, account description, age, gender and more.


Marriott Faces Another Data Breach Lawsuit

Permalink - Posted on 2020-08-19 16:00

Marriott faces another lawsuit, filed in Britain, over the hotel giant experiencing one of the worst data breaches in history. A class action lawsuit was filed in the High Court of Justice for England and Wales by Martin Bryant, who runs a Manchester, England-based consultancy called Big Revolution.


Nearly 40% of Firms Fired Staff for Security Policy Breaches

Permalink - Posted on 2020-08-18 17:00

Almost two-fifths (39%) of British business decision makers have sacked employees because they breached corporate security policy during the pandemic, according to new data from Centrify.


61% of Airlines Have No Published DMARC Record, Customers Susceptible to Email Fraud

Permalink - Posted on 2020-08-18 17:00

The majority of airline companies are potentially leaving their customers vulnerable to email fraud, such as phishing, according to a new analysis by Proofpoint. It found that 61% of member airlines belonging to the International Air Transport Association (IATA) do not have a published Domain-based Message Authentication, Reporting & Conformance (DMARC) record, increasing the risk of having their identity spoofed and of customers being targeted by email fraud. IATA member airlines make up 82% of total air traffic. In addition, 93% of global airlines included in the study have not implemented the recommended level of DMARC protection, known as Reject. This blocks fraudulent emails from reaching their intended target.


Blackbaud Ransomware Attack Impacts 657,392 Northern Light Health Foundation Donors

Permalink - Posted on 2020-08-18 16:00

The databases affected contained information about donors, potential donors, and individuals who may have attended a fundraising event in the past. Patient medical records were stored separately and were unaffected. The databases contained the records of 657,392 individuals.


World's Largest Cruise Line Operator Discloses Ransomware Attack

Permalink - Posted on 2020-08-18 16:00

In an 8-K filing with the US Securities Exchange Commission (SEC), the company said the incident took place on Saturday, August 15. Carnival said the attackers "accessed and encrypted a portion of one brand's information technology systems," and that the intruders also downloaded files from the company's network.


Medical Data of Auto Accident Victims Exposed Online

Permalink - Posted on 2020-08-18 16:00

Secure Thoughts collaborated with Security Expert Jeremiah Fowler to expose a leak of millions of personal medical records by an Artificial Intelligence company.


Publicly Reported Data Breaches Down 52%, Exposed Records Way Up!

Permalink - Posted on 2020-08-18 16:00

Although the number of publicly reported data breaches stands at its lowest in five years, the number of records exposed is more than four times higher than any previously reported time period, a Risk Based Security report reveals.


Gym App Management Patform Exposed Info. of Thousands of Users

Permalink - Posted on 2020-08-18 16:00

Hackers could hijack user accounts in dozens of fitness and gym mobile applications, even where the two-factor authentication (2FA) mechanism was active. The common ground for all the apps is Fizikal, a management platform from Israel for gyms and sports clubs that allows customers to handle their subscription and class registration.


Ritz Hotel Diners Were Vctims of a Sophisticated Scam

Permalink - Posted on 2020-08-17 16:00

Clients having dinner at the luxury Ritz hotel in London have been targeted by “extremely convincing” scammers who posed as hotel staff to steal payment card details.


India: 'Dharma' Ransomware Attacking SMBs, Average Loss is Rs 6.4 Lakh

Permalink - Posted on 2020-08-17 16:00

Small and medium businesses (SMBs) are witnessing an increased ransomware attack globally, including in India, this year and the ransom demands have reached nearly $8,620 (nearly Rs 6.4 lakh) on average in the pandemic times.


Jack Daniel's-Maker Suffers REvil Ransomware Breach

Permalink - Posted on 2020-08-17 16:00

However, as is often the case, the attackers appear to have taken extra steps to force a ransom payment from the company. They told Bloomberg that 1TB of corporate data is now in their hands and it will most likely be leaked online in batches to turn up the pressure on the Louisville, Kentucky-headquartered firm.


Researcher Discloses 9 Leaky GitHub Repos Affecting 200,000 U.S. Residents

Permalink - Posted on 2020-08-17 16:00

Only three of the of the nine affected entities responded to the researchers’ disclosure and patched their blunders. Some ignored his findings, while others even threatened to pursue legal action against him – despite Ursem disclosing his findings responsibly and giving the affected entities enough time to address the leaks.


Oracle and Salesforce to Face GDPR Lawsuit

Permalink - Posted on 2020-08-17 16:00

A consumer privacy campaign group has filed a lawsuit against American companies Salesforce and Oracle over an alleged breach of the EU's General Data Protection Regulation laws. The Privacy Collective claims that the companies collect users' personal data without proactive user consent and then auction it off to other companies without users' knowledge. The group has claimed that the suit could cost the California-based companies up to $10bn in fines.


Microsoft Put Off Fixing Zero Day for 2 Years

Permalink - Posted on 2020-08-17 16:00

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem.


Thousands of Canadian Government Accounts Hacked

Permalink - Posted on 2020-08-17 16:00

The attacks targeted the GCKey service, used by some 30 federal departments and Canada Revenue Agency accounts, the Treasury Board of Canada Secretariat explained in a press release.


NSW Police Leak Private Information of Complainants

Permalink - Posted on 2020-08-17 16:00

The NSW Police have leaked the emails of over 150 complainants who contacted them in order to raise concerns regarding officer’s use of force following the Sydney Black Lives Matter protest on Saturday, 6 June.


Town of Hollywood Park Attempting to Recover Nearly $200,000 Stolen in 2019 Cyber Theft

Permalink - Posted on 2020-08-17 16:00

On March 5, 2019 someone attempted to steal nearly half a million dollars from the sleepy San Antonio suburb of Hollywood Park. The thieves were likely international cyber-criminals, but 17-months later, no one has been arrested for the crime. With the help of the United States Secret Service, the town managed to recover nearly $300,000 of the missing money, but there’s still a dispute over who should be held responsible for the nearly $200,000 that ended up in a bank in Turkey. Hollywood Park Mayor Chris Murphy recently recalled the moment he learned about two large, unauthorized wire transfers from the town’s bank accounts on March 6, the day after the money had been moved.


Lawsuit Filed After Data Breach at Coastal Prep Academy Exposed Sensitive Personal Data

Permalink - Posted on 2020-08-17 16:00

According to a letter sent to parents by Coastal Preparatory Academy and a lawsuit filed in Superior Court, a former employee obtained extremely sensitive personal information about parents, students, and staff — including social security numbers, health and financial information, and employment records. The charter school has filed several civil actions to recover passwords, personal data, and control of its computer systems. The school has also contacted the Attorney General’s office, as it believes the employee responsible for the data breach has broken state and federal law.


Germany's Military-Run Transport Fleet Hacked

Permalink - Posted on 2020-08-17 16:00

Germany's state-owned vehicle fleet, which provides chauffeurs for parliamentarians and is run by the Bundeswehr military, has been hacked. Federal cyber experts have begun a probe, reports the Bild am Sonntag newspaper.


Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Permalink - Posted on 2020-08-14 16:00

Formerly known as Accretive Health Inc., Chicago-based R1 RCM brought in revenues of $1.18 billion in 2019. The company has more than 19,000 employees and contracts with at least 750 healthcare organizations nationwide.


129,000 Patients Data Exposed After Behavioral Health Network Malware Attack

Permalink - Posted on 2020-08-14 16:00

Behavioral Health Network (BHN), the largest behavioral health service provider in Western Massachusetts, has announced that malware was downloaded onto its computer systems that prevented files from being accessed. The security breach was discovered on May 28, 2020 when staff were prevented from accessing files. An investigation was immediately launched to determine the extent of the attack and whether any data had been exfiltrated by the attacker. Around July 17, 2020, BHN determined that an unauthorized individual had gained access to its systems on May 26, two days before the malware was introduced.


Canon USA's Stolen Files Leaked by Maze Ransomware Gang

Permalink - Posted on 2020-08-14 16:00

A ransomware gang has published unencrypted files allegedly stolen from Canon during a ransomware attack earlier this month. On August 5th, 2020, BleepingComputer broke the story that Canon suffered a ransomware attack by a cybercrime group known as Maze. BleepingComputer learned of this attack after a source shared a portion of the ransom note and an internal notification to employees about the attack. Since then, BleepingComputer has obtained previously unpublished internal communications sent by the Canon IT department on August 10th to employees about the restoration of services.


Instagram Retained Deleted User Data Despite GDPR Rules

Permalink - Posted on 2020-08-14 16:00

Instagram kept copies of deleted pictures and private direct messages on its servers even after someone removed them from their account. The Facebook-owned service acknowledged the slipup and awarded a security researcher $6,000 for finding the bug.


Hacker Leaks Data for U.S. Gun Exchange Site on Cyber Crime Forum

Permalink - Posted on 2020-08-13 17:00

A hacker has released the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum. On August 10th, a threat actor posted databases that they claim contain 195,000 user records for the utahgunexchange.com, 45,000 records for their video site, 15,000 records from the hunting site muleyfreak.com, and 24,000 user records from the Kratom site deepjunglekratom.com.


Surge in Cyber Attacks Targeting Open Source Software Projects

Permalink - Posted on 2020-08-13 17:00

There has been a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains, Sonatype has found.


Adit Database Left Exposing 3.1 Million Patient Records

Permalink - Posted on 2020-08-13 17:00

In a blog Tuesday, independent security researcher Volodymyr "Bob" Diachenko writes of his discovery on July 13 of an unprotected database with information on 3.1 million patients that was exposed to the internet. The database appears to be owned by Adit, a Houston-based online medical appointment and patient management software company. In an unusual development, on July 22, the database appears to have been deleted by a so-called "meow bot," the researcher says. "Unlike other malicious bots that find and delete exposed data, a meow bot doesn't ask for a ransom, which has led some to believe the bot is actually benevolent and aims to protect data subjects' information," he writes.


Medical Records for More Than 61,000 Cardiac Patients Left Unsecured Online

Permalink - Posted on 2020-08-13 17:00

n August 2, a researcher contacted DataBreaches.net about a misconfigured Amazon s3 storage bucket they had discovered. The bucket contained more than 60,000 records, recently updated, with protected health information of patients seen by or involved with BioTel Heart cardiac data network.


Researchers Uncovered Alexa Flaw That exposed Personal Information and Speech Histories

Permalink - Posted on 2020-08-13 17:00

Researchers at Check Point say they identified an exploit in Amazon’s Alexa voice platform that could have given attackers access to users’ personal information, speech histories, and Amazon accounts. In a blog post, they describe the way in which an attack might have been carried out against a user, beginning with a malicious link pointing to a page with code-injection capabilities.


1,400 Data Breaches at HSE Included Patient Photos and Medical Files

Permalink - Posted on 2020-08-13 17:00

The number of breaches showed a sharp rise between 2018, when 556 incidents were recorded, and last year when there were 833. Across the country, there were 1,389 data breaches reported, with over a third of them recorded in the Dublin North East HSE region.


Half of IT Teams Can't Fully Utilize Cloud Security Solutions Due to Understaffing

Permalink - Posted on 2020-08-12 16:00

Nearly 90% of the organizations surveyed are already using or researching the use of a CASB, 50% don’t have the staffing to fully utilize cloud security solutions, which could be remediated by working with top CASB vendors.


30% of Businesses Globally Have Seen an Increase in Attacks as a Result of Pandemic

Permalink - Posted on 2020-08-12 16:00

This is according to C-Level IT and security execs at global businesses, 64% of which believe their organization is more likely to experience a data breach due to COVID-19.


Almost 20,000 Patients Affected by Owens Ear Center Ransomware Attack

Permalink - Posted on 2020-08-12 16:00

Owens Ear Center in Fort Worth, TX, suffered a ransomware attack on May 28, 2020 in which patient information was encrypted. The computer systems that were encrypted contained patients’ medical records, which included information such as names, addresses, dates of birth, health insurance information, health information, and Social Security numbers.


Pace Center for Girls' Donor Data Breached

Permalink - Posted on 2020-08-12 16:00

A non-profit social services agency in Florida has been hit by a data breach after a security incident affected one of its outside vendors. Pace Center for Girls has issued a warning to its supporters after the organization discovered some of its data had been affected by a May security breach at Blackbaud.


Incident Response Exercises Not Taken Seriously by Business Leaders

Permalink - Posted on 2020-08-12 16:00

Only 2% of organizations have run incident response scenarios related to the pandemic response. According to research by Immersive Labs of 402 organizations, nearly 40% are not fully confident in their teams training to handle a data breach if one occurred, and 65% of exercises consist of reviewing PowerPoint slides.


Imperial Valley College Hit with Ransomware Attack

Permalink - Posted on 2020-08-12 16:00

A ransomware attack unleashed on Imperial Valley College’s computer system on Aug. 6 brought down critical systems that remained offline and will likely continue until further notice, a college spokesperson confirmed.


Sensitive Data of Cyber Security Firm and Other Businesses Leaked Online

Permalink - Posted on 2020-08-12 16:00

In addition to the cyber security firm, the 343GB worth of leaked data belongs to universities, an insurance firm, non-profit, and public limited firms.


BEC Scam Costs Trading Firm Virtu Financial $6.9 Million

Permalink - Posted on 2020-08-12 16:00

High-speed trading firm Virtu Financial says it lost $6.9 million in a business email compromise scam in May. The company is now suing its insurer for failure to cover the loss, according to legal documents filed in the case.


Nearly 70% of Fraud Phishing Attacks are Directed at Canada

Permalink - Posted on 2020-08-11 17:00

For the fifth quarter in a row, the Great White North was ravaged by fraud-based phishing attacks, making it the most frequently targeted country by far, absorbing 66 per cent of all attacks, according to RSA’s Quarterly Fraud Report for Q1. The next most commonly targeted country, the U.S., accounted for only seven per cent.


Data Breach at Illinois Healthcare System

Permalink - Posted on 2020-08-11 17:00

An investigation was launched by the Freeport-based healthcare provider after it transpired that the email accounts of a number of employees had been compromised. According to a notice issued by FHN, the alarm was raised when suspicious activity was spotted within the compromised email accounts. FHN responded by securing the accounts and hiring a "leading computer forensic firm" to determine what had occurred.


Avaddon Ransomware Launches Data Leak Site to Extort Victims

Permalink - Posted on 2020-08-10 16:00

Avaddon ransomware is the latest cybercrime operation to launch a data leak site that will be used to publish the stolen data of victims who do not pay a ransom demand.


Nearly Half of Dutch Listed Companies Do Not Provide Information on Cyber Security in Annual Report

Permalink - Posted on 2020-08-10 16:00

The Cyber Security Annual Report (CSAR) by the Erasmus School of Law in Rotterdam shows that nearly half of those companies do not mention any specific measures taken on the cybersecurity front, thereby keeping investors in the dark. Only Ahold (Giant Food Stores, Stop & Shop, Peapod), paint and coatings company AkzoNobel, commercial real estate company Unibail-Rodamco-Westfield and private banking firm Van Lanschot provided six or more cybersecurity measures in place in their annual reports. Amongst those were the appointment of a CISO and providing employees with security awareness training (SAT).


U.N. Reports Sharp Increase in Cybercrime During Pandemic

Permalink - Posted on 2020-08-10 16:00

A 350% increase in phishing websites was reported in the first quarter of the year, many targeting hospitals and health care systems and hindering their work responding to the COVID-19 pandemic.


DDoS Attacks Cresting Amid Pandemic

Permalink - Posted on 2020-08-10 16:00

According to the latest Kaspersky quarterly DDoS attacks report, DDoS events were three times more frequent in comparison to the second quarter last year (up 217 percent), and were up 30 percent from the number of DDoS attacks observed in the first quarter of 2020.


Children's Hospital Colorado Suffers Phishing Attack

Permalink - Posted on 2020-08-10 16:00

Credentials to access the account were obtained when an employee responded to a phishing email. The phishing attack was identified by the hospital on June 22, 2020 and the account was immediately secured. A review of the emails and email attachments in the account revealed they contained patient names, zip codes, dates of service, medical record numbers, and clinical diagnosis information.


Ransomware Threatens Production of 300 Ventilators 0er Day

Permalink - Posted on 2020-08-10 16:00

The FDA-approved Coronavirus ventilator manufacturer Boyce Technologies has been targeted by ransomware launched by the DoppelPaymer gang, who are threatening to leak data from the company. Cointelegraph has viewed the DoppelPaymer blog, where the gang lists example files of the data stolen during the attack, including sales and purchase orders, assignment forms, among others.


Travelex Forced into Administration After Ransomware Attack

Permalink - Posted on 2020-08-10 16:00

PwC announced late last week that it had been appointed join administrators of the currency exchange business. Despite operating over 1000 ATMs and 1000+ stores globally, and providing services for banks, supermarkets and travel agencies in over 60 countries, the firm was forced to cut over 1300 jobs as part of the restructuring.


SPARTOO: Sanction of 250,000 Euros and Injunction Under Penalty to Comply with the GDPR

Permalink - Posted on 2020-08-07 16:00

On the basis of the investigations carried out, the restricted committee – the CNIL body responsible for imposing sanctions – considered that the company had failed to meet several obligations provided for by the GDPR.


Intel Investigating Data Leak of Technical Documents, Tools

Permalink - Posted on 2020-08-07 16:00

Intel is investigating reports that a claimed hacker has leaked 20GB of data coming from the chip giant, which appear to be related to source code and developer documents and tools.


Blackbaud Breach Impacts National Trust Volunteers

Permalink - Posted on 2020-08-07 16:00

Britain's National Trust has warned volunteers of a data breach linked to a cyber-attack on US cloud computing and software provider Blackbaud in May. The charity and membership organization for heritage conservation in England, Wales, and Northern Ireland has been contacting volunteers by email to notify them of the breach. National Trust data exposed as a result of the ransomware attack on Blackbaud belongs to past and present volunteers and applicants for the trust's volunteer program.


Nearly 50% of All Smartphones Affected by Qualcomm Snapdragon Bugs

Permalink - Posted on 2020-08-07 16:00

Several security vulnerabilities found in Qualcomm's Snapdragon chip Digital Signal Processor (DSP) chip could allow attackers to take control of more than 40% of all smartphones without user interaction, spy on their users, and create un-removable malware capable of evading detection. DSPs are system-on-chip units are used for audio signal and digital image processing, and telecommunications, in consumer electronics including TVs and mobile devices.


25% of IT Workers Don't Enforce Security Policies

Permalink - Posted on 2020-08-06 16:00

14% of IT workers are consumed with Identity and Access Management (IAM), spending at least an hour per day on routine IAM tasks, according to 1Password. IAM continues to be a significant productivity bog for IT and employees alike, with 57% of IT workers resetting employee passwords up to five times per week, and 15% doing so at least 21 times per week.


Class Action Proposed for Victims of Central Health Privacy Breach

Permalink - Posted on 2020-08-06 16:00

St. John’s lawyers Bob Buckingham and Eli Baker say they will launch a class-action lawsuit in relation to a recent privacy breach by a former employee of Central Health. Last week, officials with the health authority said an employee had inappropriately accessed the health records of 240 people online over a two-year span. Central Health was informed of a potential privacy breach July 14 and immediately undertook an investigation, they said.


Court Approves Class Action Settlement in RE: YAHOO! Inc.

Permalink - Posted on 2020-08-06 16:00

Yahoo!’s data breach class action is finally being put to rest. Last month, the Northern District of California approved the proposed $117.5M settlement to resolve the claims of approximately 194 million class members in In re Yahoo! Inc. Customer Data Sec. Breach Litig., No. 16-MD-02752-LHK, 2020 U.S. Dist. LEXIS 129939 (N.D. Cal. July 22, 2020). This approval did not come easily. During several rounds before the Court to obtain settlement approval, the Court pointed out that while “other data breach cases focus on one data breach, the instant case involves multiple data breaches over a period of five years, each of which Yahoo failed to timely disclose.”


Insecure Satellite Internet Is Threatening Ship and Plane Safety

Permalink - Posted on 2020-08-06 16:00

While researchers such as Adam Laurie and Leonardo Nve demonstrated the insecurity of satellite Internet in 2009 and 2010, respectively, Pavur has examined the communications at scale, with the interception of more than 4 terabytes of data from the 18 satellites he tapped. He has also analyzed newer protocols, such as Generic Stream Encapsulation and complex modulations including 32-Ary Amplitude and Phase Shift Keying (APSK). At the same time, he has brought down the interception cost of those new protocols from as much as $50,000 to about $300.


Half of Orgs Regularly Push Vulnerable Code in App Security Programs

Permalink - Posted on 2020-08-06 16:00

Nearly half (48%) of organizations regularly push vulnerable code into production in their application security programs due to time pressures, while 31% do so occasionally, according to a new report published by Synopsys entitled Modern Application Development Security. As a result, 60% have reported production applications exploited by OWASP top-10 vulnerabilities in the past 12 months.


Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Permalink - Posted on 2020-08-06 16:00

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned.


CDP and Two Other Organisations Fned for Data Privacy Breach

Permalink - Posted on 2020-08-06 16:00

The Central Depository (CDP) and two other organisations have been fined a total of $47,000 for breaching data privacy laws. CDP received the biggest fine of $32,000 after it mailed dividend cheques to outdated addresses, putting more than 200 account holders at risk of having their personal data disclosed.


69,777 Patients Impacted by Allergy and Asthma Clinic of Fort Worth Hacking Incident

Permalink - Posted on 2020-08-06 16:00

Allergy and Asthma Clinic of Fort Worth has discovered an unauthorized individual gained access to its computer systems and potentially obtained patients’ billing information. The breach was detected on June 4, 2020 and steps were immediately taken to prevent further unauthorized access. The breach investigation revealed the hacker gained access to the network on May 20, 2020.


2019 Breach Leads to $80 Million Fine for Capital One

Permalink - Posted on 2020-08-06 16:00

In the data breach, more than 100 million credit applications were accessed by malicious actors. The office said that Capital One deserved credit for its victim notification and remediation actions following the breach.


Dutch Hackers Found a Simple Way to Mess with Traffic Lights

Permalink - Posted on 2020-08-06 16:00

By reverse engineering apps intended for cyclists, security researchers found they could cause delays in at least 10 cities from anywhere in the world.


Australian Universities Investigate Online Exam Tool Data Breach

Permalink - Posted on 2020-08-06 16:00

Australian universities using the ProctorU online exam monitoring tool are included in a data breach affecting 444,000 users of the platform.


Canon Hit by Maze Ransomware Attack, 10TB Data Allegedly Stolen

Permalink - Posted on 2020-08-05 16:00

Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications.


Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter Hacker

Permalink - Posted on 2020-08-05 16:00

Perhaps fittingly, a Web-streamed court hearing for the 17-year-old alleged mastermind of the July 15 mass hack against Twitter was cut short this morning after mischief makers injected a pornographic video clip into the proceeding.


Colorado City Pays $45,000 Ransom After Cyber Attack

Permalink - Posted on 2020-08-05 16:00

Lafayette, Colorado, officials announced Tuesday the city’s computer systems were hacked and they were forced to pay a ransom to regain access.


Hacker Leaks Passwords for 900+ Enterprise VPN Servers

Permalink - Posted on 2020-08-05 16:00

A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community.


Many Companies Have Not Taken Basic Steps to Protect Their Remote Workforce

Permalink - Posted on 2020-08-05 16:00

AT&T’s study of 800 cybersecurity professionals across the UK, France and Germany shows that while 88% initially felt well prepared for the migration, 55% now believe widespread remote working is making their companies more or much more vulnerable to cyberattacks. This figure jumps to 70% for large businesses with over 5,000 employees.


Redcar Cyber Attack Vost Council £10.4m

Permalink - Posted on 2020-08-05 16:00

About 135,000 people were without online public services after Redcar and Cleveland's website and computers were targeted in February.


UberEats Data Leaked on the Dark Web

Permalink - Posted on 2020-08-05 16:00

Security researchers from threat intelligence firm Cyble have discovered user records of American online food ordering and delivery platform UberEats on DarkWeb.


British Dental Association Members Targeted by Hackers

Permalink - Posted on 2020-08-04 16:00

Dentists' bank account numbers and correspondence with a trade body are feared to have been stolen by hackers. The British Dental Association has told its members that it is still not sure exactly what was accessed in a breach on 30 July. A spokeswoman told the BBC it was possible that information about patients was exposed, but was vague about the potential context. The BDA's website has been offline since the attack.


Second Data Breach at Kentucky Unemployment System

Permalink - Posted on 2020-08-04 16:00

The reporter of the alleged breach logged on to the Office of Unemployment Insurance's (OUI) online system on July 27 to work on their unemployment application. While trying to enter their own details, the claimant was able to view information about another claimant's former employer and health.


Michigan's Largest Healthcare Provider Phished Again

Permalink - Posted on 2020-08-04 16:00

Michigan's largest healthcare provider has warned around 6,000 patients that their data may have been exposed following a cyber-attack. The cybersecurity incident is the second phishing-related data breach to befall Beaumont Health in recent months.


Garmin Pays Up to Evil Corp After Ransomware Attack

Permalink - Posted on 2020-08-04 16:00

The ransom for the decryptor key in the WastedLocker attack could have topped $10 million, sources said.


Robocall Legal Advocate Leaks Customer Data

Permalink - Posted on 2020-08-04 16:00

A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.


AU: Aged Care Operator's Sensitive Data Stolen in Foreign Cyber Attack

Permalink - Posted on 2020-08-03 15:00

ASX-listed aged care operator Regis has been hit by an international cyber attack that has led to the release of sensitive personal data, adding to the woes of the company which is battling a coronavirus outbreak at one of its Melbourne centres. The $400 million operator told investors on Monday an "overseas third party" was responsible for an attack on its operations resulting in data being copied from its servers and publicly released.


LifeLabs Agrees to Comply with Privacy Commissioners' Orders

Permalink - Posted on 2020-08-03 15:00

From the Office of the Information & Privacy Commissioner of British Columbia, this press release below. This is the second time in the past few months where we have seen an entity really fight an order to release a forensics report on a breach.


Zello Resets All User Passwords After Data Breach

Permalink - Posted on 2020-08-03 15:00

The push-to-talk app, Zello, has disclosed a data breach that revealed user's email addresses and hashed passwords after discovering unauthorized activity on their systems.


Hackers Cause Telstra Outages in Australia's Eastern States with Cyber Attack

Permalink - Posted on 2020-08-03 15:00

Hackers have carried out a “malicious” cyber attack on Telstra, creating connectivity issues for some home internet users. Telstra reported the denial of service attack on its servers on Sunday which led to widespread internet outages in Australia’s eastern states.


Havenly Discloses Data Breach After 1.3M Accounts Leaked Online

Permalink - Posted on 2020-08-03 15:00

Havenly, a US-based interior design web site, has disclosed a data breach after a hacker posted a database containing 1.3 million user records for free on a hacker forum.


2gether Hacked: €1.2m in Cryptocurrency Stolen

Permalink - Posted on 2020-08-03 15:00

The unknown threat actors reportedly behind the attack made off with €1.183 million in cryptocurrency in investment accounts, which equates to 26.79% of overall funds.


After Ransomware Attack, Legal Services Company Epiq Faces California Privacy Lawsuit

Permalink - Posted on 2020-07-31 16:00

Lawyers for Epiq Systems Inc have removed a lawsuit to federal court that alleges the legal services provider failed to adequately protect personal information under California’s consumer privacy law.


Travel Giant CWT pays $4.5 Million Ransom to Cyber Criminals

Permalink - Posted on 2020-07-31 16:00

U.S. travel management firm CWT paid $4.5 million this week to hackers who stole reams of sensitive corporate files and said they had knocked 30,000 computers offline, according to a record of the ransom negotiations seen by Reuters.


Canadian MSP Discloses Data Breach, Failed Ransomware Attack

Permalink - Posted on 2020-07-31 16:00

Managed service provider Pivot Technology Solutions has disclosed that it was the victim of a ransomware attack that resulted with sensitive information being accessed by the hackers. The incident occurred last month and hit impacted data held by the parent company and its subsidiaries and/or former and current affiliates.


Infosec Researchers Cause 3D Printers to Catch Fire Due to Vulnerabilty

Permalink - Posted on 2020-07-31 16:00

Some 3D printers can be flashed with firmware updates downloaded directly from the internet – and an infosec research firm says it has discovered a way to spoof those updates and potentially make the printer catch fire. Research from the appropriately named Coalfire biz claimed printers from Chinese company Flashforge could be abused through crafted updates that bypass safety features built into the devices' firmware.


Personal Data of 24k Students Gets Posted on GTU Website

Permalink - Posted on 2020-07-31 16:00

Gujarat Technological University (GTU) may be running a cybersecurity centre and helping police train for the same, but that does not keep it safe from hackers. In a glaring lapse, personal data of as many as 24,000 students who took the pre-test for an online exam on Thursday was allegedly leaked or stolen and put up on the varsity’s website.


IndieFlix Streaming Leaves Thousands of Confidential Files and Personal Info. Exposed on Public Server

Permalink - Posted on 2020-07-31 16:00

The CyberNews research team discovered an unsecured data bucket on a publicly accessible Amazon Simple Storage (S3) server containing confidential data belonging to IndieFlix. IndieFlix is a US-based entertainment company offering a subscription-based online video streaming service that mainly specializes in independent titles, including feature films, shorts, and documentaries.


India Found Cyber Security Lapses at National Payments Corp in 2019

Permalink - Posted on 2020-07-30 17:00

A government audit of India’s flagship payments processor last year found more than 40 security vulnerabilities including several it called “critical” and “high” risk, according to an internal government document seen by Reuters.


Dussmann Group Data Leaked After Ransomware Attack

Permalink - Posted on 2020-07-30 17:00

German giant Dussmann Group has become the latest company to fall victim to a ransomware-data breach attack, after hackers began posting stolen files to the dark web. The facilities management multinational, which employs over 66,000 staff worldwide and makes billions of euros in sales annually, appears to have been struck by the Nefilim variant.


New Zealand: Police Name Firm That Lost Information on Crime Reports to Hackers

Permalink - Posted on 2020-07-30 17:00

Police are axing their contract with Auckland research firm Gravitas after information they sent the firm about police complainants was lost in a Nigerian hack. Assistant commissioner Jevon McSkimming announced earlier this month – without naming the company – that Gravitas had alerted Police to the data breach and had also reported it as “a crime” which Police were investigating. Police had now decided to terminate their contract with Gravitas after they had been “unable to get assurances that our information has been kept properly secure”, Police said in a statement on Thursday.


Athens ISD Pays $50K for Release of Data in Ransomware Attack

Permalink - Posted on 2020-07-30 17:00

Athens ISD Board of Trustees has agreed to pay a $50,000 ransom for school data that was taken in a criminal ransomware attack. The attack targeted data stored on district servers, backup systems, and hundreds of computers. As a result, access to data has been blocked including teacher communications, student schedules, grades, and assignments.


GTU Students Complain of Massive Data Leak After Mock Test

Permalink - Posted on 2020-07-30 17:00

The students of Gujarat Technological University have complained of massive data leaks during online pre-check trial/mock tests. The test was conducted by the university on July 28. Students allege that their personal details including ID proofs were leaked on the university's website.


Vermont Tax Department Exposed 3 Years Worth of Tax Return Info.

Permalink - Posted on 2020-07-30 17:00

The Vermont Department of Taxes today disclosed that taxpayers' private information was exposed because of a security issue affecting its online filing site discovered on July 2, 2020. The data breach affected all Vermonters who electronically filed Property Transfer Tax returns using the tax department's site between February 2017 and July 2020.


Connecticut Insurance Dept. Reminds Licensees to Comply with Data Security Law

Permalink - Posted on 2020-07-30 17:00

On July 20, 2020, the Connecticut Insurance Department issued a bulletin to licensees reminding them that the Connecticut Insurance Data Security Law (“Act”) becomes effective on October 1, 2020 and providing guidance on compliance. The Act requires “all persons who are licensed, authorized to operate or registered, or required to be licensed, authorized or registered pursuant to the insurance laws of Connecticut” to “develop, implement and maintain a comprehensive written information security program (“ISP”) that complies with” the Act “not later than October 1, 2020.” The Act generally applies to domestic insurers and health care centers, with some exemptions.


Researchers Report Mobile Operating Systems Bugs Have Surged 50%

Permalink - Posted on 2020-07-30 17:00

Skybox Security predicts that 2020 will end with 20,000 reported vulnerabilities, as compared to 17,306 in 2019. Till mid-2020, 9000 vulnerabilities have been reported.


Personal Information of 34 Lakh Dunzo Users Leaked

Permalink - Posted on 2020-07-30 17:00

In an online blog post on Wednesday, the Bengaluru-based company said the “servers of a third party we work with were compromised.” This allowed the attacker to get unauthorized access and breach the company's database, which included phone numbers, email addresses, the users' last known location, phone type, and last login dates.


10,000 Patients Affected by Data Breach at University of Utah Health

Permalink - Posted on 2020-07-30 17:00

The health system stated in a press release on June 5 that a breach occurred between April 6 and May 22. A hacker gained unauthorized access to some of the U of U health employees’ email accounts as part of a phishing scheme. In the press release, the U did not specify how many employees were affected.


In Latest Crypto Wallet Breach, Ledger Users Have Data Stolen

Permalink - Posted on 2020-07-29 16:00

Ledger has acknowledged that hackers also gained access to 9500 Phone numbers among other data.


Business Giant Dussmann Group's Data Leaked After Ransomware Attack

Permalink - Posted on 2020-07-29 16:00

The Nefilim ransomware operation has begun to publish unencrypted files stolen from a Dussmann Group subsidiary during a recent attack. The Dussmann Group is the largest multi-service provider in Germany with subsidiaries focusing on facility management, corporate childcare, nursing and care for the elderly, and business systems solutions, including HVAC, electrical work, and elevators. The company has confirmed to BleepingComputer that one of their subsidiaries, Dresdner Kühlanlagenbau GmbH (DKA), recently suffered a ransomware attack where data was stolen.


Michigan Online Bar Exam Temporarily Taken Down by Cyber Attack

Permalink - Posted on 2020-07-29 16:00

ExamSoft, one of the three vendors offering the exam that certifies potential attorneys, said the test had been hit by a distributed denial of service (DDoS) attack, which involves a hacker or group attempting to take down a server by overwhelming it with traffic.


Today's "Mega" Data Breaches Now Cost Companies $392 Million to Recover From

Permalink - Posted on 2020-07-29 16:00

If an organization is acting as a data controller for between 40 and 50 million records, the cost on average is $364 million, and organizations could face a cost of up to $175 per consumer record involved in data theft or leaks.


Alcohol Delivery Service Drizly Confirms Data Breach

Permalink - Posted on 2020-07-29 16:00

As many as 2.5 million Drizly accounts are believed to have been stolen. TechCrunch obtained a portion of the data, including several accounts of Drizly staff members. We verified the data against public records. The portion of data we obtained also contains user phone numbers, IP addresses and geolocation data associated with the user’s billing address.


Global Firms Delayed Key Security Projects as Pandemic Struck

Permalink - Posted on 2020-07-29 16:00

Over 90% of global organizations were forced to delay key security projects as they transitioned to remote working earlier this year and many stopped patching, exposing themselves to cyber-threats, according to Tanium.


IBM Security 2020 Cost of Data Breach Report Shows 10% Annual Increase in Healthcare Data Breach Costs

Permalink - Posted on 2020-07-29 16:00

The 2020 Cost of Data Breach Report from IBM Security has been released and reveals there has been a slight reduction in global data breach costs, falling to $3.86 million per breach from $3.92 million in 2019 – A reduction of 1.5%. There was considerable variation in data breach costs in different regions and industries. Organizations in the United States faced the highest data breach costs, with a typical breach costing $8.64 million, up 5.5% from 2019.


Security Teams Increasingly Stressed Due to Lack of Proper Tools, Executive Support

Permalink - Posted on 2020-07-29 16:00

93% of security professionals lack the tools to detect known security threats, and 92% state they are still in need of the appropriate preventative solutions to close current security gaps, according to LogRhythm.


OCR Imposes $1 Million HIPAA Penalty on Lifespan for Lack of Encryption and Other HIPAA Failures

Permalink - Posted on 2020-07-28 17:00

Lifespan is a not-for-profit health system based in Rhode Island that has many healthcare provider affiliates in the state. On April 21, 2017, a breach report was filed with OCR by Lifespan Corporation, the parent company and business associate of Lifespan ACE, about the theft of an unencrypted laptop computer on February 25, 2017.


National Cardiovascular Partners Email Hack Impacts 78 Thousand Patients

Permalink - Posted on 2020-07-28 17:00

An investigation led with support from an outside cybersecurity forensics firm determined the account contained patient information, including names, contact information, and a host of other sensitive data that varied by patient.


Cosmetics Giant Avon Leaks 19 Million Records

Permalink - Posted on 2020-07-28 17:00

Researchers at SafetyDetectives led by Anurag Sen told Infosecurity that they found the Elasticsearch database on an Azure server publicly exposed with no password protection or encryption.


Promo.com Discloses Data Breach After 22 Million User Records Leaked Online

Permalink - Posted on 2020-07-28 17:00

In a report shared with BleepingComputer by cybersecurity intelligence firm CloudSEK, a well-known seller of data breaches posted a database containing 22.1 million user records on a hacker forum. This data contains users email addresses, names, genders, geographic location, and for 2.6 million of the users, their hashed passwords.


SEI Investments Customer Data Exposed in Ransomware Attack on Vendor

Permalink - Posted on 2020-07-28 17:00

A May ransomware attack on M.J. Brunner Inc. exposed data pertaining to clients of SEI Investments Co., among them money managers like Pacific Investment Management Co. (Pimco), Fortress Investment Group LLC and Centerbridge Partners.


Over Half of Universities Suffered Data Breach in Past Year

Permalink - Posted on 2020-07-28 17:00

Over half (54%) of UK universities reported a data breach to the regulator in the past 12 months, with an average of two reports each, according to new Freedom of Information (FOI) data collected by Redscan.


Bank of Ireland Fined €1.66 Million After Being Tricked by Fraudster

Permalink - Posted on 2020-07-28 17:00

One of Ireland’s largest banks, Bank of Ireland, has been fined almost €1.7 million after regulators discovered it had failed to inform financial regulators and the police after a fraudster tricked them into transferring funds from a client’s account.


Hedge Funds Client Data Exposed in Massive Ransomware Attack

Permalink - Posted on 2020-07-27 16:00

Investors in hedge fund Angelo Gordon received an unpleasant letter advising them that a "data security incident" had taken place due to a breach of a third-party vendor used by the fund's external fund administrator, SEI Global Fund Services.


Sheffield Hallam University Confirms Blackbaud-Linked Data Breach

Permalink - Posted on 2020-07-27 16:00

University secretary Michaela Boryslawskyj said in an email to members of its community that it was notified by Blackbaud that Sheffield Hallam and a number of other universities had been affected by the incident. As detailed in the Sheffield Star, the email said Blackbaud’s systems were hacked and personal information relating to its alumni and other members of the community were stolen on Thursday July 16 2020.


Garmin's Outage, Ransomware Attack Response Lacking as Earnings Loom

Permalink - Posted on 2020-07-27 16:00

Garmin's response to a cyberattack has been less than stellar, but earnings loom and Wall Street will want answers just as much as customers do.


Source Code from Dozens of Companies Leaked Online

Permalink - Posted on 2020-07-27 16:00

A public repository of leaked code includes big names like Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon (owned by Huawei), Mediatek, GE Appliances, Nintendo, Roblox, Disney, Johnson Controls; and the list keeps growing.


Tech Unicorn Dave Admits to Security Breach Impacting 7.5 Million Users

Permalink - Posted on 2020-07-27 16:00

Digital banking app and tech unicorn Dave.com confirmed today a security breach after a hacker published the details of 7,516,625 users on a public forum. In an email to ZDNet today, Dave said the security breach originated on the network of a former business partner, Waydev, an analytics platform used by engineering teams.


Adif Hit by Cyber Attack

Permalink - Posted on 2020-07-24 16:00

Spanish infrastructure manager Adif has been hit by a cyberattack in which hackers have claimed to have taken 800GB of data including correspondence and contracts.


Keizer Discloses Costs of Recovering from Recent Ransomware Attack

Permalink - Posted on 2020-07-24 16:00

When Keizer, Oregon was attacked in June with ransomware, the attackers demanded $48,000, and the city paid.


North Carolina Healthcare Provider Fined $25,000 for HIPAA Noncompliance

Permalink - Posted on 2020-07-24 16:00

Washington, NC-based Metropolitan Community Health Services is a Federally Qualified Health Center that provides integrated medical, dental, behavioral health & pharmacy services for adults and children. Operating as Agape Health Services, Metro provides discounted medical services to the underserved population in rural North Carolina. Metropolitan Community Health Services has around 43 employees and serves 3,100 patients each year.


U.S. Law Firm Sued Over Fraudulent Wire Transfer from Phising Scam

Permalink - Posted on 2020-07-24 16:00

American international law firm Holland & Knight is facing a lawsuit over a fraudulent wire transfer that saw criminals make off with more than $3m. According to the suit, the law firm was hired by two foundations to sell some stock and carry out a merger plan related to the sale. However, a fraudster was able to steal the proceeds from the sale after intercepting emails from the firm and impersonating the stock seller. Posing as the seller in an email, the fraudster asked Holland & Knight to wire $3.1m from the stock buyer to a fraudulent account identified as Wemakos Furniture Co. Limited.


Blackbaud Breach Hits Nine More Universities

Permalink - Posted on 2020-07-24 16:00

A combined ransomware and data breach attack on a US cloud computing provider in May has affected many more universities and non-profits than at first thought.


Garmin Services and Production Go Down After Ransomware Attack

Permalink - Posted on 2020-07-24 16:00

The company is currently planning a multi-day maintenance window to deal with the attack's aftermath, which includes shutting down its official website, the Garmin Connect user data-syncing service, Garmin's aviation database services, and even some production lines in Asia.


278k Instacart Customer Records Reportedly Hacked, Includes Order History

Permalink - Posted on 2020-07-23 16:00

Some 278,531 Instacart customer records have reportedly been hacked, and are for sale on the dark web. The data includes names, email addresses, the last four digits of credit card numbers, and order histories.


Over 1500 Exposed Online Databases Wiped by 'Meow' Attacker

Permalink - Posted on 2020-07-23 16:00

According to a Shodan search, there was 1269 impacted Elasticsearch servers globally and 276 MongoDB instances hit buy the “meow” bot at the time of writing. It’s unclear whether the attacker has first stolen victims’ data or if this is a purely destructive campaign.


Florida Tax Office Blames Data Breach on Virus

Permalink - Posted on 2020-07-23 16:00

A Florida Tax Collector's Office has blamed malware found on an employee's computer for a data breach that affected around 450,000 residents of Polk County.


More Than Half of European Citizens Worry About Malicious Use of Their Online Data

Permalink - Posted on 2020-07-23 16:00

According to the European Union Agency for Fundamental Rights (FRA), 55% of European citizens are concerned about their online data being accessed by cyber criminals and fraudsters.


GEDmatch Confirms Data Breach After Users' DNA Profile Data Made Available to Police

Permalink - Posted on 2020-07-23 16:00

GEDmatch, the DNA analysis site that police used to catch the so-called Golden State Killer, was pulled briefly offline on Sunday while its parent company investigated how its users’ DNA profile data apparently became available to law enforcement searches. The company confirmed Wednesday that the permissions change was caused by a breach.


New York Charges Big Title Insurer First American Over Security Gap

Permalink - Posted on 2020-07-23 16:00

First American Financial Corp (FAF.N), the second largest U.S. title insurer, was charged on Wednesday by New York’s top financial regulator with exposing millions of documents with sensitive consumer information, in the regulator’s first cybersecurity enforcement case.


COVID-19-Related Attacks Exploded in the First Half of 2020

Permalink - Posted on 2020-07-23 16:00

A midyear report on cyber threats finds that COVID-19-related attacks grew from fewer than 5,000 per week in February to more than 200,000 per week in late April. And those attacks didn't mark the end of threats, as all cyberattacks increased in number by 34% in May and June compared with March and April.


Password Reuse to Blame for Fifth of Account Takeovers

Permalink - Posted on 2020-07-23 16:00

Email account takeover (ATO) attacks often last for over a week and result from employees reusing passwords across multiple sites, according to new research from Barracuda Networks.


Nearly Half of Employees Make Mistakes with Cyber Security Repercussions

Permalink - Posted on 2020-07-22 16:00

Nearly half (47%) of employees cited distraction as a top reason for falling for a phishing scam. This was closely followed by the fact that the email looked legitimate (43%), with 41% saying the phishing email looked like it came from a senior executive or a well-known brand.


20,000+ New Vulnerability Reports Predicted for 2020, Shattering Previous Records

Permalink - Posted on 2020-07-22 16:00

Over 9,000 new vulnerabilities have been reported in the first six months of 2020, and we are on track to see more than 20,000 new vulnerability reports this year — a new record, Skybox Security reveals.


Disabled Delawareans' Personal Data Ends Up in Student Project

Permalink - Posted on 2020-07-22 16:00

The breach occurred when four students from the University of Delaware contacted a Delaware Division of Developmental Disabilities Services (DDDS) provider. The students reached out to request data for a project that aimed to use geo-mapping to detect gaps in the services received by DDDS recipients. A DDDS employee who emailed out information in response to the students' request neglected to anonymize sensitive data. Their slip-up caused the private information of 350 recipients of DDDS support to be exposed. The data breach was only discovered when the unwitting students included the sensitive data in a presentation on their senior project, given via Zoom on May 8.


University of York Investigating Data Theft Incident

Permalink - Posted on 2020-07-22 16:00

As outlined in a statement on the university’s website, the source of the breach was an attack on a third-party service provider, tech firm Blackbaud, which fell victim to ransomware in May 2020. The University of York was first informed of the incident on July 16.


Online Poker Operator Hit by DDoS Attack on Opening Day of WSOP Event

Permalink - Posted on 2020-07-22 16:00

GGPoker, which mainly serves the Asian market but has customers across Europe and America, claims that it migrated servers to a new cloud data center on July 16 to improve performance and account for increased load during the tournament. However, it claims, “the tech team made a mistake of not shielding this server with our DDoS protection service after the migration”.


Public's Info. Compromised in Cyber Attack on Cooke County, TX

Permalink - Posted on 2020-07-21 16:00

A cyberattack on the Cooke County Sheriff’s Office compromised people’s personal information, County Judge Jason Brinkley said. A press release issued Monday, July 20, states a ransomware attack on the county’s information system for the CCSO on July 4 resulted in a data breach of personal identification information.


Companies with Poor Privacy Practices Are 80% More Apt to Suffer Data Breach

Permalink - Posted on 2020-07-21 16:00

In addition to poor privacy policy resulting in an 80% possible data breach, companies with the lowest privacy scores lost 600% more records than companies at the other end of the scale, with the highest scores.


Major Security Flaws Found in South Korea Quarantine App

Permalink - Posted on 2020-07-21 16:00

The defects, which were confirmed by The New York Times and have now been fixed, could have let attackers retrieve the names, real-time locations and other details of people in quarantine. The flaws could also have allowed hackers to tamper with data to make it look as if users of the app were either violating quarantine orders or still in quarantine despite being somewhere else.


Genealogy Software Maker Exposes Data on 60,000 Users

Permalink - Posted on 2020-07-21 16:00

A US tech company that manages popular family tree software has exposed tens of thousands of its users’ personal information online via a misconfigured cloud server, according to researchers.


Lorien Health Services Discloses Ransomware Attack Affecting Nearly 50,000

Permalink - Posted on 2020-07-21 16:00

Lorien Health Services in Maryland announced that it was the victim of a ransomware incident in early June. Data was stolen and then encrypted during the incident. Responsible for the attack are Netwalker ransomware operators, who leaked the information after Lorien refused to pay the ransom demand.


Fast Chargers Can Be Modified to Damage Mobile Devices

Permalink - Posted on 2020-07-20 16:00

Users’ mobile devices can also be implanted with malware with BadPower attack capabilities and be the infection agent for every fast charger that is connected to it.


Two More Cyber Attacks Hit Israel's Water System

Permalink - Posted on 2020-07-20 16:00

The first attack hit agricultural water pumps in upper Galilee, while the second one hit water pumps in the central province of Mateh Yehuda, local media reported last week.


The Privacy Breach That Exposed Sensitive Details of WA's Virus Fight

Permalink - Posted on 2020-07-20 16:00

One of Western Australia's biggest privacy breaches, which involves the interception of thousands of State Government communications, is under investigation. Nine News revealed on Monday evening that the most sensitive information to be hacked and posted to a public website relates to the management of the Covid-19 crisis in WA.


70% of Companies Have Suffered a Public Cloud Data Breach in the Past Year

Permalink - Posted on 2020-07-20 16:00

A recent study conducted by Sophos has revealed 96% of companies are concerned about the state of their public cloud security. There appears to be a valid cause for that concern, as 70% of companies that host data or workloads in the cloud have experienced a breach of their public cloud environment in the past year. The most common attack types were malware (34%), followed by exposed data (29%), ransomware (28%), account compromises (25%), and cryptojacking (17%).


Cyber Crime Jumped 23% Over Past Year

Permalink - Posted on 2020-07-20 16:00

The double-digit increase in reported cybercrime came in spite of improvements to “internal case review processes” and an online reporting tool at Action Fraud in October 2018 which meant some offenses previously categorized as computer misuse are now being properly identified as fraud, ONS said. On that note, when fraud is added to computer misuse, there was an increase of just 12% in cases reported to the NFIB over the period.


Ransomware Gang Demands $7.5 Million from Argentinian ISP

Permalink - Posted on 2020-07-20 16:00

Sources inside the ISP said hackers caused extensive damage to the company's network after they managed to gain control over an internal Domain Admin, from where they spread and installed their ransomware payload to more than 18,000 workstations.


340 GDPR Fines for a Total of €158,135,806 Issued Since May 2018

Permalink - Posted on 2020-07-17 16:00

Since rolling out in May 2018, there have been 340 GDPR fines issued by European data protection authorities. Every one of the 28 EU nations, plus the United Kingdom, has issued at least one GDPR fine, Privacy Affairs finds.


Cloud Provider Pays Ransom Demand

Permalink - Posted on 2020-07-17 16:00

Blackbaud, a provider of software and cloud hosting solutions, said it stopped a ransomware attack from encrypting files earlier this year but still had to pay a ransom demand anyway after hackers stole data from the company's network and threatened to publish it online.


Over Half of Canadians Victims of Cyber Crime

Permalink - Posted on 2020-07-16 15:00

28% of consumers are reporting that their personal information had been exposed through a cybersecurity incident of this nature. While the majority of those surveyed had not experienced a hack of an online account, 22% had fallen victim to this particular cybercrime. A malicious email or spoofed website had managed to deceive 13% of consumers.


Three-Quarters of U.K. Businesses Facing Compliance Problems Following Lockdown

Permalink - Posted on 2020-07-16 15:00

UK data protection officers (DPOs) anticipate the Covid-19 lockdown will cause difficulties in meeting data compliance obligations, potentially leading to large fines. 72% of DSOs expect a backlog of data subject access requests (DSARs) upon returning to the office, while 3% are concerned there will be a “mountain” of DSARs to complete when they go back. 30% of DPOs believe there will be a massive increase in DSARs over the next six months. Furloughed or laid off employees during the pandemic will be a major driver of this growth according to 73% of respondents, while one in five said it will be the biggest single factor.


Walmart Sued Under CCPA After Data Breach

Permalink - Posted on 2020-07-16 15:00

Customer names, addresses, financial and other information were among the haul for attackers, according to the suit filed in the US District Court for the Northern District of California.


Tech Giants Sued Over Biometric Privacy

Permalink - Posted on 2020-07-16 15:00

Online retail giant Amazon and tech leaders Microsoft and Google are reportedly being sued for allegedly violating a biometric privacy law in the state of Illinois.


36,000 Members Affected by Central California Alliance for Health Email Breach

Permalink - Posted on 2020-07-16 15:00

The Central California Alliance for Health has discovered an unauthorized individual gained access to the email accounts of several employees and potentially viewed or copied information in emails and email attachments. The breach was detected on May 7, 2020 and prompt action was taken to secure the affected accounts. In each case, the accounts were accessed for a period of about one hour.


A Hacker Used Twitter's Own Admin Tool to Spread Cryptocurrency Scam

Permalink - Posted on 2020-07-16 15:00

A hacker allegedly behind a spate of Twitter account hacks on Wednesday gained access to a Twitter “admin” tool on the company’s network that allowed them to hijack high-profile Twitter accounts to spread a cryptocurrency scam, according to a person with direct knowledge of the incident.


U.S. Casting Company Leaked Private Data of Over 260,000 Individuals

Permalink - Posted on 2020-07-16 15:00

New Orleans-based MyCastingFile.com is an online casting agency that recruits talent. Users can sign up -- for free or on a subscription basis -- to apply for casting notices. The company claims to have provided actors for productions including True Detective, Pitch Perfect, NCIS: New Orleans, and Terminator Genisys.


SMBs Face Greater Malware Risk This Year

Permalink - Posted on 2020-07-16 15:00

ast year, the average risk globally of a small or medium-sized business (SMB) encountering malware was 11%. Over the last 12 months, that risk has risen to 15%.


New Zealand Property Management Company Leaks 30,000 Users' Passports, Driver's Licenses

Permalink - Posted on 2020-07-16 15:00

CyberNews received information from reader Jake Dixon, a security researcher with Vadix Solutions, who discovered an unsecured Amazon Simple Storage Solution (S3) database containing more than 31,000 images of users’ passports, driver’s licenses, evidence of age documents, and more. These files are publicly accessible to anyone who has the URL and appears to be owned by the Wellington, New Zealand company LPM Property Management.


Indonesia Bhinneka Batabase Dumped 1 Million Accounts

Permalink - Posted on 2020-07-16 15:00

The database was initially hacked on 27 January earlier this year but has now been put out in the open by the attacker. The downloadable folder contains 2 SQL files which contain the records of approximately 1,262,300 accounts in totality.


At Least 41 Healthcare Providers Experienced Ransomware Attacks in the First Half of 2020

Permalink - Posted on 2020-07-15 14:00

There were 128 successful ransomware attacks on federal and state entities, healthcare providers, and educational institutions in the first 6 months of 2020, with the healthcare industry accounting for 32% of those attacks.


Data Breach at Texas Benefits Recovery Firm

Permalink - Posted on 2020-07-15 14:00

The malware may have allowed unauthorized individuals to view and obtain the personal and protected health information (PHI) of 274,837 people.


99% of U.K. Organizations Suffered Security Breaches in the Past One Year

Permalink - Posted on 2020-07-15 14:00

While 98% of those surveyed said that attack volumes have increased in the last 12 months, 99% of them said their business has suffered a security breach in the last 12 months, with the average organisation experiencing 63 breaches in the period. Even though 96% of the respondents also said that cyber attacks have become more sophisticated, only 6% said they plan to increase cyber defence spending in the coming year. Security professionals also admitted their organisations are using more than eight different tools or consoles on average to manage their cyber defence programme, thereby making their environments complex and hard-to-manage.


13 Percent of Q1 Phishing Attacks Related to COVID-19

Permalink - Posted on 2020-07-15 14:00

In the first quarter of 2020 phishing attacks increased by 22.5 percent compared to the end of 2019, and 13 percent of all phishing was related to COVID-19.


South Korean Regulator Fines TikTok Over Mishandling Child Data

Permalink - Posted on 2020-07-15 14:00

The Korea Communications Commission (KCC), the country's telecommunications watchdog, said it has fined the company 186 million won -- around $155,000 -- for failing to protect users' private data. The fine is equivalent to 3% of the company's annual sales in South Korea, an amount designated for such violations under local privacy laws. The investigation began last year in October, the KCC said.


Massive DDoS Attack on Cloudflare Network

Permalink - Posted on 2020-07-15 14:00

Cloudflare researchers reported a DDoS attack that exceeded 400-600 million packets per second (Pps), and that peaked multiple times above 700 million packets per second (Mpps), with a top peak of 754 Mpps.


Media and Video Companies Suffer Huge Increase in Cyber Attacks

Permalink - Posted on 2020-07-15 14:00

According to research by Akamai, between January 2018 and December 2019, 20% of the 88 billion total attacks recorded were against media companies. The company also recorded 630% and 208% year-over-year increases in attacks against broadcast TV and video sites, respectively.


Hacker Releases Database of 270 Million Alleged Wattpad Records

Permalink - Posted on 2020-07-14 15:00

An allegedly stolen Wattpad database containing 270 million records were being sold in private sales for over $100,000. Now it is being offered for free on hacker forums.


Hacker Selling Details of 142 Million MGM Hotel Guests on the Dark Web

Permalink - Posted on 2020-07-14 15:00

The MGM Resorts 2019 data breach is much larger than initially reported, and is now believed to have impacted more than 142 million hotel guests, and not just the 10.6 million that ZDNet initially reported back in February 2020. The new finding came to light over the weekend after a hacker put up for sale the hotel's data in an ad published on a dark web cybercrime marketplace. According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900.


EFF's New Database Reveals What Tech. Local Police Are Using to Spy on You

Permalink - Posted on 2020-07-14 15:00

Launched on Monday in partnership with the University of Nevada's Reynolds School of Journalism, the "Atlas of Surveillance" is described as the "largest-ever collection of searchable data on police use of surveillance technologies." The civil rights and privacy organization says the database was developed to help the general public learn about the accelerating adoption and use of surveillance technologies by law enforcement agencies.


Ransomware Now Stealing Data as Well as Encrypting It

Permalink - Posted on 2020-07-14 15:00

There's now an increasing chance of getting your data stolen, in addition to your network being encrypted, when you are hit with a ransomware attack - which means falling victim to this kind of malware is now even more dangerous.


Welcome Chat App Spies on Users

Permalink - Posted on 2020-07-14 15:00

While functioning as a communication app, Welcome Chat was found to simultaneously be serving as spyware, harvesting data for a campaign with links to threat group Gaza Hacker, also known as Molerats.


IT Staffing Services Collabera Hit by Ransomware, Employee Personal Data Stolen

Permalink - Posted on 2020-07-14 15:00

Hackers infiltrated Collabera, siphoned off at least some employees' personal information, and infected the US-based IT consultancy giant's systems with ransomware.


Belgium Suffers First Jackpotting Attack

Permalink - Posted on 2020-07-14 15:00

Antwerp-based savings bank Argenta has fallen victim to what is believed to be Belgium’s first jackpotting attacks. Also known as a logical attack, jackpotting is a sophisticated crime in which cyber-criminals install malicious software and/or hardware on an ATM that forces the machine to spew out all of its cash on demand.


Security Alerts More Than Doubled in the Last 5 Years

Permalink - Posted on 2020-07-13 16:00

Enterprises are arguably dealing with more data today than ever before, and the pain security operations teams are feeling is significant. Security alert volumes create problems for security operations. 99% report high volumes of alerts cause problems for IT security teams. 83% say their security staff experiences "alert fatigue."


Benefit Recovery Specialists Hacked and PHI of 274,837 Individuals Exposed

Permalink - Posted on 2020-07-13 16:00

The Houston, TX-based billing and collection company, Benefit Recovery Specialists, Inc., (BRSI) has announced it has discovered malware on its systems that may have allowed unauthorized individuals to view or obtain protected health information.


Dunzo Security Breach Exposes Users' Phone Numbers, Email IDs

Permalink - Posted on 2020-07-13 16:00

Hyperlocal delivery startup Dunzo announced on Saturday a security breach of one of its databases that has exposed phone numbers and email IDs of its users.


Records of 45 million+ Travelers to Thailand and Malaysia Surfaced in the Dark Web

Permalink - Posted on 2020-07-13 16:00

The huge trove of data was discovered by the researchers during their regular Deepweb and Darkweb monitoring activity. The experts came across a post published by a credible threat actor that claimed to be in possession of a database containing the above records.


Personal Details and SSNs of 40,000 U.S. Citizens Available for Sale

Permalink - Posted on 2020-07-13 16:00

The huge trove of data was discovered by the researchers during their regular Deepweb and Darkweb monitoring activity. The experts came across a post published by a credible actor that claimed to be in possession of a database containing data of US citizens.


Tax Filers Face "Enormous" Risk for Identity Theft as July 15th Deadline Looms

Permalink - Posted on 2020-07-10 16:00

As of July, the count is 58,000 fraudulent claims and a total of $158 million in nearly-stolen money, according to an investigation conducted by Ernst & Young.


Smartwatch Vulnerability Hackers Overdose Dementia Patients

Permalink - Posted on 2020-07-10 16:00

The watch in question uses the SETtracker app to have the tracking function which can be found in a multitude of similar devices worldwide. The manufacturer on the other hand is different and unidentified as of now. The issue remains as to how many other similar vulnerable smartwatches are out there and even so in this case if any patients were a victim of such an attack.


More than Half of Canadians Polled Say They Have Experienced a Cyber Crime

Permalink - Posted on 2020-07-10 16:00

A report from the Cybersecure Policy Exchange at Ryerson University in Toronto found 57 per cent of respondents in an online survey in May had encountered at least one cybercrime.


Vancouver Coastal Health Hit by Cyber Attack

Permalink - Posted on 2020-07-10 16:00

The health authority said malicious ransomware was discovered in data related to its Employee and Family Assistance Program on May 21, and that officials responded by bringing in external cybersecurity experts to investigate.


5 Billion Unique Credentials Circulating on Darknet

Permalink - Posted on 2020-07-10 16:00

Researchers found that more than 15 billion user credentials are in circulation, of which 5 billion username and password combinations don't have repeated credential pairs and have been advertised on underground forums only once.


Researchers Find Pre-Installed Malware on More Android Phones in U.S.

Permalink - Posted on 2020-07-10 16:00

Following a January report on malware found pre-installed on smartphones sold in the United States to budget-conscious users, Malwarebytes has discovered another mobile device riddled with malware from the get-go.


Mumbai: BKC Company's Data Stolen, Clients Receive Email to Boycott It

Permalink - Posted on 2020-07-10 16:00

A renowned Bandra Kurla Complex (BKC)-based gemological company has approached police to lodge a complaint of forgery, theft and cheating against an unidentified accused. According to the complainant, the accused allegedly stole the company's client data, forged the logo and sent out emails to the clientele, asking them to boycott the company as it is China-based. While police have registered a First Information Report (FIR), the probe is underway.


Egyptian Bus Operator Swvl Hit by Data Breach

Permalink - Posted on 2020-07-10 16:00

Swvl, a bus-booking app and operator of bus routes in Egypt, Kenya, and Pakistan, has been struck by a data breach. The company, based in Cairo, became aware of “unauthorized access to its IT infrastructure” on the evening of July 3, according to a security alert.


70% of Organizations Experienced a Public Cloud Security Incident in the Last Year

Permalink - Posted on 2020-07-09 16:00

70% of organizations experienced a public cloud security incident in the last year – including ransomware and other malware (50%), exposed data (29%), compromised accounts (25%), and cryptojacking (17%), according to Sophos.


95% of Brits Unable to Consistently Identify Phishing Messages

Permalink - Posted on 2020-07-09 16:00

Just 5% of Brits are able to recognize all scam emails and texts, a study from Computer Disposals Limited has found. Just 44% able to identify the genuine messages and emails.


Alabama County Computers Down After Incident

Permalink - Posted on 2020-07-09 16:00

The Chilton County Commission computer network is temporarily down as specialists research a cyber incident, potentially ransomware, which has disrupted the system. This incident means normal services offered at the Courthouse requiring local records are temporarily unavailable.


Teen Murdered After Confronting Cyber Bullies

Permalink - Posted on 2020-07-09 16:00

A teenager from San Diego has been fatally shot after confronting cyber-bullies who targeted her sister online. The life of 19-year-old Janessa Del Valle was tragically cut short on July 4 as America celebrated its national Independence Day. The young woman from Bonita was killed while attempting to stop bullies from using the internet to body-shame her 13-year-old sibling.


Florida Lawsuit Offers Glimpse into Estimated $1.4B Ransomware Toll on U.S. Businesses

Permalink - Posted on 2020-07-09 16:00

A class-action lawsuit seeking $99 million in damages has been lodged against a Tampa-based healthcare provider for alleged negligence in a ransomware breach of patient and employee records. Morgan & Morgan law firm’s June 30 lawsuit claims Florida Orthopaedic Institute failed to properly secure the records of 100,000 to 150,000 current and former patients exposed in an April ransomware attack. Orlando-based Morgan & Morgan filed the claim days after UnityPoint Health agreed to pay $2.8 million in a preliminary settlement of a similar ransomware-related negligence lawsuit after a data breach in Iowa. The Iowa lawsuit against UnityPoint Health and Morgan & Morgan’s legal challenge could unseal exactly how pervasive ransomware is nationwide.


2020 on Track to Hit a New Data Breach Record

Permalink - Posted on 2020-07-09 16:00

Around 16 billion records have been exposed so far this year. According to researchers, 8.4 billion were exposed in the first quarter of 2020 alone, a 273% increase from the first half of 2019 which saw only 4.1 billion exposed.


Over 5 Billion Unique Credentials Offered on Cyber Crime Marketplaces

Permalink - Posted on 2020-07-08 16:00

More than 15 billion username and password pairs have been offered on cybercrime marketplaces, including over 5 billion unique credentials, according to a report published on Wednesday by San Francisco-based risk protection solutions provider Digital Shadows.


Australians Ignoring Cyber Security Policies in Favor of Productivity

Permalink - Posted on 2020-07-08 16:00

61% acknowledge that using non-work applications on a corporate device is a security risk. However, just because most people understand the risks does not mean they stick to the rules, the survey highlights. 51% of employees admit to using a non-work application on a corporate device, and 68% of them have actually uploaded corporate data to that application. 37% often or always access corporate data from a personal device, and 7% of respondents admit to watching or accessing porn on their work laptop, and 7% access the dark web.


Organizations' Security Measures Failing to Keep Pace with BYOD Use

Permalink - Posted on 2020-07-08 16:00

Businesses are increasingly embracing the use of BYOD in the workplace but are not taking corresponding steps to protect corporate data. This is according to the Bitglass 2020 BYOD Report, in which 69% of IT professionals surveyed revealed that employees at their companies are allowed to use personal devices to perform work functions. A significant proportion of organizations also allow BYOD for contractors (26%), partners (21%), consumers (18%) and suppliers (16%).


NZ: Far North Council Scammed Out of $100,000 After Supplier's Email Hacked

Permalink - Posted on 2020-07-08 16:00

The cyber-attack occurred last December, when one of its Auckland-based supplier's emails was hacked and the council received a request to change the supplier's bank account details. The council implemented the change and paid $100,600.30 into the fraudulent bank account over the holiday period.


Casino App Clubillion Leaks PII on Millions of Users

Permalink - Posted on 2020-07-08 16:00

Unlike many similar discoveries, this online database was updated with huge amounts of users’ personal information every single day: in the region of 200 million new records, or 50GB, daily, and sometimes considerably more, according to vpnMentor.


65% of Organizations Saw at Least 3 OT System Intrusions Within the Past Year

Permalink - Posted on 2020-07-07 15:00

The majority of organizations (65%) experienced at least three operational technology (OT) system intrusions within the past year, up from 18% in 2019. Some nine out of 10 organizations said they saw at least one intrusion in the same time frame, a Fortinet report found.


Brazil's Hapvida Discloses Cyber Breach, Potential Client Data Leak

Permalink - Posted on 2020-07-07 15:00

Brazilian health insurer Hapvida said in a securities filing on Monday it has suffered a cyber attack potentially involving access to the personal information of its customers.


Try2Cry Ransomware Spreads via USB Drives

Permalink - Posted on 2020-07-07 15:00

Dubbed Try2Cry, the new piece of ransomware borrows functionality from Spora, which first emerged three years ago. Written in .NET, Try2Cry features a USB worm component similar to that previously observed in the njRAT remote access Trojan.


Manufacturing Sector Paid Out 62% of Total Ransomware Payments in 2019

Permalink - Posted on 2020-07-07 15:00

The manufacturing industry spent more than any other sector last year on ransomware payments, paying out $6.9m, according to a new study by Kivu Consulting. This represents 62% of the total $11m+ of ransoms transferred to cyber-criminals throughout 2019, despite manufacturing only making up 18% of all paid ransom cases.


UnityPoint Health Settles Lawsuit Regarding Data Breaches

Permalink - Posted on 2020-07-07 15:00

UnityPoint Health, which owns Meriter Health Services in Madison, agreed to a deal last month that would put to rest a case related to two separate data breaches that occurred in 2018. Possible information compromised in both events included names of patients, addresses and medical information, as well as for some, driver’s licenses, social security numbers and payment card or bank account numbers.


X-FAB Affected by Cyber Attack

Permalink - Posted on 2020-07-07 15:00

On July 5, 2020, X-FAB Group was the target of a cyber security attack. Following the advice of leading security experts engaged by X-FAB, all IT systems have been immediately halted. As an additional preventive measure, production at all six manufacturing sites has been stopped.


Texas County Sheriff's Office Suffers Ransomware Attack

Permalink - Posted on 2020-07-07 15:00

Hackers claim they stole data from the Cooke County Sheriff’s Office and are threatening to publish it online if their demands are not met. Attacks of this kind are trending across the country.


Texas Bicycle Sharing Company Breached by Malware

Permalink - Posted on 2020-07-07 15:00

A Fort Worth bicycle sharing service, BCycle, found the malware in April and launched an investigation, according to a company letter. The stolen information may have included names, credit card numbers and addresses.


Premier League Club Targeted in £100 Million BEC Scam

Permalink - Posted on 2020-07-07 15:00

Among nearly two million targets in a £380 million BEC scamming operation were a Premier league football team, a US lawyer and an international bank. The alleged scammer was arrested in Dubai.


Volume and Size of Fines for Data Breaches Expected to Rise

Permalink - Posted on 2020-07-06 17:00

The number and value of fines for data breaches is predicted to increase between now and 2025, according to a new study by DSA Connect. Interviews with 1000 workers between 24 and 27 April 2020 revealed that 37% think there will be an increase and 6% believe the rise will be dramatic. Just 3% expect a reduction.


Corporate Cybercrime Victims Double in Five Years

Permalink - Posted on 2020-07-06 17:00

Although large firms with over 250 employees were the most likely to suffer attacks, with over 87% impacted last year, smaller businesses (11-50 employees) experienced the steepest rise, from 28% in 2015 to 68% last year.


Flaw Fixed in Hotels.com Generator as Tesco Clubcard Users Impacted

Permalink - Posted on 2020-07-06 17:00

Tesco Clubcard users have been warned to check their accounts, after a weakness was discovered in the way that Hotels.com codes were generated, which then impacted Clubcard members as they tried to use their points.


U.S. Secret Service Reports an Increase in Hacked Managed Service Providers

Permalink - Posted on 2020-07-06 17:00

US Secret Service says hackers are breaching MSPs to orchestrate ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams.


Ransomware Attack on Insurance MSP Xchanging Affects Clients

Permalink - Posted on 2020-07-06 17:00

DXC Technology notified its investors in an 8-K form filed with the U.S. Securities and Exchange Commission that Xchanging has detected a ransomware attack on some of its systems.


EDP Energy Giant Confirms Ragnar Locker Ransomware Attack

Permalink - Posted on 2020-07-06 17:00

EDP Renewables North America (EDPR NA) confirmed a Ragnar Locker ransomware attack that affected its parent corporation's systems, the Portuguese multinational energy giant Energias de Portugal (EDP).


V Shred Data Leak Exposes PII, Sensitive Photos of Fitness Customers and Trainers

Permalink - Posted on 2020-07-03 16:00

Fitness brand V Shred exposed the personally identifiable information (PII) of over 99,000 customers and trainers -- and has yet to fully resolve the leaking database responsible.


BMW Customer Database for Sale on Dark Web

Permalink - Posted on 2020-07-03 16:00

A database of 384,319 BMW car owners in the U.K. is being offered for sale on an underground forum by the KelvinSecurity Team hacking group, according to KELA, a darknet threat intelligence firm, based in Tel Aviv.


One of Florida's Largest Orthopedic Providers Faces Class-Action Lawsuit After Data Breach

Permalink - Posted on 2020-07-03 16:00

Attorney John Yanchunis of Morgan & Morgan filed the lawsuit against the Florida Orthopedic Institute, seeking at least $99 million on behalf of patients and former patients citing a “failure to properly secure and safeguard protected health information,” according to the complaint filed June 30. The case filed in Hillsborough County seeks long-term identity theft protection for patients, payment for victims who suffer losses as a result of the breach and a court order to force the medical group to strengthen its cybersecurity methods going forward.


AU: Thousands of MyGov Accounts for Sale on Dark Web

Permalink - Posted on 2020-07-03 16:00

The MyGov accounts are among a list of more than 150,000 hacked ".com.au" logins available for sale on dark web marketplaces, where logins are sold for as little as a few cents and as much as several hundred dollars.


Up to 58,000 Individuals Impacted by Healthcare Fiscal Management Ransomware Attack

Permalink - Posted on 2020-07-03 16:00

An unauthorized individual gained access to HFMI systems on April 12, 2020 and deployed a ransomware payload the following day which encrypted data on its systems. The systems accessed by the attacker were found to contain the personal and protected health information of patients who received healthcare services at St. Mary’s between November 2019 and April 2020.


Credit Unions Can Serve Up Negligence Claim in Sonic Data Breach Case

Permalink - Posted on 2020-07-03 16:00

An Ohio federal judge ruled on Sonic Corp’s bid to dismiss claims brought by financial institutions over a 2017 data breach in which hackers accessed customers’ payment card data from 325 of its drive-in locations, allowing a negligence claim to proceed while nixing claims of negligence per se and for declaratory and injunctive relief.


Privacy Breach at DU Reveals Students' Personal Details

Permalink - Posted on 2020-07-03 16:00

A serious data privacy breach on the DU admit card 2020 download portal was noted by two Twitter users. Personal details of all Delhi University students are now easily available to the public.


40% of Security Pros say Half of Cyber Attacks Bypass Their WAF

Permalink - Posted on 2020-07-03 16:00

49% of security professionals reported more than a quarter of attempts to sidestep their WAF protocols had been successful in the last 12 months. In addition, as many as four in ten respondents disclosed that 50% or more of attacks had managed to get around their application layer firewall.


Woolies Hit with AU$1 Million Spamming Fine

Permalink - Posted on 2020-07-02 16:00

The Australian Communications and Media Authority (ACMA) has hit Woolworths Group with a fine of AU$1,003,800, the largest it has handed down, due to five million breaches of the Spam Act 2003 made between October 2018 and July 2019.


Ransomware Operators Demand $14 Million from Power Company

Permalink - Posted on 2020-07-02 16:00

The company has confirmed that it was hit with a cyberattack without providing specific information on the type of compromise, but AppGate’s security researchers, who have obtained a sample of the malware believed to have been used in the attack, are confident that the incident involves the Sodinokibi ransomware.


Magellan Health Ransomware Attack Impacts More Than 364,000 Individuals

Permalink - Posted on 2020-07-02 16:00

The incident has now been listed on the HHS’ Office for Civil Rights breach portal as affecting 6 Magellan entities, each of which has reported the incident separately. Several other entities have also submitted breach reports confirming their patients and subscribers have also been affected.


The California Consumer Privacy Act Is Now Being Enforced

Permalink - Posted on 2020-07-02 16:00

On July 1, 2020, enforcement of the California Consumer Privacy Act (CCPA) of 2018 began. The CCPA took effect on January 1, 2020 and all companies covered by the Act were given a 6 month grace period before compliance with the CCPA would be enforced, although compliance with the provisions of the Act have been mandatory since January 1, 2020.


Data Breach at CNY Works Career Center May Have Exposed Personal Information of 56,000 Clients

Permalink - Posted on 2020-07-02 16:00

Clients potentially impacted by the breach began receiving letters from the agency this week warning that files targeted by a suspected ransomware attack on the agency’s servers contained their names and Social Security numbers.


IBM Study says More Than Half of Indian Companies Report Data Breach in Last Two Years

Permalink - Posted on 2020-07-02 16:00

Cyberattacks have been on the rise in the last two years with 56 per cent of Indian organisations confirming that they had experienced a data breach that had lead to the loss or theft of more than 1,000 records containing sensitive or confidential customer or business information. The responses were part of a global survey conducted by Ponemon Institute and sponsored by IBM Security.


Hacker Ransoms 23k MongoDB Databases and Threatens to Contact GDPR Authorities

Permalink - Posted on 2020-07-02 16:00

A hacker has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password, a number that accounts for roughly 47% of all MongoDB databases accessible online, ZDNet has learned.


Italian Garante Fines Bank 600,000 Euros for Pre-GDPR Data Breach

Permalink - Posted on 2020-07-02 16:00

The sanction was imposed following a data breach that took place between April 2016 and July 2017 that the banking institution notified to the Garante at the end of July 2017. As a result of the breach, the personal data of over 700,000 customers, including contact details, employment data (e.g., salary information), education data, identification details and financial data (e.g., bank account number, information on loans, payment status and customers’ credit ratings), was unlawfully accessed.


Surge in Unique Clients Reporting Brute-Force Attack Attempts

Permalink - Posted on 2020-07-01 16:00

Despite the increasing importance of RDP, as well as other remote access services, organizations often neglect its settings and protection. Employees use easy-to-guess passwords, and without additional layers of authentication or protection, there is little that can stop cybercriminals from compromising an organization’s systems.


One Out of Every 142 Passwords Is '123456'

Permalink - Posted on 2020-07-01 15:00

The '123456' password was spotted 7 million times across a data trove of one billion leaked credentials, in one of the biggest password re-use studies of its kind.


Hackers Obtain Covid-19 Patient Database in Protest at Treatment of Indian Health Workers

Permalink - Posted on 2020-07-01 15:00

Hackers claim they have accessed the personal data of 80,000 Covid-19 patients in New Delhi stored on a local government website, in protest at the treatment of beleaguered healthcare workers.


Grays Harbor County Hospital Settlement

Permalink - Posted on 2020-07-01 15:00

Grays Harbor Community Hospital in Washington suffered a ransomware attack in 2019. Despite their best efforts, not all data was recoverable. And not surprisingly in our litigious society, a lawsuit was filed against it.


e-Learning Platform OneClass Exposed Data on Students, Lecturers

Permalink - Posted on 2020-07-01 15:00

An Elasticsearch database pertaining to e-learning platform OneClass was found to expose data on over one million students and lecturers, vpnMentor reveals.


California's CCPA Gets Teeth Today

Permalink - Posted on 2020-07-01 15:00

As of today, the California state government is enforcing the California Consumer Privacy Act (CCPA). Companies that don't comply with the law can expect stiff penalties from the government, along with potential consumer lawsuits.


Unsecured Chinese Companies Leak Users' Sensitive Personal and Business Data

Permalink - Posted on 2020-07-01 15:00

Research uncovered two unsecured databases, with millions of records, belonging to companies that are based in China and provide different types of services. One database belongs to Xiaoxintong, which offers multiple apps and services aimed at elderly care. The other database we discovered seems to be connected to Shanghai Yanhua Smartech tools, which provides services related to intelligent buildings. The database for Xiaoxintong, which serves more than 200 million elderly people in China, contains sensitive information such as GPS locations, mobile numbers, addresses, hashed passwords and more. The second database that may be from Shanghai Yanhua Smartech has even more sensitive data, such as easily-decoded audio files, names, employee ID numbers, heart rates, oxygen levels, GPS locations and more. Both databases are now closed.


Personal Details of 1.29 Million Limeroad Customers Up for Sale on Dark Web

Permalink - Posted on 2020-07-01 15:00

Even as online shoppers switch from Chinese apps to Indian e-commerce apps, US-based cyber security firm Cyble reported that fashion platform Limeroad’s customer database has suffered a breach with details of 1.29 million shoppers up for sale on the darkweb.


DDoS Attacks Jump 542% from Q4 2019 to Q1 2020

Permalink - Posted on 2020-06-30 16:00

In the first quarter of 2020, distributed denial-of-service (DDoS) attacks jumped more than 542% compared with the last quarter of 2019 and more than 278% year-over-year. NexusGuard researchers suggest the spike may be linked to a parallel increase in malicious cyber activity during the COVID-19 pandemic.


200% Increase in Invoice and Payment Fraud BEC Attacks

Permalink - Posted on 2020-06-30 15:00

Out of all types of BEC attacks, invoice and payment fraud BEC attacks are increasing in popularity. In April, these types of attacks comprised 14% of all BEC attacks, increasing to 17% in May.


Remote Employees Encounter 59 risky URLs per Week

Permalink - Posted on 2020-06-30 15:00

NetMotion recently aggregated a sample of anonymized network traffic data, searching specifically for evidence of users attempting to access flagged (or blocked) URLs, otherwise known as risky content. The analysis, which is derived from data gathered between May 30th – June 24th, 2020, revealed that employees clicked on 76,440 links that took them to potentially dangerous websites.


Businesses Lack a Workable Ransomware Recovery Strategy

Permalink - Posted on 2020-06-30 15:00

According to research from Ontrack of 484 organizations, 39% either did not have or were not unaware of a ransomware strategy, while 26% admitted they couldn’t access any working backups after an attack.


Personal Data of Thousands of Users from Four Continents Exposed in Bitcoin Scam

Permalink - Posted on 2020-06-30 15:00

A joint investigation of Group-IB’s Threat Intelligence and Brand Protection teams revealed 248,926 sets of personally identifiable information exposed in what turned to be a complex three-stage fraud designed to drag people into a shady bitcoin investment scheme.


Eight Cities Using Click2Gov Targeted in Magecart Skimming Attacks

Permalink - Posted on 2020-06-30 15:00

ince April 10, eight cities in three states using the Click2Gov web-based platform to collect payments for services have been hit with Magecart card-skimming attacks that still appear active. Credit card information including card number, expiration date and CVV, as well as personal information such as name and contact address, were being exfiltrated from the municipalities, which were not named.


Half of Internet Users Fall Victim to Cyber Attacks

Permalink - Posted on 2020-06-30 15:00

Brits hold steady at 55%, while 67% of Americans admit to having encountered malicious cyber activities while using their Internet-enabled devices. Computer viruses, phishing scams and stolen passwords were among the most common cyber-related incidents mentioned by user.


UnityPoint Health Reaches $2.8M Settlement Over 2018 Data Breach

Permalink - Posted on 2020-06-29 15:00

After two years of litigation and a partial dismissal, UnityPoint Health has reached a proposed $2.8M settlement with the 1.4 million patients impacted by two phishing-related data breaches.


UCSF Paid $1.4 Million Ransom in NetWalker Attack

Permalink - Posted on 2020-06-29 15:00

The disclosed technical details of the attack are obscure and insufficient to derive definitive conclusions about the origins and nature of this exorbitant incident.


Over 100k Daily Brute-Force Attacks on RDP in Pandemic Lockdown

Permalink - Posted on 2020-06-29 15:00

Telemetry data recorded by cybersecurity company ESET since December 1, 2019, shows a steep increase in the daily number of brute-force attacks against RDP. Between December 2019 and until February 2020, the values were between 70,000 and 40,000 daily attacks. The upward trend started in February when the number shot to 80,000. Since then, the values steadily rose and went past 100,000 in April and May, which corresponds to when most countries with a high number of COVID-19 infections had declared a national emergency and were in pandemic lockdown.


More Than 75% of All Vulnerabilities Reside in Indirect Dependencies

Permalink - Posted on 2020-06-26 16:00

JavaScript, Ruby, and Java are the ecosystems with most bugs in indirect dependencies.


Hackers Threaten to Leak Files Stolen from Australian Beverage Firm Lion

Permalink - Posted on 2020-06-26 16:00

Australian beverage company Lion says it has found no evidence that hackers have stolen information from its systems, but the hackers claim they have and are threatening to leak it unless the company pays up.


LifeLabs Failed to Protect the Personal Health Information of Millions of Canadians

Permalink - Posted on 2020-06-26 16:00

In November, 2019, Canadian testing laboratory provider LifeLabs disclosed a data breach. In February, 2020, it tried to block regulators from accessing a report on the breach prepared for it by Crowdstrike. Today, the B.C. and Ontario privacy commissioners released their report on the incident. It was highly critical of LifeLabs.


Domestic Abuse Victims Exposed in Cloud Misconfiguration

Permalink - Posted on 2020-06-26 16:00

Thousands of domestic violence victims have had their emergency distress messages exposed after a developer misconfigured a back-end AWS bucket. Researchers at vpnMentor led by Noam Rotem and Ran Locar found the voice recordings stored on a publicly accessible AWS S3 bucket.


Cyber Accounts for 26% of All Crimes in Singapore

Permalink - Posted on 2020-06-26 16:00

Accounting for 26.8% of all crimes in the country, cybercrime remains on an upwards trajectory with 9,430 cases reported last year and e-commerce scams leading the way.


Biggest-Ever Packets-per-Second DDoS Attack Hits Large European Bank

Permalink - Posted on 2020-06-26 16:00

Akamai said that the attack on a bank earlier this week was the largest ever packet per second (pps) distributed denial of service (DDoS) attack on its platform. The attack generated 809 million packets per second (Mpps). The targeted bank has not been revealed.


Chinese Bank Forced Western Companies to Install Malware-Laced Tax Software

Permalink - Posted on 2020-06-25 16:00

GoldenSpy installs two identical versions of itself, both as persistent autostart services. If either stops running, it will respawn its counterpart. Furthermore, it utilizes an exeprotector module that monitors for the deletion of either iteration of itself. If deleted, it will download and execute a new version. Effectively, this triple-layer protection makes it exceedingly difficult to remove this file from an infected system.


Personal Data of 350,000+ Social Media Influencers and Users Compromised Following Preen.Me Hack

Permalink - Posted on 2020-06-25 16:00

The personal information of an estimated 100,000+ social media influencers has been compromised and partially leaked, following the breach of social media marketing company, Preen.Me. Furthermore, as a result of this breach, over 250,000 social media users have had their information fully exposed on a deep web hacking forum.


Two-Year Data Breach at Florida Senior Care Provider

Permalink - Posted on 2020-06-25 16:00

Cano Health discovered in April 2020 that some email accounts belonging to its employees had been compromised by threat actors. After investigating the incident, the healthcare company found that the accounts had been accessed multiple times in a prolonged security breach that took place between May 18, 2018, and April 13, 2020.


Billions of Records of Web-Tracking Data Exposed by Oracle's BlueKai

Permalink - Posted on 2020-06-25 16:00

This month, Oracle’s BlueKai left exposed an unsecured database containing billions of records like names, home addresses, email addresses, and sensitive users’ web browsing activity — from purchases to newsletter unsubscribes.


33% Surge in Financial Fraud Attempts During COVID19 Lockdown

Permalink - Posted on 2020-06-25 16:00

Across all financial products, fraud rates increased by a third when compared with previous monthly averages. The largest increase was in fraudulent car and other asset finance applications, which saw a rise of 181%, followed by current accounts (35%) and then saving accounts (28%), according to Experian.


OneClass Unsecured S3 Bucket Exposes PII on More Than One Million Students, Instructors

Permalink - Posted on 2020-06-25 16:00

An unsecured database belonging remote learning platform OneClass has exposed information associated with more than a million students in North America who use the platform to access study guides and educational assistance.


IndiaMART Data Breach: 40,000 Company Records Discovered on Cyber Crime Forums

Permalink - Posted on 2020-06-25 16:00

A breach at online marketplace IndiaMART has leaked the sensitive data of more than 40,000 suppliers. IndiaMART is a business-to-business e-commerce site, connecting suppliers from across India. Last year, the official app had 10 million downloads.


Average Cost of a Data Breach Climbs to $116M

Permalink - Posted on 2020-06-24 15:00

The authors of the "Trends in Cybersecurity Breach Disclosures" report from Audit Analytics reviewed 639 cybersecurity breaches at public companies since 2011 and discovered that, on average, each cyber breach costs $116 million. The report found that in 2019, cybercriminals usually targeted customer names, addresses, and e-mail addresses (48%, 29%, and 28%, respectively). In 2018, names and credit card information were the most-sought types of information. Between 2011 and 2019, malware (34%) was the common commonly used method to obtain data, followed by phishing (25%), unauthorized access (20%), and misconfiguration (12% percent). However, almost half (43%) of companies that suffered a data breach kept the type of attack to themselves.


N.S. Government Reveals May Privacy Breach Involved 10,599 Unredacted Decisions

Permalink - Posted on 2020-06-24 15:00

The Nova Scotia government has now disclosed the number of unredacted decisions posted online in a May privacy breach by the Workers' Compensation Appeals Tribunal totalled 10,599. The decisions contained highly-sensitive information, including employer names, as well as employee names and their medical and psychiatric information. Until now, the government has said little about the error other than it was following the province's privacy breach protocol, which includes conducting a thorough investigation.


Threat Actor Sold Access to Networks of 135 Organizations

Permalink - Posted on 2020-06-24 15:00

Over a period of two years, a threat actor sold access to the compromised networks of 135 organizations in 44 countries and likely made over $1.5 million, Group-IB says.


German Court Orders Facebook to Rein in Data Collection

Permalink - Posted on 2020-06-24 15:00

A top German court on Tuesday ordered Facebook to stop merging data collected through its Whatsapp and Instagram subsidiaries or other websites unless users explicitly agree, in a legal victory for competition authorities.


American Medical Technologies Email Breach Affects 47,767 Patients

Permalink - Posted on 2020-06-24 15:00

American Medical Technologies, a Irvine, CA-based provider of wound care solutions and medical supplies, has discovered an unauthorized individual gained access to the email account of one of its employees and potentially accessed and copied the protected health information of some of its patients.


Over Two-Thirds of Q1 Malware Hidden by HTTPS

Permalink - Posted on 2020-06-24 15:00

Over two-thirds of malware detected in the first three months of the year was hidden in HTTPS encrypted tunnels in a bid to evade traditional AV, according to Watchguard.


Exposed Frost & Sullivan Databases for Sale on Hacking Forum

Permalink - Posted on 2020-06-24 15:00

U.S. business consulting firm Frost & Sullivan was breached after data from an unsecured backup folder exposed on the Internet was sold on a hacker forum.


Citing NY's SHIELD Act, NYSBA Approves Cyber Security CLE Requirement for All Attorneys

Permalink - Posted on 2020-06-23 16:00

Citing a rise in data breaches among New York law firms coupled with the recent enactment of the SHIELD Act that “creates, for the first time, substantive security requirements for persons or businesses that hold the ‘private information’ of New York residents”, the Committee on Technology and the Legal Profession recommended the adoption of a cybersecurity CLE. Because the SHIELD Act applies to “all law firms, even to solo practitioners and small law firms”, the Committee advocated for the requirement as an “important initiative”.


Vermont's Amendments to Data Breach Law and New Student Privacy Law Effective July 1, 2020

Permalink - Posted on 2020-06-23 16:00

The amendments to Vermont’s Security Breach Notice Act include expanding the definition of Personally Identifiable Information (“PII”), expanding the definition of a breach to include login credentials and narrowing the permissible circumstances under which substitute notice may be used.


Only 31% of Americans Concerned with Data Security, Despite 400% Rise in Cyber Attacks

Permalink - Posted on 2020-06-23 16:00

Less than one-third (31%) of Americans said they are concerned about their data security while working from home during the COVID-19 pandemic, a Unisys Security report found. Overall concerns around internet security, including computer viruses and hacking, have dropped since 2019, ranking the lowest among the four primary areas of security in the survey.


Oregon City Pays $48,000 Cyber Ransom

Permalink - Posted on 2020-06-23 16:00

The city of Keizer's computer system was successfully targeted by threat actors using ransomware in the early hours of June 10. The attack left officials unable to access either files or their email accounts for a full seven days.


Indiabulls Group Hit by CLOP Ransomware

Permalink - Posted on 2020-06-23 16:00

Indian conglomerate Indiabulls Group has allegedly been hit with a cyberattack from the CLOP Ransomware operators who have leaked screenshots of stolen data.


Irish Firms Pay Most for Cyber Attacks

Permalink - Posted on 2020-06-22 16:00

Irish firms suffer the highest median cost in Europe from cyber-attacks, at almost €92,000, a major new survey claims. Cyber incidents and breaches cost sampled Irish companies €113m over a six month period, with one unnamed Irish company suffering total cyber losses of €17.8m.


BlueLeaks: Data from 200 U.S. Police Departments and 'Fusion Centers' Published Online

Permalink - Posted on 2020-06-22 16:00

The data has been made available online on a searchable portal. According to the BlueLeaks portal, the leaked data contains more than one million files, such as scanned documents, videos, emails, audio files, and more


Online Fraudsters Steal £17m Over COVID19 Lockdown

Permalink - Posted on 2020-06-22 16:00

The UK’s National Fraud and Cybercrime Reporting Center claimed that online scams had snared 16,352 victims with online shopping and auction fraud since bricks and mortar stores were ordered to close on March 23.


Stalker Online Breach: 1.3 Million User Records Stolen

Permalink - Posted on 2020-06-22 16:00

Two databases were found on underground sites as part of a dark web monitoring project undertaken by the research outfit, one containing around 1.2 million records and another of 136,000 records.


230k+ Indonesian COVID-19 Patients' Records for Sale in the Darkweb

Permalink - Posted on 2020-06-22 16:00

The leaked dump includes name, address, present address, telephone number, citizenship, diagnosis date, result, result date, and many more. Cyble has analyzed the data and confirmed its authenticity, it also indexed the record in its data breach monitoring and notification service AmiBreached.com.


Pennsylvania Health System Hit by NetWalker Ransomware

Permalink - Posted on 2020-06-19 16:00

NetWalker ransomware operators have added Crozer-Keystone Healthy System to their list of victims who have not paid their ransom demands. As proof of claims, the threat actors posted a few screencaps. Several related to finances, one was fairly unreadable, and one was a directory of folders. None of the screencaps were of any medical records of patients.


The Smaller the Business, the Smaller the Focus on Cyber Security

Permalink - Posted on 2020-06-19 16:00

With 89% of small businesses moving to a remote workforce, there remains a significant gap between the perceived importance of cybersecurity protections for businesses with fewer than 10 employees and those with more than 10 employees.


Cyber Crisis Deepens at Lion as Second Attack Bites Beer Giant

Permalink - Posted on 2020-06-19 16:00

The Australia-based beverage giant behind beer brands Little Creatures, XXXX, Tooheys and James Squire has been hit by a second cyber attack after its manufacturing and IT systems were crippled by hackers demanding a ransom of reportedly $1 million last week.


Australian PM says Nation Under Serious Attacks Using Microsoft, Citrix, Telerik UI Bugs

Permalink - Posted on 2020-06-19 16:00

Journalists in the PM’s press conference immediately asked if China was a suspect, as the nation recently took offence at Australia’s call for an international inquiry into the source of the COVID-19 pandemic and appears to have retaliated with new trade disputes and advice that its citizens should not visit Australia as tourists or students. Morrison stonewalled when asked if China is the actor behind these attacks.


IT Giant Cognizant Confirms Data Breach After Ransomware Attack

Permalink - Posted on 2020-06-18 16:00

In a series of data breach notifications, IT services giant Cognizant has stated that unencrypted data was most likely accessed and stolen during an April Maze Ransomware attack. Cognizant is one of the largest IT managed services company in the world with close to 300,000 employees and over $15 billion in revenue.


Most COVID-19 Contact-Tracing Apps Are Not Adequately Secured

Permalink - Posted on 2020-06-18 16:00

Guardsquare researchers have unpacked and decompiled 17 Android contact-tracing apps from 17 countries to see whether developers implement name obfuscation, string, asset/resource and class encryption. They’ve also checked to see whether the apps will run on rooted devices or emulators (virtual devices). The results? Only 41% of the apps have root detection. Only 41% include some level of name obfuscation. Only 29% include string encryption. Only 18% include emulator detection. Only 6% include asset/resource encryption. Only 6% include class encryption.


83% of Global 2000 Enterprises Have Not Adopted Basic Domain Security Practices

Permalink - Posted on 2020-06-18 16:00

These security shortfalls are the direct result of not executing proper domain security techniques. Domain security cannot be an afterthought, and there needs to be a conscious effort to make this an intentional and critical part of every company’s overall cyber security posture, especially as criminals evolve their attack methods.


Aerospace Executives Targeted via LinkedIn Recruitment Messages

Permalink - Posted on 2020-06-17 16:00

According to new research from ESET, the technique involved threat actors contacting the executives via LinkedIn posing as recruiters. Named Operation In(ter)ception, the actions took place from September to December 2019 and began with what ESET called “a quite believable job offer, seemingly from a well-known company in a relevant sector” and contained a OneDrive link which contained a PDF document with salary information related to the fake job offer. However, ESET malware researcher Dominik Breitenbacher said malware was silently deployed on the victim’s computer giving the attacker “an initial foothold and reached a solid persistence on the system.”


Keizer City Computers Hacked, $48,000 Ransom Demanded

Permalink - Posted on 2020-06-17 16:00

The city of Keizer’s computer system was hacked on Wednesday, June 10, and officials were only able to regain access to the data by paying the perpetrators a $48,000 ransom.


RCMP Warn of Ransomware Scam After Business Hacked, $270,000 Extorted

Permalink - Posted on 2020-06-17 16:00

RCMP is warning the public about a type of scam targeting businesses after a recent report received by Halifax District RCMP. Police received the report from a business that had their network hacked with ransomware. The hackers demanded $270,000 to reinstate their network.


Cyber Crime and Cryptocurrency Exchange Hacks Up by 75% During Coronavirus Pandemic

Permalink - Posted on 2020-06-17 16:00

With more people working from home, online crime increased by 75%, some of which are enabled by anonymous cryptocurrencies. Congressman Emanuel Cleaver of Missouri said an FBI report revealed daily cyber crimes increased by 75% during the COVID-10 pandemic. He made his opening remark during the United States House meeting on illegal digital activities. According to Cointelegraph, Tom Kellermann, head of cybersecurity at VMware, said the finance industry got hit the hardest with a 238% increase in related digital crime and a 900% increase in ransomware attacking the industry.


DraftKings Discloses SBTech Ransomware Attack in SEC Filing

Permalink - Posted on 2020-06-17 16:00

In a Form S-1 filed with the SEC today, DraftKings disclosed that SBTech, who they merged with in April, was hit by a ransomware attack at the end of March 2020.


30,000+ Italian Sales Agents' Personal Data, IDs Leaked

Permalink - Posted on 2020-06-17 16:00

We recently uncovered an unsecured Amazon Simple Storage Service (S3) bucket that contains more than 36,000 documents, including scans of national IDs, credit cards, and health insurance cards. The database also contains sales representative enrollment contracts that include personally identifiable information such as full names, addresses, tax identification numbers, and signatures of mostly Italian citizens.


Hosting Provider Hit with Largest-Ever DDoS Attack

Permalink - Posted on 2020-06-17 16:00

Attackers leveled a massive distributed denial-of-service attack against a specific website in early June, topping a bandwidth of 1.44 terabits-per-second and 385 million packets-per-second, the largest volumetric attack encountered by Internet infrastructure firm Akamai.


Chipmaker MaxLinear Reports Data Breach After Maze Ransomware Attack

Permalink - Posted on 2020-06-16 16:00

U.S. system-on-chip (SOC) maker company MaxLinear disclosed that some of its computing systems were encrypted by Maze Ransomware operators last month, after an initial breach that took place around April 15.


eBay Executives Charged with Cyber Stalking Critics

Permalink - Posted on 2020-06-16 16:00

The executives, who no longer work for the online marketplace, allegedly sent a stream of terrifying deliveries to the homes of the newsletter's editor and publisher and their neighbor. Sinister deliveries received by the couple over a period of weeks included a bloody pig mask, a wreath of funeral flowers, and live spiders and cockroaches.


46% of SMEs Sharing Confidential Files by Email During Lockdown

Permalink - Posted on 2020-06-16 16:00

Nearly half of small and medium-sized enterprises (SMEs) regularly share confidential files via email, including financial and employee data in spreadsheets, according to a new study from the Lanop Accountancy Group. This is despite the fact that 60% have not upgraded their organizations’ cybersecurity capabilities since shifting to remote working during COVID-19.


Ransomware Attacks Reported by Rangely District Hospital and Electronic Waveform Lab

Permalink - Posted on 2020-06-16 16:00

Rangely District Hospital in Colorado has started notifying patients that some of their protected health information was stored on parts of its network that were affected by an April 2020 ransomware attack.


Cano Health Discovers 2-Year Email Account Breach

Permalink - Posted on 2020-06-16 16:00

The Florida-based population health management company and healthcare provider Cano Health has discovered the email accounts of three employees have been accessed by an unauthorized individual who set up a mail forwarder on the email accounts that sent emails to external addresses.


Mobile Threats Delivered by Adult Content Double

Permalink - Posted on 2020-06-16 16:00

Kaspersky's review of 2019 threat activity discovered that the number of mobile users attacked by threats disguised as pornographic content grew two-fold in 2019, reaching 42,973 users, compared to the 19,699 targeted in 2018.


83% of Forbes 2000 Companies' Web Domains Are Poorly Protected

Permalink - Posted on 2020-06-16 16:00

Only a handful have controls against domain-name hijacking, DNS modifications, and other threats, a new CSC study finds.


Magecart Attackers Hit Claire's, Intersport Web Shops

Permalink - Posted on 2020-06-15 16:00

The skimmer was served from a domain made to look like it might belong to the company (claires-assets.com), and it was added to the two online stores between April 25th and 30th.


Live Event Manufacturer Reveals Employee Data Breach

Permalink - Posted on 2020-06-15 16:00

Tait Towers Manufacturing produces rigging, lighting and other equipment for concerts, theatrical performances and the like. It claims to have worked on many of the highest-grossing concert tours of all time. The US-headquartered multinational waited nearly two months before last week disclosing an incident which was detected on April 6, but began on February 16. The firm said an unauthorized third party had accessed a server and some employee email accounts.


Norway Suspends Virus-Tracing App After Privacy Concerns

Permalink - Posted on 2020-06-15 16:00

Norway's health authorities said on Monday they had suspended an app designed to help trace the spread of the new coronavirus after the national data protection agency said it was too invasive of privacy.


Exposed Cloud Databases Attacked 18 Times a Day

Permalink - Posted on 2020-06-15 16:00

The largest number of attacks (22) on any one day came just after the instance was indexed by Shodan. In fact, two attacks came in just a minute after it was indexed. This according to a new study from Comparitech.


Complexity and Size of DDoS Attacks Have Increased

Permalink - Posted on 2020-06-15 16:00

The complexity and size of DDoS attacks in 2019 has increased significantly compared to 2018. A report published by NaWas by NBIP concludes that despite the number of attacks has decreased slightly over 2019, their complexity and size has increased significantly.


Accidental Loss of Database Leads to Outage, Potential Threat for Jenkins Artifactory Portal

Permalink - Posted on 2020-06-15 16:00

Accidental deletion of user data can cause severe consequences, like a loss of users' trust on any organization. In a recent incident, accidental deletion of user database by Jenkins created a loophole, that could have allowed threat actors to hijack the user accounts of Jenkins plugin authors.


Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More

Permalink - Posted on 2020-06-15 16:00

3somes, Gay Daddy Bear, and Herpes Dating are among the nine services that leaked the data of hundreds of thousands of users.


South African Bank to Replace 12 Million Cards After Employees Stole Master Key

Permalink - Posted on 2020-06-15 16:00

Postbank says employees printed its master key at one of its data centers and then used it to steal $3.2 million.


Delivery Hero Confirms Foodora Data Breach

Permalink - Posted on 2020-06-15 16:00

Breached information from 14 countries includes personal details for 727,000 accounts - names, addresses, phone numbers and hashed passwords. It also contains latitude and longitude coordinates to six decimal points, which is accurate to within just a few inches. No financial data was leaked.


Sapiens Pays $250,000 in Bitcoin to Hackers Who Took Over Its Computers

Permalink - Posted on 2020-06-15 16:00

Nasdaq and Tel Aviv listed Israeli software company Sapiens International Corp. N.V. was forced to pay $250,000 ransom in Bitcoin to hackers that threatened to shut down its computers, a person with knowledge of the matter told Calcalist on condition of anonymity. The company, which is based out of the Tel Aviv suburb of Holon did not report the matter to the American or Israeli exchange authorities. Sapiens specializes in developing software for insurance and finance companies and has hundreds of clients around the world.


Lion Warns of Beer Shortages Following Ransomware Attack

Permalink - Posted on 2020-06-12 16:00

Australian beverage giant Lion on Friday added further detail to the cyber incident it disclosed earlier this week, confirming it fell victim to a ransomware attack.


12,000+ Indian Blood Donors' PII and Passwords Leaked

Permalink - Posted on 2020-06-12 16:00

A CloudSEK researcher discovered posts on 2 forums advertising a database of Indian blood donors registered on http://www.indianblooddonors.com/index.php. The posts claimed that the database, which contains donors’ Personally Identifiable Information (PII), blood type, and passwords in plain text, was available for free. So, we were able to obtain the complete database at no cost to validate its contents.


Authorities Probe Radio, Website Disruptions During Protests

Permalink - Posted on 2020-06-12 16:00

Authorities are investigating interference with police radio communications, websites and networks used by law enforcement and other officials during recent U.S. protests over the death of George Floyd in Minneapolis.


New York Accounting Firm Facing Class Action Lawsuit Over Maze Ransomware Attack

Permalink - Posted on 2020-06-12 16:00

The lawsuit alleges BST & Co. was negligent for failing to take appropriate and reasonable steps to prevent the attack and did not provide a prompt an accurate notice to affected patients. The lawsuit also alleges the company breached its fiduciary duty to protect sensitive patient information and violated state laws related to deceptive business practices.


Lawsuit Filed Against Accounting Firm in Patient Data Hack

Permalink - Posted on 2020-06-12 16:00

A proposed class action lawsuit filed against an accounting firm in the wake of a 2019 ransomware incident that allegedly exposed patient information serves as the latest reminder of the security and privacy risks posed by vendors.


Fortune 500 Insurance Firm Genworth Discloses Data Breach

Permalink - Posted on 2020-06-12 16:00

Fortune 500 insurance holding company Genworth Financial disclosed a data breach after an unauthorized party gained access to insurance agents' online accounts using compromised login credentials. The U.S. mortgage and long term care insurer had revenue of $8,6 billion during the last fiscal year and it reached a deal with China Oceanwide Holdings Group that will allow the Chinese company to buy Genworth for $2.7 billion.


Knoxville Shuts Down IT Network Following Ransomware Attack

Permalink - Posted on 2020-06-11 16:00

The attack took place last night, between June 10 and June 11. The city's IT department did not detect the intrusion until it was too late and the ransomware had already encrypted multiple systems.


Police Officers' Personal Info. Leaked Online

Permalink - Posted on 2020-06-11 16:00

Personal information of police officers in departments nationwide is being leaked online amid tense interactions at demonstrations across the U.S. over the police custody death of George Floyd and others, according to an unclassified intelligence document from the U.S. Department of Homeland Security, obtained by The Associated Press.


Macy's Pays $192,000 to Settle Data Breach Suit

Permalink - Posted on 2020-06-11 16:00

The class-action lawsuit was brought after a third party managed to obtain customer information from the company in spring 2018. In the suit, plaintiff Anna Carroll accused the 162-year-old company of failing to properly secure customer data against cyber-attackers.


MAZE Attacks Victoria Beckham's Advisory Firm

Permalink - Posted on 2020-06-11 16:00

The threat group MAZE claims to have carried out a cyber-attack on a mergers and acquisitions firm whose client list includes former Spice Girl and fashion designer Victoria Beckham.


TA410 Targets U.S. Energy Providers Using New FlowCloud RAT

Permalink - Posted on 2020-06-11 16:00

A new wave of spear-phishing campaigns has been identified by Proofpoint researchers targeting US-based energy providers. The threat actor, tracked as TA410, also tried to pose as another hacking group, namely TA429 (APT10).


Average Cost of DNS Attacks Hovering Around $924,000

Permalink - Posted on 2020-06-11 16:00

In terms of regional damage from DNS attacks, North America leads the way with the average cost of attack at $1,073,000. This is a modest decrease by about 1.36% from the year prior. And while the United States saw nearly a 4% decrease in attack damages, it still has the highest cost globally at $1,082,710.


Hackers Breached A1 Telekom, Austria's Largest ISP

Permalink - Posted on 2020-06-11 16:00

A1 needed more than six months to kick the hackers off its network. Whsitleblower claims the intruders were Chinese hackers.


Health Sector Most Targeted by Hackers, Breach Costs Rise to $17.76 Billion

Permalink - Posted on 2020-06-10 17:00

ForgeRock’s annual consumer identity breach report found the healthcare sector was the most targeted by hackers in 2019, which has continued into 2020. And its 382 data breaches cost the sector more than $2.45 billion.


60% of Organizations to Suffer Email Attacks

Permalink - Posted on 2020-06-10 17:00

A survey from email and data security firm Mimecast revealed that nearly 60% of organizations believe that they will likely suffer from an email-borne attack in the coming year. And 77% of respondents stated that they are introducing a cyber resilience strategy, with 31% of respondents citing data loss; 31% of them stated a decrease in employee productivity, and 29% reported business downtime due to lack of cyber resilience preparedness.


FTC Reaches Settlement with Kohl's in Failure to Notify Customers of Identity Theft

Permalink - Posted on 2020-06-10 17:00

Kohl’s Department Stores, Inc. has agreed to pay a civil penalty of $220,000 to settle Federal Trade Commission allegations that the Wisconsin-based retailer violated the Fair Credit Reporting Act (FCRA) by refusing to provide complete records of transactions to consumers whose personal information was used by identity thieves.


Everett & Hurite Ophthalmic Association Email Breach Impacts 34,000 Patients

Permalink - Posted on 2020-06-10 17:00

The Everett & Hurite Ophthalmic Association (EHOA), a team of ophthalmology specialists serving Pittsburgh, PA & Warrendale, PA, has discovered an unauthorized individual gained access to the email account of one of its employees and potentially viewed patient information.


Attacks on Cloud Services Increased by 630% Between January and April

Permalink - Posted on 2020-06-10 17:00

COVID-19 has forced businesses to close their offices and allow employees to work from home. Cloud services have been provisioned to support home working and communication solutions such as Zoom, Cisco WebEx, and Microsoft Teams have allowed remote workers in collaborate effectively.


Healthcare Provider Babylon Reports Data Breach

Permalink - Posted on 2020-06-10 17:00

Whilst the company said it has fixed an issue where video recordings of other patients' consultations could be accessed, and notified regulators, one UK-based user found he had access to 50 videos in the Consultation Replays section of the app, and one contained footage of another person's appointment.


FCC Failed to Monitor Chinese Telecoms for Almost 20 Years

Permalink - Posted on 2020-06-10 17:00

After a year-long investigation, the staff report by the US Senate's Permanent Subcommittee on Investigations "found that the FCC and 'Team Telecom'—an informal group comprised of officials from the Departments of Justice, Homeland Security, and Defense—have failed to monitor these three Chinese government-owned carriers," a joint announcement by the subcommittee's Republican and Democratic leaders said. The three carriers the subcommittee referred to are China Telecom Americas (CTA), China Unicom Americas (CUA), and ComNet USA. The companies "operated in the US for nearly 20 Years with little to no oversight from the federal government," the senators' announcement said.


F&P Appliances Latest to Be Hit by Ransomware Attack

Permalink - Posted on 2020-06-10 17:00

Fisher & Paykel Appliances is the latest big brand name to be struck down by ransomware, shutting down its operations while it recovered following the attack.


Nintendo Confirms Over 300,000 Accounts Compromised After Cyber Attack

Permalink - Posted on 2020-06-10 17:00

It was back in April when Nintendo, a Japanese video game company, revealed a major data breach where about 160,000 accounts of Nintendo Switch users were compromised. Now, the video game giant has confirmed that more number of users were affected by the breach than previously known, bringing the total number of breached user accounts to 300,000.


U.S. Companies Lost Over $1.2 Trillion Due to Data Breaches in 2019

Permalink - Posted on 2020-06-10 17:00

Cybercriminals will continue to refine their attack vectors to execute a greater volume of attacks than ever before to pilfer consumer data. Therefore, enterprises need to critically evaluate their digital identity management strategies for weaknesses and work upon them accordingly.


Honda Confirms Its Network Has Been Hit by Cyber Attack

Permalink - Posted on 2020-06-09 17:00

Honda, the Japanese car manufacturer, has confirmed it has been hit with a cyber attack which has impacted some of its operations, including production systems outside of Japan.


Phishing Attack Hits German Coronavirus Task Force

Permalink - Posted on 2020-06-09 17:00

More than 100 executives at a multinational company that’s part of a German task force for creating coronavirus protective gear, were targeted in an ongoing phishing attack.


Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Permalink - Posted on 2020-06-09 17:00

In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet.


56% of Employees Use Personal Computers to WFH

Permalink - Posted on 2020-06-09 17:00

Using nonwork authorized tech at home places company data at risk, especially since 23% of employees are unsure what security protocols exist on their devices, Morphisec found.


University of Utah Health Suffers Further Phishing Attack

Permalink - Posted on 2020-06-09 17:00

This is the third phishing incident to be reported to the HHS’ Office for Civil Rights by the University of Utah this year. The previous incidents were reported on March 21 and April 3 and affected 3,670 and 5,000 patients respectively.


Cyber-Incidents Surge 366% at NASA

Permalink - Posted on 2020-06-09 17:00

New research published yesterday by virtual network provider AtlasVPN found NASA suffered 315 cyber-incidents in 2018. In 2019, that figure shot up to 1,469.


41% of U.K. Workers Haven't Received Adequate Cyber Security Training

Permalink - Posted on 2020-06-09 17:00

An average of 41% of UK employees across all sectors have not received adequate cybersecurity training, which is leaving businesses and individuals vulnerable to attacks, according to a new study by Specops Software. Travel and hospitality was the sector with the worst record, with 84% of staff stating they have not received sufficient training. The findings come just weeks after easyJet suffered a data breach in which details of nine million of its customers were accessed.


Cyber Crime Against Retail Brands Is Up 41% During Pandemic

Permalink - Posted on 2020-06-09 17:00

A dramatic uptick in scams, counterfeiting, and hacking plague retail and e-commerce industries during the coronavirus crisis, as businesses try to define their new normal.


Hackers Strike at Life Healthcare

Permalink - Posted on 2020-06-09 17:00

Admissions systems, business processing systems and e-mail servers have been taken offline by the Life Healthcare Group, which confirmed on Tuesday that its southern African operation has been the victim of a targeted criminal attack on its IT systems.


60% of Organizations Expect to Suffer from an Email-borne Attack

Permalink - Posted on 2020-06-09 17:00

Mimecast (MIME), a leading email and data security company, today unveiled its fourth-annual State of Email Security 2020 report. This report summarizes details from 1,025 global IT decision makers on the current state of cybersecurity. Providing year-over-year comparisons, along with Mimecast’s analysis from the first 100-day period of the coronavirus public health crisis, the report is designed to both offer valuable insights into recent attack trends organizations are challenged with and to serve as a guide to drive continuous improvement to any organization’s cyber resilience strategy.


Drinks Giant Lion Hit by Cyber Attack as Hackers Target Corporate Australia

Permalink - Posted on 2020-06-09 17:00

Lion employs approximately 7000 people across Australia and its dairy and drinks business, which employs 2300 workers, is currently the subject of a $600 million takeover bid by Chinese dairy giant Mengniu, part-owned by Chinese state-owned food processor COFCO.


Canada's Fitness Depot Alerts Customers to Data Breach

Permalink - Posted on 2020-06-08 16:00

The retailer reports cybercriminals infected its online store and used a fraudulent form to steal shoppers' information.


Singapore's Move to Introduce Wearable Devices for Contact Tracing Sparks Public Outcry

Permalink - Posted on 2020-06-08 16:00

Online petition urging the public to reject the use of wearable devices for COVID-19 contact tracing has garnered more than 17,500 signatures, as concerned Singapore residents highlight the potential deployment as too intrusive and a breach of their privacy.


Fears Patient Files at Hockley GP Surgery Hacked

Permalink - Posted on 2020-06-08 16:00

The surgery has 8,839 patients. A text message has been sent to all adults on its books.


San Beda Student Portal Hacked, Personal Data of Thousands Stolen

Permalink - Posted on 2020-06-08 16:00

A still unidentified hacker has infiltrated the online student portal of San Beda University (SBU), gaining access to personal information and social media passwords of thousands of students and apparently releasing them online.


Details of COVID-19 Patients Leaked in Tiruvarur

Permalink - Posted on 2020-06-08 16:00

In a shocking instance of breach of privacy, names, addresses and contact numbers of at least two COVID-19 patients who are currently being treated at the Thiruvarur Medical College and Hospital were circulated on social media apps. One of the patients has been receiving calls from strangers inquiring about his well-being, this breach of privacy has also led to his family being discriminated against by their neighbours.


Everett & Hurite Ophthalmic Association Discloses Breach Involving Protected Health Information

Permalink - Posted on 2020-06-08 16:00

EHOA became aware of unusual activity related to an employee email account. Aat the time of the incident the email account contained patient data.


$107,000 Stolen from Kentucky Employees' Health Plan Members in Two Recent Cyber Attacks

Permalink - Posted on 2020-06-08 16:00

The Commonwealth of Kentucky Personnel Cabinet has announced that two data breaches occurred between late April and Early May. The attacks resulted in the exposure of the protected health information of around 1,000 members of the Kentucky Employees’ Health Plan.


CPA Canada Breach Hits Over 300,000 Accountants

Permalink - Posted on 2020-06-08 16:00

The Chartered Professional Accountants of Canada (CPA Canada) revealed in a statement that an unauthorized third party had managed to access personal information after compromising the organization’s website.


80% of Hacking Attacks Linked to Bad Password Habits

Permalink - Posted on 2020-06-08 16:00

Nearly 80% of hacking attacks are password-related breaches, claims a latest report by Secure Link. As per the report, even in 2017, almost the same amount of hacking-related breaches were linked to passwords. And the trend has continued, says the report terming it a cause of concern.


VT San Antonio Aerospace Hit with Ransomware Attack

Permalink - Posted on 2020-06-08 16:00

A criminal group known as Maze “gained unauthorized access to our network and deployed a ransomware attack,” according to a Friday statement by Ed Onwe, vice president and general manager of the company, which is a subsidiary of the North American headquarters of Singapore’s ST Engineering Ltd.


Third of People Hold Chief Executive Personally Responsible for Cyber Attacks

Permalink - Posted on 2020-06-08 16:00

A survey by data protection firm Veritas Technologies found that more than a third (35%) of UK consumers would see a business leader as personally responsible if a cyber breach of that business occurs. It suggests that more than two-thirds (68%) believe they should be compensated when incidents such as ransomware attacks compromise their data, while 8% said they would like to see chief executives sent to prison if such a breach does take place.


FTC Slams Children's App Developer for COPPA Violations

Permalink - Posted on 2020-06-05 16:00

Children’s app developer HyperBeard has agreed to pay $150,000 after being accused by the Federal Trade Commission (FTC) of illegally collecting children’s data without parental consent.


CPA Canada Discloses Data Breach Affecting 329,000 Individuals

Permalink - Posted on 2020-06-05 16:00

CA Canada is a national organization with more than 217,000 Chartered Professional Accountants as members and one of the largest national accounting bodies in the world.


Enterprise Mobile Phishing Increased by 37% in Q1 2020

Permalink - Posted on 2020-06-05 16:00

Unmitigated mobile phishing threats could cost organizations with 10,000 mobile devices as much as $35 million per incident, and up to $150 million for organizations with 50,000 mobile devices.


Business Services Giant Conduent Hit by Maze Ransomware

Permalink - Posted on 2020-06-05 16:00

The Maze Ransomware operators are claiming to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network. Conduent is a New Jersey, USA based business services firm with 67,000 employees and a 2019 business revenue of $4.47 billion.


Aeries Software Breached and Over 150 School Districts Compromised

Permalink - Posted on 2020-06-04 16:00

There’s a sudden wave of notifications of a breach reaching the parents of students of about 150 School Districts in the United States. Examples from the California office of data protection come from the San Bernardino City, the Yucaipa-Calimesa, and Rocklin. The common denominator in all of the cases is the use of the “Aeries” online student information system and online portal. Apparently, Aeries discovered that someone gained unauthorized access to their systems back in November 2019, and accessed student and parent information stored there. Aeries clarified that the infiltrators exploited a bug in their systems that they have fixed now.


Denial of Service Attacks Against Advocacy Groups Skyrocket 1,120% During Protests

Permalink - Posted on 2020-06-04 16:00

In figures published Tuesday, the internet security firm Cloudflare said it blocked more than 135 billion malicious web requests against advocacy sites, compared to less than 30 million blocked requests against U.S. government websites, such as police and military organizations.


San Francisco Retirement Program SFERS Suffers Data Breach

Permalink - Posted on 2020-06-04 16:00

In a data breach notification filed today, SFERS stated that one of their vendors had set up a test environment that included a database containing the information for approximately 74,000 SFERS members.


Cyber Criminals Exposed 5 Billion Records in 2019, Costing U.S. Organizations Over $1.2 Trillion

Permalink - Posted on 2020-06-04 16:00

Cybercriminals exposed over 5 billion records in 2019, costing over $1.2 trillion to U.S. organizations, according to ForgeRock. Coupled with breaches in 2018 costing over $654 billion, breaches over the last two years have cost U.S. organizations over $1.8 trillion.


Google Faces $5B Lawsuit for Tracking Users in Incognito Mode

Permalink - Posted on 2020-06-04 16:00

A proposed class-action lawsuit filed earlier this week accuses Google of violating users' privacy by collecting their data while they searched the Web in "incognito mode," or private browsing.


Hackers Are Targeting Smartphones as Way into the Company Network at an Increasing Rate

Permalink - Posted on 2020-06-03 17:00

Analysis by cybersecurity company Lookout found that there's been a 37% increase in mobile phishing attacks worldwide between the last three months of 2019 and the first few months of 2020 alone.


Most Companies Suffered a Cloud Data Breach in the Past 18 Months

Permalink - Posted on 2020-06-03 17:00

Nearly 80% of the companies had experienced at least one cloud data breach in the past 18 months, and 43% reported 10 or more breaches, a new Ermetic survey reveals.


Data Breach Lawsuit Filed Against Aveanna Healthcare

Permalink - Posted on 2020-06-03 17:00

Marianne Kolbasuk McGee reports that Aveanna Healthcare has been sued over a July, 2019 breach that it discovered in August, 2019. The breach was disclosed in February of 2020 as potentially impacting more than 166,000 patients. The incident was one of all-too-many incidents where threat actors gained access to a number of employees’ email accounts, and then the covered entity needed to wade through all of the employee email accounts for information as to which patients had what kinds of protected health information in the email accounts or attachments to emails. And as in all-too-many cases I’ve covered over the past year or more, the process of investigating took much longer than the 60 days from initial discovery, and even then, Aveanna could not determine whether any emails were actually accessed or not.


Kaiser Permanente Discovers 8-Year Employee HIPAA Breach

Permalink - Posted on 2020-06-03 17:00

The privacy breach was discovered in late March and the employee was placed on administrative leave while an internal investigation was conducted. Kaiser Permanente was unable to find any legitimate work reason for the employee accessing the records and determined that the access fell outside of the scope of the employee’s job functions. The first instance of unauthorized access occurred in 2012 and the employee continued to access radiology records until her actions were discovered in March 2020.


Chicago Police Scanner Jammed by Hackers Amid Riots

Permalink - Posted on 2020-06-03 17:00

An investigation has been launched after hackers gained access to the emergency radio system used by the Chicago Police Department over the weekend.


Hackers Steal Secrets from U.S. Nuclear Missile Contractor

Permalink - Posted on 2020-06-03 17:00

Cyber extortionists have stolen sensitive data from a company which supports the US Minuteman III nuclear deterrent.


Over 100,000 National IDs of Indians Put on Dark Net for Sale

Permalink - Posted on 2020-06-03 17:00

Over 1 lakh scanned copies of Indians' national IDs, including Aadhaar, PAN card and passport, have been put on dark web for sale, cyber intelligence firm Cyble said on Wednesday. The leaked data seems to have originated from a third party and not from the government system, according to a report by Cyble.


Ransomware Gang says It Breached One of NASA's IT Contractors

Permalink - Posted on 2020-06-03 17:00

DopplePaymer ransomware gang claims to have breached DMI, a major US IT and cybersecurity provider, and one of NASA IT contractors.


Misconfigured Joomla Cloud Infrastructure Causes Yet Another Breach

Permalink - Posted on 2020-06-03 17:00

Misconfigured cloud configurations have often resulted in a leak of sensitive data, creating an embarrassing situation for the organization owning the data. In the latest incident, Joomla’s internal team made this blunder, exposing the details of their registered users.


Companies Fall Short on Mandatory Reporting of Cybercrimes

Permalink - Posted on 2020-06-02 19:00

In its "State of Cybersecurity 2020" report, education and certification organization ISACA found 62% of 2,051 surveyed cybersecurity professionals think their companies under-reported cybercrimes and, in two-thirds of cases, think the reporting of cybercrimes is mandated by regulation or law. Only 16% of companies accurately report cybercrimes, respondents said


Huge Rise in Enterprise Mobile Phishing During Q1 of 2020

Permalink - Posted on 2020-06-02 19:00

Enterprise mobile phishing encounters increased by 37% in the first quarter of 2020 compared with quarter four of 2019, according to the Lookout 2020 State of Mobile Phishing Spotlight Report. The rate of growth was especially high in North America, at 66.3%, exacerbated by the unprecedented rise in people working from home due to the COVID-19 crisis.


Breach Victims Rarely Change Passwords

Permalink - Posted on 2020-06-02 19:00

Even after being notified that their personal data has been compromised in a breach, only about a third of users change their passwords - and most of these are not strong or unique, according to a study by researchers at Carnegie Mellon University.


Hackers Leak Data Stolen from U.K. Electricity Market Administrator Elexon

Permalink - Posted on 2020-06-02 19:00

It turns out that the company was targeted by a group that launches attacks using a piece of ransomware known as Sodinokibi and REvil, and the hackers have made available some files stolen from Elexon.


Hackers Have Access to Data from Nigerian and Kenyan Universities

Permalink - Posted on 2020-06-02 19:00

Techpoint can confirm that the websites and databases of two Nigerian universities — Ahmadu Bello University (ABU), Zaria and the University of Benin (UNIBEN), Benin City — and Mount Kenya University, Thika, Kenya are porous, vulnerable and in urgent need of attention.


Agromart's Data Up for Auction While Threat Actors Publish Victim's Emails About the Attack

Permalink - Posted on 2020-06-02 19:00

Bidders need to register on their auction site, deposit $5,000.00, and then make an opening bid of at least $50,000.00 The “blitz” price is $100,000.00.


Over 460 Million Records Exposed in Breach Incidents Reported in May

Permalink - Posted on 2020-06-02 19:00

The figure is a very conservative estimate as it reflects only publicly reported events. In many cases, the amount of data exposed to unauthorized users was not provided, so the number is likely much higher.


8Belts Exposes Personal Data of 100,000 E-Learners Globally

Permalink - Posted on 2020-06-02 19:00

VpnMentor’s cybersecurity research team led by researchers Noam Rotem and Ran Locar discovered a data breach involving popular Spanish e-Learning platform 8Belts. Researchers claim that the data got exposed because it was stored on a misconfigured Amazon Web Services (AWS) S3 bucket. Thousands of e-learners from across the globe might be affected as a result of this breach.


Payment App Data Breach Exposes Millions of Indians' Data

Permalink - Posted on 2020-06-01 16:00

The breach occurred after BHIM failed to securely store vast swathes of data collected from users and businesses during a sign-up campaign.


41% of Organizations Have Not Taken Any Steps to Expand Secure Access for the Remote Workforce

Permalink - Posted on 2020-06-01 16:00

Currently, organizations are struggling to adjust to the new normal amidst the COVID-19 pandemic, a Bitglass survey reveals. 41% have not taken any steps to expand secure access for the remote workforce, and 50% are citing proper equipment as the biggest impediment to doing so. Consequently, 65% of organizations now enable personal devices to access managed applications.


Data From Joomla Resources Directory Exposed via Unprotected AWS Bucket

Permalink - Posted on 2020-06-01 16:00

An unprotected Amazon Web Services (AWS) S3 bucket exposed the details of 2,700 users who signed up for the Joomla Resources Directory (JRD), Joomla’s Incident Response Task Group reported last week.


Amtrak Discloses Security Incident Involving Guest Reward Accounts

Permalink - Posted on 2020-06-01 16:00

A data breach notice shared by Amtrak with authorities reveals that the incident was discovered on April 16. The company determined that hackers gained access to some customers’ Guest Reward accounts using compromised usernames and passwords, which likely means that the attackers relied on the fact that many users have set the same username and password combination for multiple online accounts and their credentials were stolen in a previous breach.


Haryana Govt's Data on Families Breached

Permalink - Posted on 2020-06-01 16:00

According to available information, the data gathered by the state government under these two schemes was allegedly accessed in Ukraine last week after the authorities 'experienced' a security issue linked to a breach or unauthorized access into the MMPSY/PPP portal and database. The 'compromised' data comprised vital information including names, family details, Aadhar number, bank account numbers and phone numbers of lakhs of residents of the state.


Archive with 20 Million Taiwanese' Ctizens Leaked in the Dark Web

Permalink - Posted on 2020-05-29 16:00

The database size is 3.5 GB, exposed data includes full name, full address, ID, gender, date of birth, and other info.


New Mexico County Government Falls Victim to Ransomware

Permalink - Posted on 2020-05-29 16:00

The ransomware attack against Rio Arriba County was first discovered earlier this week. The incident encrypted network servers, electronic files, and databases.


Minted Discloses Data Breach After 5 Million User Rexords Sold Online

Permalink - Posted on 2020-05-29 16:00

Minted is an online marketplace that allows independent artists to submit their art, which is then voted on by the Minted community. The winning submissions are then sold as art, home décor, and stationery to consumers.


Bigfooty.com Data Breach Exposed Private Details of 100,000 Users and 70 Million Records

Permalink - Posted on 2020-05-29 16:00

A large data leak from an AFL fan website has exposed about 70 million records online, including private conversations between users, according to cyber security researchers.


Minneapolis City Systems Brought Down by Cyber Attack During Riots

Permalink - Posted on 2020-05-29 16:00

A spokesperson for the city told The Hill that some of the city’s public websites and systems were temporarily shut down by a denial of service (DoS) attack, which involves malicious hackers flooding a server with traffic until it crashes.


Cisco Security Breach Hits Corporate Servers That Ran Unpatched Software

Permalink - Posted on 2020-05-29 16:00

Six servers Cisco uses to provide a virtual networking service were compromised by hackers who exploited critical flaws contained in unpatched versions the open source software service relies on, the company disclosed on Thursday.


Vermont Updates Its Data Breach Notification Law

Permalink - Posted on 2020-05-29 16:00

The Vermont legislature amended its data breach notification law, with significant overhauls including expansion of its definition of personal information, and the narrowing of permissible circumstances under which substitute notice may be applied.


Capital One Must Turn Over Mandiant's Forensics Report

Permalink - Posted on 2020-05-29 16:00

The report, if it becomes public, could provide further insight into what went wrong in one of the most significant breaches of a financial institution in history.


Kentucky Unemployment Website Experienced April Data Breach

Permalink - Posted on 2020-05-29 16:00

Kentucky officials reported Thursday what Gov. Andy Beshear described as a “data breach” in the state’s unemployment insurance web portal.


Ransomware Attack Targets Nipissing First Nation

Permalink - Posted on 2020-05-29 16:00

Nipissing First Nation (NFN) has confirmed it was the victim of a ransomware attack earlier this month that affected the administration’s computers and server.


Fortune 500 Company NTT Discloses Security Breach

Permalink - Posted on 2020-05-28 17:00

The company says hackers breached several layers of its IT infrastructure and reached an internal Active Directory to steal and upload data to a remote server.


Mat-Su Surgical Associates Suffers Ransomware Attack

Permalink - Posted on 2020-05-28 17:00

Palmer, AK-based Mat-Su Surgical Associates has announced it was attacked with ransomware in March. The attack was discovered on March 16 when staff were locked out of its computer systems as a result of the encryption of essential files.


Data Loss Spikes Under COVID-19 Lockdowns

Permalink - Posted on 2020-05-28 17:00

Financial services, manufacturing, healthcare, and other businesses, employees copied company data to USB drives 123% more than before the pandemic's onset, with 74% of that data marked as "classified." Data egress over email, USB, and cloud services leaped 80%, with more than 50% of that data marked as "classified." Accompanying the spike in data copying is a 62% increase in malicious activity on corporate networks and servers, with a 54% bump in incident-response investigations.


C-Suite Executives Often Pressure IT Teams to Make Security Exceptions for Them

Permalink - Posted on 2020-05-28 17:00

The C-suite is the most likely group within an organization to ask for relaxed mobile security protocols (74%) – despite also being highly targeted by malicious cyberattacks.


Michigan State University Hit by Ransomware

Permalink - Posted on 2020-05-28 16:00

The operators of the NetWalker ransomware gang have given MSU officials seven days to pay the ransom or they will leak stolen university files.


Indonesia: Hackers Breach Data of Education and Culture Ministry's 1.3 Million Civil Servants

Permalink - Posted on 2020-05-28 16:00

Among the leaked data are full names, citizenship identification numbers (NIK), Family Card numbers, home addresses, mother’s names, father’s names, marital status, birthplace and date and other personal information.


Half of Employees Admit Cutting Seucirty Corners When Working from Home

Permalink - Posted on 2020-05-28 16:00

Distractions while working from home, pressure to hit deadlines and using personal devices are all creating additional security risks for remote workers.


ASB Securities Hit with $80,000 Fine for 14-Year Privacy Breach

Permalink - Posted on 2020-05-27 17:00

The New Zealand Markets Disciplinary Tribunal censured the online share trading platform after 576 of its trading accounts were made vulnerable to unauthorised use over a 14-year period.


26 Million LiveJournal Credentials Leaked Online, Sold on Dark Web

Permalink - Posted on 2020-05-27 17:00

Blogging platform LiveJournal appears to have suffered a security breach in 2014, according to multiple hackers who are now selling and freely trading the company's user database on the dark web and on hacking forums.


Privacy Flaws in Security and Doorbell Cameras Discovered by Florida Tech Student

Permalink - Posted on 2020-05-27 17:00

Ring, Nest, SimpliSafe and eight other manufacturers of internet-connected doorbell and security cameras have been alerted to "systemic design flaws" discovered by Florida Tech computer science student Blake Janes that allows a shared account that appears to have been removed to actually remain in place with continued access to the video feed.


Arbonne MLM Data Breach Exposes User Passwords, Personal Info.

Permalink - Posted on 2020-05-27 17:00

Arbonne is a privately held California-based company acquired by Groupe Rocher in 2018, with annual revenues of over $500 million and a network of more than 200,000 independent consultants from the United States, the United Kingdom, Canada, Australia, Poland, and New Zealand.


23% of Leading Banks Had an Exposed Database with Potential Data Leakage

Permalink - Posted on 2020-05-27 17:00

The myriad of exposures such as RDP, unsecured FTP and misconfigured development tools can be leveraged by attackers to gain unauthorized access to banks’ internal networks and result in data breach attacks. The exposed databases which were discovered place customer and other sensitive data at direct and imminent risk of exposure.


Washington D.C. Significantly Overhauls Its Data Breach Notification Law

Permalink - Posted on 2020-05-27 17:00

In the midst of COVID-19 challenges, privacy and security matters continue to be at the forefront for federal and state legislature. In late March, the Washington D.C. (“D.C.”) legislature amended its data breach notification law, with significant overhauls including expansion of its definition of personal information, updates to notification requirements and new credit monitoring obligations. The Security Breach Protection Amendment Act of 2019, b23-0215, passed the 12-member D.C. Council unanimously and was signed by D.C. Mayor Muriel Bowser on March 26. The new law became effective on May 19, 2020.


Nearly One Fifth of Law Firms Show Signs of Compromise

Permalink - Posted on 2020-05-27 16:00

Cybersecurity experts are calling for the legal sector to be defined as critical to securing national infrastructure, after revealing that 100% of law firms were targeted by attackers in the first quarter of 2020.


8.3 Billion Records of Thai Citizens Revealed to Public Access Negligence

Permalink - Posted on 2020-05-26 17:00

The breach was uncovered on May 7 by security researcher Justin Paine, who discovered an open ElasticSearch database online which appeared to be controlled by AWN, a subsidiary of Thailand’s largest GSM mobile phone operator, Advanced Info Service (AIS). The database contained DNS queries and Netflow data, using which it would be all too easy to map a user’s internet activity.


States Plead for Cyber Security Funds as Hacking Threat Surges

Permalink - Posted on 2020-05-26 17:00

Cash-short state and local governments are pleading with Congress to send them funds to shore up their cybersecurity as hackers look to exploit the crisis by targeting overwhelmed government offices. Members of Congress have taken notice of cyber threats at the state and local level, both before and during the pandemic, and efforts are underway to address the challenges, though how much will be provided is uncertain amid a fight over the amount of additional coronavirus stimulus.


Cyber Criminal Put Truecaller Records of 47.5 Million Indians for Sale on Dark Web

Permalink - Posted on 2020-05-26 17:00

Last week, Cyble spotted personal data of 2.9 crore Indians being sold on the dark web which was sourced from job websites.


Data on 29 Million Indian Jobseekers Leaked

Permalink - Posted on 2020-05-26 17:00

Cybersecurity firm Cyble, which discovered the trove on an unnamed hacking forum, has in turn added the compromised information to its breach notification site AmIBreached. It claimed to have found the posting during a regular sweep of the dark and deep web. The 2.3GB file includes email, phone, home address, qualification, work experience, current salary, employer and other details on job-hunters from all over India.


FTC Settles With Canadian Smart Lock Maker Over Security Practices

Permalink - Posted on 2020-05-26 17:00

The Federal Trade Commission (FTC) has approved a settlement with Canadian smart lock maker Tapplock, which allegedly falsely claimed that its devices were designed to be “unbreakable.”


Class-Action Lawsuit Filed Against State Contractor Over Ohio Dept. of Job and Family Services Data Leak

Permalink - Posted on 2020-05-26 17:00

A class-action lawsuit has been filed in the Cuyahoga County Court of Common Pleas, alleging Deloitte—the contractor the Ohio Department of Job and Family Services (ODJFS) hired to create and manage the new Pandemic Unemployment Assistance system—acted “negligently and recklessly,” leading to last week’s data leak.


Lawsuit Filed Against WSU Over Hack of Decades-Old Student Data

Permalink - Posted on 2020-05-26 17:00

Lawsuit accuses the university of negligence in keeping and storing sensitive data, waiting too long to alert potential victims about the hack, and “knowingly and deliberately” enriching itself by not paying for security measures that would have guarded against the breach.


EasyJet Faces £18 Billion Class-Action Lawsuit Over Data Breach

Permalink - Posted on 2020-05-26 17:00

The lawsuit has been filed in the High Court of London on behalf of customers. According to the firm, easyJet's data breach took place in January 2020, and while the ICO was apparently notified at this time, customers were not informed until four months later.


Turla Hacker Group Steals Anti-Virus Logs to See If Its Malware Was Detected

Permalink - Posted on 2020-05-26 17:00

Turla, one of Russia's most advanced hacker groups, has created malware that gets its orders from email attachments sent to an arbitrary Gmail inbox.


Indonesia Probes Breach of Data on Millions of Voters

Permalink - Posted on 2020-05-22 15:00

Indonesia's election commission is investigating the release of 2.3 million voters' private information on a hacker website along with a threat to release of the data of about 200 million people, the agency said on Friday (May 22).


Milan Hospital Fell Victim to an Embarrassing Data-Stealing Cyber Attack

Permalink - Posted on 2020-05-22 15:00

The “San Raffaele” hospital in Milan, Italy, has suffered a catastrophic cyberattack that also involved the stealing of sensitive data belonging to patients, doctors, nurses, and various employees working there. The data breach went unnoticed for two days now. However, the Twitter user “LulzSecITA” disclosed the event on the social media platform, asking the hospital’s management if they had already informed the Italian data protection officer as they should. However, the hospital failed to respond to these tweets, forcing the anonymous activist to publish screenshots of the stolen data, and then the local media noticed.


25 Million User Records Leak Online from Popular Math App Mathway

Permalink - Posted on 2020-05-22 15:00

The Mathway user data has been previously on sale on the dark web, hacker forums, and Telegram channels for the past two weeks.


Ransomware Deploys Virtual Machines to Hide Itself from Anti-Virus Software

Permalink - Posted on 2020-05-22 15:00

The operators of the RagnarLocker ransomware are running Oracle VirtualBox to hide their presence on infected computers inside a Windows XP virtual machine.


Hacker Used £270 of TV Equipment to Eavesdrop on Sensitive Satellite Communications

Permalink - Posted on 2020-05-22 15:00

The news comes as the number of satellites in orbit is expected to increase from approximately 2,000 today to more than 15,000 by 2030. (Elon Musk’s SpaceX alone has permission to launch 12,000 satellites.)


Santander, One of the Biggest European Banks, Was Leaking Sensitive Data on Their Website

Permalink - Posted on 2020-05-22 15:00

New research recently discovered a security issue with Santander, the 5th largest bank in Europe and the 16th largest in the world. This Spanish multinational bank controls approximately $1.4 trillion in total assets globally, and has a $69.9 billion total market capitalization on the Euro Stoxx 50 stock market index.


Bank of America: COVID-19 Loan Data May Have Leaked

Permalink - Posted on 2020-05-22 15:00

Bank of America disclosed this week that some customers' data may have been exposed during the uploading of loan applications related to the Paycheck Protection Program - a U.S. government initiative created to provide business loans during the COVID-19 pandemic.


Hacker Leaks 40 Million User Records from Popular Wishbone App

Permalink - Posted on 2020-05-21 16:00

Twelve hours after this article went live, the Wishbone user database has leaked in full, being offered as a free download on one of the hacking forums it was being sold on.


Ohioans' and Coloradans' Personal Info. Exposed in Pandemic Unemployment Data Breaches

Permalink - Posted on 2020-05-21 16:00

Two more states have reported breaches or issues with state portals to apply for pandemic-related unemployment benefits.


Hackers Start Leaking Files Stolen from Shipping Giant Toll

Permalink - Posted on 2020-05-21 16:00

Hackers claim to have obtained more than 200 GB of archived data from Australian transportation and logistics giant Toll, and they have already started leaking it after the company refused to pay a ransom.


Israeli Websites Targeted in Major Cyber Attack

Permalink - Posted on 2020-05-21 16:00

Many Israeli websites were hit by a coordinated cyber attack Thursday, with the home pages replaced by images of the country's commercial capital Tel Aviv in flames.


Meal Kit Service Home Chef Confirms Data Breach

Permalink - Posted on 2020-05-21 16:00

According to the company, the hackers accessed user data such as email addresses, names, phone numbers, hashed passwords, and the last four digits of credit card numbers.


Web Application Attacks Double as Threat Actors Target Cloud Data

Permalink - Posted on 2020-05-21 16:00

The 2020 Verizon Data Breach Investigations Report shows malware attacks are falling as threat actors target data in the cloud. This is the 13th year that the report has been produced, which this year contains an analysis of 32,002 security incidents and 3,950 confirmed data breaches from 81 global contributors in 81 countries.


Cyber Security Makes World Economic Forum's Top 10 Covid-19 Global Fallout List

Permalink - Posted on 2020-05-21 16:00

The World Economic Forum mainly concerns itself with high-level macroeconomic issues such as global recessions and world economic development. That’s why it was significant this week when the WEF cited cybersecurity as one of its “Top 10 Fallout” issues from COVID-19 in its Global Risks report. Nearly 38 percent of those surveyed say changing work patterns will lead to increases in cybersecurity and fraud incidents.


Only 36% of Critical Infrastructures Have a High Level of Cyber Resilience

Permalink - Posted on 2020-05-21 16:00

The research investigated the cyber resilience of organizations operating in the energy, finance, health, telecommunications, transport and water industries, located in the world’s five largest economies: UK, US, Germany, France and Japan. Of the 370 companies surveyed, only 36 percent had achieved a high level of cyber resilience.


Offers to Sell Enterprise Network Access Surge on Dark Web

Permalink - Posted on 2020-05-20 16:00

The first quarter of 2020 saw a dramatic rise in Dark Web offers to sell access to enterprise networks, with the number of posts advertising access up 69% compared with the fourth quarter of 2019.


"Flight Risk" Employees Involved in 60% of Insider Cyber Security Incidents

Permalink - Posted on 2020-05-20 16:00

According to the Securonix 2020 Insider Threat Report, published on Wednesday, "flight risk" employees, generally deemed to be individuals on the verge of resigning or otherwise leaving a job, often change their behavioral patterns from two months to two weeks before conducting an insider attack.


Netfilm Ransomware Operators Leak Massive Data from a Global Logistic Group

Permalink - Posted on 2020-05-20 16:00

The Netflim ransomware operators have leaked the first installment of data from a massive 200 GB worth data of the global logistics company Toll Group. The operators have hacked the Toll network via its ransomware at the beginning of this month and breached a massive volume of data before encrypting the Toll network. The ransomware operators have leaked the data consolidated in compressed files along with a note.


Tusla Fned €75,000 for Three GDPR Violations

Permalink - Posted on 2020-05-20 16:00

It was found to have disclosed the personal information of children to unauthorised parties on three occasions.


Canada Fines Facebook Over Misleading Privacy Claims

Permalink - Posted on 2020-05-20 16:00

Facebook has agreed to pay a Can$9 million (US$6.5 million) fine for making false or misleading claims about its privacy settings, Canada's competition watchdog announced Tuesday.


Web App Attacks and Security Errors Surge

Permalink - Posted on 2020-05-20 16:00

Verizon analyzed 32,002 security incidents and 3,950 data breaches to sniff out the top causes of data breaches over the past year. While cyber-espionage attacks and malware decreased, other trends, such as security “errors” (cloud misconfigurations, etc.), denial-of-service (DoS) campaigns and web application attacks saw startling growth.


African Fraud Gang Files for Millions in COVID19 Payments

Permalink - Posted on 2020-05-20 16:00

A notorious West African BEC gang may have made millions defrauding the US government out of COVID-19 business compensation payments, according to Agari.


Brazil's Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

Permalink - Posted on 2020-05-20 16:00

Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication.


Japan Defense Ministry Investigating Hack of Missile System

Permalink - Posted on 2020-05-20 16:00

Japan’s defence ministry is investigating a possible leak of details of a new state-of-the-art missile in a large-scale cyber attack on Mitsubishi Electric Corp, the Asahi Shimbun newspaper reported on Wednesday.


SMBs See Cyber Attacks That Rhyme with Large Enterprises Due to Cloud Shift

Permalink - Posted on 2020-05-19 16:00

Small businesses are increasingly seeing the same cyberattacks and techniques as large enterprises in contrast with previous years, according to the 2020 Verizon Data Breach Investigations Report.


DevSecOps Report: Cloud IT Complexity Creates Immutable Security Issues

Permalink - Posted on 2020-05-19 16:00

A report on DevOps security has found that only 4% of issues found in production are dealt with because of the increased complexity of cloud based IT systems is creating new security gaps.The report found that the cloud-based IT stack has become very complex with the addition of technologies such as containers. Each additional layer of the IT stack adds new risks.


Legal Action Taken Against Lurie Children's Hospital of Chicago Over Two Recent Data Breaches

Permalink - Posted on 2020-05-19 16:00

The lawsuit seeks damages for all patients affected by the breach, the provision of ongoing credit monitoring services for breach victims and calls for measures to be implemented to prevent further privacy breaches in the future.


Over 190 Law Firms Affected by Advanced Data Leak That Exposed Over 10,000 Legal Documents

Permalink - Posted on 2020-05-19 16:00

A leading UK software company exposed personal information belonging to over 190 law firms through an unsecured online database. TurgenSec security firm discovered the breach but could not immediately identify the owner of the online database and therefore contacted the National Cyber Security Centre (NCSC). Following the Responsible Disclosure Policy, the firm contacted the affected law firms who confirmed the data leak came from legal documents hosted by Laserform Hub owned by Advanced Computer Software Group Limited. The database was accessible online to anybody with a browser and internet connection. Advanced claimed the details exposed were largely of public records and resorted not to report the leak.


Covve Revealed as Source of Data Breach Impacting 23 Million Individuals

Permalink - Posted on 2020-05-19 16:00

The compromised data, which was “left exposed on a major cloud provider via a publicly accessible Elasticsearch instance”, included names and job titles, email addresses, phone numbers, and physical addresses.


Verizon DBIR: Breaches Doubled in 2019

Permalink - Posted on 2020-05-19 16:00

The 2020 Verizon DBIR, released Tuesday, analyzed a record total of 157,525 incidents in 2019, of which 3,950 were confirmed data breaches. Now in its 13th year, the report included substantially more industry breakouts for a total of 16 verticals -- the most to date, according to Suzanne Widup, principal consultant for Verizon's RISK team and DBIR contributor.


EasyJet Hack Hits 9 Million Customers

Permalink - Posted on 2020-05-19 16:00

Outside of the customers who have had their credit card details exposed, the risk for most of the 9 million customers affected will be phishing attempts. Criminals will know if an individual has been an EasyJet customer, and could imitate the company’s emails as part of a scam. The company said it is advising customers to be cautious about any unsolicited emails claiming to be from EasyJet or EasyJet Holidays.


Developer in Cyprus Claims Breach of Contacts App

Permalink - Posted on 2020-05-19 16:00

A Cyprus-based app developer acknowledges that it owns a large batch of data that apparently was left exposed on an open Elasticsearch database. A portion of the data was posted on a forum for trading data leaks.


E.U. Parliament Data Breach Confirmed

Permalink - Posted on 2020-05-19 16:00

Data breaches in the European Union are subject to a law named the General Data Protection Regulation (GDPR). While usually, you have firms that would comply with them seeing the power of the regulatory authorities and hefty fines, what happens when those that are the lawmakers get caught under the grasp of the act in itself?


Data Breach in State's New PUA Unemployment System Exposes Some Claimants' Personal Info.

Permalink - Posted on 2020-05-18 16:00

The Illinois Department of Employment Security confirmed one person who has filed claim for benefits through the Pandemic Unemployment Assistance program was able to access personal information for other claimants.


Likely Breach Shuts Down Arkansas Unemployment Program

Permalink - Posted on 2020-05-18 16:00

A state program that was created to process unemployment applications in Arkansas for self-employed individuals or gig economy workers appears to have been illegally accessed and has been shut down.


Transportation Agency Hacked in 2nd Texas Government Attack

Permalink - Posted on 2020-05-18 16:00

The hack comes days after another ransomware attack took down the websites and case management systems of Texas’ appellate and high courts. The courts and transportation agency both said they are working with the FBI to investigate.


Capital One Judge Skeptical That Breach Report Is Privileged

Permalink - Posted on 2020-05-18 16:00

A Virginia federal magistrate judge tackling discovery issues in the sprawling litigation over Capital One’s massive 2019 data breach appeared unconvinced during a hearing Friday morning that consumers suing the bank are barred from seeing a cybersecurity firm’s report on the event. Consumers within the multidistrict litigation are pushing to get hold of an incident report compiled in the wake of the event by prominent cybersecurity consultant Mandiant.


Cyber Insurers Increase Scrutiny Amid Pandemic

Permalink - Posted on 2020-05-18 16:00

Heightened cybersecurity risks triggered by the outbreak of COVID-19 are causing insurers to grill policyholders more closely. Insurers have increased their scrutiny of policyholders' security arrangements as the rise in remote working drives up risk.


Businesses Vulnerable to Emerging Risks Have a Gap in Their Insurance Coverage

Permalink - Posted on 2020-05-15 16:00

The majority of business decision makers are insured against traditional cyber risks, such as breaches of personal information, but most were vulnerable to emerging risks, such as malware and ransomware, revealing a potential insurance coverage gap, according to the Hanover Insurance Group.


Bernards Township Victim of Ransomware Attack

Permalink - Posted on 2020-05-15 16:00

Certain systems, including the township website which was knocked out Monday night, were still "disrupted" as of Thursday afternoon, May 14. The matters is under investigation.


Australia's BlueScope Steel says Cyber "Incident" Has Disrupted Ooperations

Permalink - Posted on 2020-05-15 16:00

The Melbourne-based steelmaker said manufacturing and sales operations in Australia were impacted and some of its processes had to be paused. It said there were also minor disruptions in Asia, New Zealand and at its U.S.-based North Star plant.


Management and Network Services Notifies 30,132 Patients About PHI Breach

Permalink - Posted on 2020-05-15 16:00

Management and Network Services (MNS), LLC, a Dublin, OH-based provider of administrative support services to post-acute healthcare providers, has discovered the email accounts of some of its employees have been compromised.


'Ramsay' Espionage Framework Can Exfiltrate Data from Air-Gapped Networks

Permalink - Posted on 2020-05-15 16:00

Dubbed Ramsay, the framework appears to be in the development stage, with its operators still working on refining delivery vectors. Visibility of victims is low, either because the framework hasn’t enjoyed wide usage, or because of the targeting of air‑gapped networks.


Indiana Court of Appeals Reinstates Patient's Lawsuit Against a Parkview Health System Inc. for Breach

Permalink - Posted on 2020-05-15 16:00

A divided Indiana Court of Appeals has reinstated a patient’s claim that a hospital is vicariously liable for the actions of a medical assistant who accessed her medical records and then shared details with her husband after she noticed that the patient had “liked” a photo of her husband on Facebook.


Hackers Target the Air-Gapped Networks of the Taiwanese and Philippine Military

Permalink - Posted on 2020-05-15 16:00

Attacks involved the use of USBferry, a malware strain that contains a feature allowing it to self-replicate to removable USB devices, such as thumb drives and portable storage systems.


U.K. Electricity Middleman Hit by Cyber Attack

Permalink - Posted on 2020-05-15 16:00

Elexon said the incident only impacted its internal IT network, employee laptops, and company email server.


TikTok Violated Children's Privacy Law, FTC Complaint Says

Permalink - Posted on 2020-05-15 16:00

The popular video sharing app TikTok has landed in hot water again over privacy issues. On Thursday, a group of privacy advocates filed a complaint with the Federal Trade Commission (FTC) alleging the platform failed to adequately protect children’s privacy.


COVID-19 Blamed for 238% Surge in Cyber Attacks Against Banks

Permalink - Posted on 2020-05-14 15:00

The cybersecurity firm's research, which includes input from 25 CIOS at major financial institutions, adds that 80% of firms surveyed have experienced more cyberattacks over the past 12 months, an increase of 13% year-over-year.


Zerodium Stops Accepting Apple Flaws Since Too Many Are Being Submitted

Permalink - Posted on 2020-05-14 15:00

A company that pays hackers to submit serious security vulnerabilities says it’s made aware of so many flaws in various Apple operating systems that it will temporarily stop acquiring new attack techniques.


Ohio Has Stopped Kicking Workers Off Unemployment After a Hacker Targeted Its Website

Permalink - Posted on 2020-05-14 15:00

he state is reconsidering its policy after a hacker released a script that automatically submits junk data to its 'COVID-19 fraud' website, which allows employers to report workers who refuse to work during the pandemic.


Norway Government Investment Fund Conned Out of $10m in Cyber Attack

Permalink - Posted on 2020-05-14 15:00

Norfund – which is the Norwegian government's funding vehicle for developing countries – said a hacker was able to manipulate the organization into routing a loan intended for a Cambodian microfinance organization into an account controlled by the crooks. As a result, in March, 100m Kroner was lost.


Citizen Data Compromised as Service NSW Falls Victim to Phishing Attack

Permalink - Posted on 2020-05-14 15:00

The breach was first thought to have only affected individuals who visited a Service NSW shop front or called the state government service and that those transacting via the app or website channels were not compromised. But in a statement Thursday afternoon, Service NSW revealed the breach, which occurred on 22 April 2020, had seen customer information held in emails accessed.


Access to U.K. Supercomputer Suspended Following Cyber Attack

Permalink - Posted on 2020-05-14 15:00

Hosted by the University of Edinburgh and packing 118,080 processing cores running on a Cray XC30, the ARCHER (Advanced Research Computing High End Resource) supercomputer is the primary academic research supercomputer in the UK. The ARCHER Service was started in November 2013.


Identity Breaches at 79% of Organizations

Permalink - Posted on 2020-05-14 15:00

The worrisome finding emerged from a study titled “Identity Security: A Work in Progress,” which is based on an online survey of 502 IT security and identity decision makers conducted in April. The study was carried out to identify trends in identity-related security and to deduce how forward-thinking companies are trying to reduce the risk of a breach.


Remote Workers Often Not Provided Secure Tools

Permalink - Posted on 2020-05-14 15:00

The research, conducted by Cato Networks, found 68% of respondents said their organizations fail to deploy enough prevention or authentication technologies for remote users. In particular, 37% do not use multi-factor authentication (MFA) for remote users, while 55% of respondents fail to employ intrusion prevention software, or anti-malware technology, while 11% fail to inspect traffic altogether.


Latest N.S. Privacy Breach Reveals Names, Medical Conditions, Sexual Abuse Details

Permalink - Posted on 2020-05-13 16:00

The Nova Scotia government is saying very little about another privacy breach, this one involving an unknown number of Workers' Compensation Board appeal decisions that include the names of workers and some intimate personal information about them. The government removed the documents after being informed by CBC that the decisions were unredacted and contained workers' names and their personal information, as well as the names of their employers.


Education Technology Company Chegg Hit with 15,000 Data Breach Claims

Permalink - Posted on 2020-05-13 16:00

The arbitration demands follow an April 27 ruling from U.S. District Judge Richard Bennett of Baltimore that customers must arbitrate their claims against Chegg instead of suing in a class action. Chegg’s lawyers at Orrick Herrington & Sutcliffe did not respond to a request for comment on the 15,107 arbitration demands, which were filed by Z Law.


Diabetes Device Supplier Faces Refined Claims in Breach Suit

Permalink - Posted on 2020-05-13 16:00

A diabetes device supplier hit by a data breach in mid-2019 is facing refined fraud claims in a potential class action in California after a court took issue with the basis of some original claims.


The Palm Beach County School District Suffers Massive Breach After Second Grader Hacks Systems

Permalink - Posted on 2020-05-13 16:00

You are reading that correctly, the second grader’s — hacking resulted in an emergency login change for “live” morning meetings in several elementary schools last week. It did not result — yet — in a district-wide reassignment of student passwords for the School District’s “Portal” which provides access to Google Classroom.


Magellan Health Suffers Ransomware Attack

Permalink - Posted on 2020-05-13 16:00

The ransomware attack was detected by Magellan Health on April 11, 2020 when files were encrypted on its systems. The investigation into the attack revealed the attacker had gained access to its systems following a response to a spear phishing email sent on April 6. The attacker had fooled the employee by impersonating a client of Magellan Health.


Hackers Target WA's Major Daily Newspaper, Putting Data of Subscribers at Risk

Permalink - Posted on 2020-05-13 16:00

The hack occurred on March 23 but it wasn't brought to the attention of the masthead until April 21, when an investigation was launched. The hackers impersonated the administrator of the mailbox, sent out phishing emails to several people and accessed historic conversations.


9,100 Coronavirus-Themed Cyber Attacks Witnessed in India Between Feb 2 and May 2

Permalink - Posted on 2020-05-13 16:00

19 million such attacks were noted in Asia overall.


E-commerce Platform Bhinneka.com Reported to Be Latest Target of Data Theft

Permalink - Posted on 2020-05-13 16:00

he data of up to 1.2 million Bhinneka.com users is reportedly being sold on the dark web for US$1,200 by a hacker group called ShinyHunters. The group is believed to be the same cybercrime organization responsible for the reported Tokopedia and Bukalapak data breaches.


Outsourcing Giant Interserve Targeted by Cyber Security Attack

Permalink - Posted on 2020-05-13 16:00

A construction and support services group has fallen victim to a cyber security attack. Outsourcing giant Interserve, which recently supported the NHS in building Birmingham’s Nightingale Hospital, said “some” of its services may be affected.


Coronavirus-Related Cyber Attacks Surge to 192,000 in One Week

Permalink - Posted on 2020-05-12 16:00

Over the past three weeks, Check Point found 192,000 coronavirus-related cyberattacks per week, a 30% surge compared with the previous weeks. These cyberattacks encompass malicious websites with the word "corona" or "covid" in the domain name, files with "corona" in their name, and files attached to coronavirus-related phishing emails.


Paying the Ransom Doubles Cost of Recovering from a Ransomware Attack

Permalink - Posted on 2020-05-12 16:00

Sophos, a global leader in next-generation cybersecurity, today announced the findings of its global survey, The State of Ransomware 2020, which reveals that paying cybercriminals to restore data encrypted during a ransomware attack is not an easy and inexpensive path to recovery. In fact, the total cost of recovery almost doubles when organizations pay a ransom. The survey polled 5,000 IT decision makers in organizations in 26 countries across six continents, including Europe, the Americas, Asia-Pacific and central Asia, the Middle East, and Africa.


Ransomware Forces Shutdown of Texas Judiciary Network

Permalink - Posted on 2020-05-12 16:00

Texas revealed on Monday that a ransomware attack has forced the shutdown of its judicial branch network, including websites and servers.


Zoom Reaches Settlement with NY Attorney General Over Privacy and Security Issues

Permalink - Posted on 2020-05-12 16:00

Zoom reached an agreement with the New York Attorney General’s office and has committed to implementing better privacy and security controls for its teleconferencing platform. New York Attorney General Letitia James launched an investigation into Zoom after researchers uncovered a number of privacy and security issues with the platform earlier this year.


Law Firm to the Stars Confirms Ransomware Attack

Permalink - Posted on 2020-05-12 16:00

The website for Grubman Shire Meiselas & Sacks is currently down while digital forensic experts work to recover the firm's encrypted files.


Toll Attacker Made Off with Past and Present Employee Data and Commercial Agreements

Permalink - Posted on 2020-05-12 16:00

Toll said some of the accessed data was exfiltrated and that it is currently determining which data that was. The company said it has not paid the ransom and shut down its IT systems to prevent further infection.


Three Years After WannaCry, Ransomware Accelerating While Patching Still Problematic

Permalink - Posted on 2020-05-12 16:00

If there is a lesson from the WannaCry incident, it's this: Companies that use outdated systems and do not rigorously patch those systems are at risk, not just for data breaches — which firms have historically shrugged off — but for attacks by operations-disrupting ransomware. Unfortunately, many companies continue to ignore those lessons and are still using out-of-date software that is vulnerable to destructive attacks.


Only 19% of Lockdown "Work from Homers" Update Anti-Virus Solution

Permalink - Posted on 2020-05-11 16:00

Only 19% of employees working from home as a result of COVID-19 lockdown measures have checked if their anti-virus solution is up to date, according to new research shared today by Avast Business.


ATM Maker Diebold Nixdorf Hit by Ransomware

Permalink - Posted on 2020-05-11 16:00

Canton, Ohio-based Diebold is currently the largest ATM provider in the United States, with an estimated 35 percent of the cash machine market worldwide. The 35,000-employee company also produces point-of-sale systems and software used by many retailers.


Texas Says Court System Was Subject to Ransomware Attack

Permalink - Posted on 2020-05-11 16:00

The state said the attack was discovered Friday and that it’s not going to paying ransom.


Citizen Lab Says Non-China Registered Accounts Used to Beef Up WeChat Censorship

Permalink - Posted on 2020-05-11 16:00

The research group has found non-China registered accounts are subject to the same content surveillance as China-registered accounts and are used to build up the database WeChat for censorship.


73% of Workers Have Received No Cyber Security Guidance

Permalink - Posted on 2020-05-11 16:00

Millions of people across the world were forced to begin working from home in early March as countries put quarantine measures in place. Yet in the report, 73% of the 6,000 employees who spoke with Kaspersky researchers said they have "have not yet received any specific cybersecurity awareness guidance or training from their employer."


DigitalOcean Inadvertently Exposed Customer Data

Permalink - Posted on 2020-05-11 16:00

Cloud infrastructure provider DigitalOcean is informing customers that it inadvertently exposed some of their data to the Internet.


Attacks on Cloud Storage Double While Phishing Website Blockages Soar by 230%

Permalink - Posted on 2020-05-11 16:00

The top three of web phishers’ targets were online services (namely client software, online streaming services, e-commerce, delivery services and etc.) (29.3 percent), cloud storages (25.4 percent), and financial organisations (17.6 percent).


Pitney Bowes Hit by Maze Ransomware

Permalink - Posted on 2020-05-11 16:00

Global technology provider Pitney Bowes has been hit by the Maze ransomware and the attackers have released a number of screenshots of the company's systems to prove their claims. Maze only attacks Windows systems.


India: Hacking Attacks on Educational Portal Tripled in Q1 Amid Online Learning

Permalink - Posted on 2020-05-11 16:00

The overall number of Distributed Denial of Service (DDoS) attacks during the first three months of this year have seen a significant spike in attacks on educational websites as millions joined online classes during the pandemic, a new report claimed on Saturday.


Worldwide Malware Infections Rise to 404 Million with Daily 10 Million Infections in April 2020

Permalink - Posted on 2020-05-11 16:00

According to Atlas VPN, in the past 30 days, about 404 million malware worldwide infections have been identified. This suggests cybercriminals carried out at least 10 million infections per day. Surprisingly, over 64% of the attacks were targeted against educational institutions.


Swiss Rail Vehicle Manufacturer Stadler Hit by a Malware-Based Attack

Permalink - Posted on 2020-05-11 16:00

International rail vehicle manufacturer, Stadler, disclosed a security breach that might have also allowed the attackers to steal company data. Attackers confirmed that attackers compromised the IT network of the company and deployed some of its machines with malware that was used to exfiltrate data from the infected devices.


ChatBooks Discloses Data Breach After Data Sold on Dark Web

Permalink - Posted on 2020-05-11 16:00

ChatBooks photo print service has informed its customers that user information was stolen from their systems following a cyber attack. Data consisting of 15 million user records is now being offered for sale on the dark web.


Email Breach Impacts 35,529 Patients of Saint Francis Healthcare Partners

Permalink - Posted on 2020-05-08 16:00

The attack occurred on December 30, 2019 but it took until March 20, 2020 for the forensic investigation to determine that patients’ protected health information was potentially compromised. The types of information stored in the email system that could have been accessed included names, medical histories, medical record numbers, clinical and treatment information, dates of service, diagnoses, health insurance provider names, account numbers, prescription information and/or types of procedures performed. No financial information or Social Security numbers were compromised.


Zoom Agrees to Step Up Security After New York Probe

Permalink - Posted on 2020-05-08 16:00

The agreement wraps an investigation launched in March by New York Attorney General Letitia James into vulnerabilities in the California-based company's software.


Cognizant Expects to Lose Between $50m and $70m Following Ransomware Attack

Permalink - Posted on 2020-05-08 16:00

IT services provider Cognizant said in an earnings call this week that a ransomware incident that took place last month in April 2020 will negatively impact its Q2 revenue.


Celebrity Data Stolen in Ransomware Attack on NYC Law Firm

Permalink - Posted on 2020-05-08 16:00

Perpetrators of the attack are threatening to expose nearly 1TB of celebrities' private data unless Grubman Shire Meiselas & Sacks pays a ransom in Bitcoin.


Dating App MobiFriends Silent on Security Breach Impacting 3.6 Million Users

Permalink - Posted on 2020-05-08 16:00

Details about how the MobiFriends hack and how the app's user data was obtained are currently unknown. It is unclear if the data was obtained after the hacker exploited a vulnerability in a server or API, or if MobiFriends left a database exposed online without a password.


Nearly 1 Million WordPress Sites Targeted via Old Vulnerabilities

Permalink - Posted on 2020-05-08 16:00

The attacks were initially discovered on April 28, but showed a massive spike on May 3, when more than half a million websites were hit. Likely the work of a single threat actor, the campaign is aimed at injecting the target websites with malicious JavaScript designed to redirect visitors to malvertising sites.


Tech by VICE Hackers Turned Virginia Government Websites into Elaborate eBooks Scam Pages

Permalink - Posted on 2020-05-08 16:00

The two subdomains, vwn.virginia.gov and crc.virginia.gov had the same content, a list of eBook titles and genres, which redirect to a messy page filled with links to download PDFs. After we contacted the state of Virginia for this article, it took down the pages entirely. It’s unclear what hackers are doing with these domains, but it’s possible that these pages just have placeholder content while they’re used to host malicious content on the server. A security researcher who reviewed the pages said that perhaps the hackers were running some sort of SEO-scam scheme.


Ruhr University Bochum Shuts Down Main Servers After Cyber Attack

Permalink - Posted on 2020-05-08 16:00

The Ruhr University Bochum (RUB), Ruhr-Universität Bochum in German, announced today that it was forced to shut down large parts of its central IT infrastructure, also including the backup systems, due to a cyberattack that took place overnight, between May 6 and May 7.


Jump in Vulnerable RDP Ports Is Leaving Networks Open to Hacking and Cyber Attacks

Permalink - Posted on 2020-05-07 17:00

According to analysis by cybersecurity researchers at McAfee, there's been a spike in RDP ports facing the open internet, growing from around three million in January to more than four and a half million in March.


Search Company Algolia Hacked via Recent Salt Vulnerabilities

Permalink - Posted on 2020-05-07 17:00

A couple of Salt vulnerabilities addressed last week were abused over the weekend to hack Algolia’s infrastructure, the search-as-a-service startup revealed.


A Fifth of U.K. Consumers Hit by Fraud Over Past Year

Permalink - Posted on 2020-05-07 17:00

The card issuing platform polled over 4000 US and UK consumers to compile its 2020 Fraud Report. Over half (52%) of UK respondents admitted they could be better at protecting personal financial information, and just 34% check online to see if their card details have been exposed following a major data breach, versus 60% in the US.


Remote Workers Failing on Password Security During #COVID19 Crisis

Permalink - Posted on 2020-05-07 17:00

Gobal OneLogin study of 5000 remote employees from Germany, France, the UK, Ireland and the US found that nearly a fifth (17%) share their work device password with a spouse or child. Over a third (36%) admitted not having changed their home Wi-Fi password in over a year.


StorEnvy Database Has Been Dumped on a Hacker Forum for Free Download

Permalink - Posted on 2020-05-07 16:00

The popular e-commerce website StorEnvy known for its online store building and social marketplace has been hacked. As a result, personal details of over 1.5 million customers and merchants have been leaked online on a hacker forum for free download, Hackread.com has learned.


GitHub Account Allegedly Hacked; 500 GB Stolen

Permalink - Posted on 2020-05-07 16:00

A hacker claims that they have stolen 500 GB of data from GitHub, a subsidiary of Microsoft. The hacker goes by the name of Shiny Hunters, who claims to have full access to the private repositories.


Hacker Sells 22 Million Unacademy User Records After Data Breach

Permalink - Posted on 2020-05-07 16:00

Unacademy is one of India's largest online learning platforms boasting 14K teachers, over a million video lessons, and over 20 million registered users (learners).


Half of Companies Have Suffered a Cyber Security Issue Amid COVID-19 Crisis

Permalink - Posted on 2020-05-07 16:00

The study, conducted by Barracuda, found that the increase in perceived risk has not been accompanied by an increase in security spending. Some 40% of companies surveyed said that their response to COVID-19 has included cutting their cybersecurity budget and 50% said that they would consider cutting staff if cybersecurity could be maintained.


Global Firms Cut IT Security Budgets Due to #COVID19

Permalink - Posted on 2020-05-06 15:00

The survey of over 1000 business decision-makers illustrates the potentially serious impact the pandemic could have on organizations’ ability to combat threats, as hackers ramp up attacks on remote workers and infrastructure. Around half (51%) of those surveyed said they’ve seen an increase in email phishing attacks since moving to a remote working model, and around the same number (49%) expect to see a data breach or security incident in the next month.


Ransomware Attack on Europe's Largest Private Hospital Operator

Permalink - Posted on 2020-05-06 15:00

Based in Germany, the Fresenius Group includes four independent businesses: Fresenius Medical Care, a leading provider of care to those suffering from kidney failure; Fresenius Helios, Europe’s largest private hospital operator (according to the company’s Web site); Fresenius Kabi, which supplies pharmaceutical drugs and medical devices; and Fresenius Vamed, which manages healthcare facilities.


Attackers Claim Identity of Financial NGO to Steal Sharepoint, Office Credentials

Permalink - Posted on 2020-05-06 15:00

A new phishing campaign is targeting investment brokers with fraudulent emails aimed at stealing their Microsoft SharePoint and Office credentials, by invoking the identity of a credible financial regulatory organization.


Seventy Percent of Firms Sacrifice Security for Faster Innovation

Permalink - Posted on 2020-05-06 15:00

SaltStack's 'State of XOps Report, Q2 2020' queried 130 verified infosec and IT leaders during January 2020. This is against the background of Gartner's 2017 prediction that through to the end of 2020, 99% of vulnerabilities exploited will be ones already known by security and IT professionals. "A number of recent breaches indicate system misconfiguration and unpatched, known vulnerabilities, particularly of public cloud and on-premises server infrastructure and databases, are the most common cause of data exposure and successful exploits," adds Alex Peay, SVP of product and marketing at SaltStack.


Hackers Hide Web Skimmer Behind a Website's Favicon

Permalink - Posted on 2020-05-06 15:00

In one of the most complex and innovative hacking campaigns detected to date, a hacker group created a fake icons hosting website in order to disguise malicious code meant to steal payment card data from hacked websites.


Details of 44m Pakistani Mobile Users Leaked Online, Part of Bigger 115m Cache

Permalink - Posted on 2020-05-06 15:00

The leak comes after a hacker tried to sell a package containing 115 million Pakistani mobile user records last month for a price of $2.1 million in bitcoin.


Cyber Crimnals Timed Attacks to Spike During Peak Uncertainty About the Coronavirus

Permalink - Posted on 2020-05-05 17:00

The "100 Days of Coronavirus" report analyzed malicious activity during the first three months of 2020 and found that the monthly volume in every category of attack increased 33% as governments around the world responded to the epidemic. Criminals used the fear and uncertainty around the virus to craft specific attacks to take advantage of the new working and living conditions caused by lockdowns around the world.


Bad Password Habits Continue with 53% Admitting to Using the Same Password

Permalink - Posted on 2020-05-05 16:00

Among respondents using the same password, most are using it across three to seven accounts (62%), and 10% said they are using over 10 accounts with the same password, the SecureAuth report said.


Maze Team Attacks a Plastic Surgeon

Permalink - Posted on 2020-05-05 16:00

As part of its proof, Maze dumped a number of files with protected health information. One spread sheet for patient appointments contained approximately 39000 entries. A small number of entries were test data, but the rest appeared to be real data, where there might be multiple entries/rows for any one patient.


Virtual Graduation Ceremony Delayed by Cyber Attack

Permalink - Posted on 2020-05-05 16:00

Florida Gulf Coast University's Class of 2020 was due to take part in a digital spring commencement ceremony managed by StageClip at 10am on May 3. The celebratory occasion was relegated to an online-only event to comply with social distancing and lockdown measures implemented to slow the spread of COVID-19.


Student Accesses SMMUSD's Gmail Friday Night

Permalink - Posted on 2020-05-05 16:00

Drati reported that the student was able to send messages to the student body for 16 minutes before the district's technology team discovered the mass emails and disabled the system. During the weekend, the Gmail application was been temporarily disabled, but teachers were able to use private comments within Google Docs Assignments or use the Stream within Google Classroom for public comments. As of Monday morning Gmail is back in use and distance learning was not disrupted.


Hacker Bribed 'Roblox' Insider to Access User Data

Permalink - Posted on 2020-05-05 16:00

The hacker was able to lookup information on high profile Roblox users as well as reset passwords and take other actions on accounts.


Taiwan's Formosa Petrochemical Gas Stations Hit by Malware Attack

Permalink - Posted on 2020-05-05 16:00

A day after top oil refiner CPC Corp., Taiwan became the target of a malware attack, its privately held competitor, Formosa Petrochemical Corp., suffered a similar ordeal, reports said Tuesday (May 5).


Nearly 2,000 Malicious COVID-19-Themed Domains Created Every Day

Permalink - Posted on 2020-05-05 16:00

A new report from researchers with Palo Alto Networks' Unit 42 found that more than 86,600 domains of the 1.2 million newly registered domain (NRDs) names containing keywords related to the COVID-19 pandemic from March 9, 2020 to April 26, 2020 are classified as "risky" or "malicious."


Students, Experts Call for Explanation After York University Suffers Cyber Attack

Permalink - Posted on 2020-05-05 16:00

While York has not provided detailed information about the type of attack it suffered, security analyst Claudiu Popa said the language used by the university suggests students and faculty should be concerned.


CAM4 Adult Cam Site Exposes 11 Million Emails, Private Chats

Permalink - Posted on 2020-05-05 16:00

Adult live streaming website CAM4 exposed over 7TB of personally identifiable information (PII) of members and users, stored within more than 10.88 billion database records.


Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems

Permalink - Posted on 2020-05-05 16:00

The aircraft safety system known as the Traffic Alert and Collision Avoidance System (TCAS) can be coerced into sending an airplane on a mid-air rollercoaster ride – much to the horror of those onboard. Researchers were able to cobble together an effective method for spoofing the TCAS using a $10 USB-based Digital Video Broadcasting dongle and a rogue transponder, for communicating with aircraft.


Ransomware Attack on Colorado Hospital Highlights Fears of More Healthcare Hostage Situations

Permalink - Posted on 2020-05-05 16:00

Ransomware attacks on hospitals are causing increased worry in the cybersecurity industry as hackers and groups go after healthcare organizations with increasing frequency. On April 21, Parkview Medical Center in Pueblo, CO, was hit with a devastating ransomware assault that reportedly "rendered inoperable" the hospital's system for storing patient information.


Increase in Ransomware Demand Amounts Driven by Ryuk, Sodinokibi

Permalink - Posted on 2020-05-04 15:00

Coveware found that the average ransom amount demanded by ransomware attacks in Q1 2020 was $111,605. This amount was a third higher than what it had been in the final quarter of the previous year. It was also nearly triple the amount of the quarter’s median ransomware payment of $44,021, a value which had not changed drastically from the median payment of $41,179 in Q4 2019.


New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers

Permalink - Posted on 2020-05-04 15:00

Cybersecurity researcher Mordechai Guri from Israel's Ben Gurion University of the Negev recently demonstrated a new kind of malware that could be used to covertly steal highly sensitive data from air-gapped and audio-gapped systems using a novel acoustic quirk in power supply units that come with modern computing devices.


Data Security Flaw Exposes Details of Thousands of Legal Documents

Permalink - Posted on 2020-05-04 15:00

A data security flaw has left more than 10,000 legal documents containing sensitive details of commercial property owners unsecured for years in an online database, potentially affecting the clients of about 190 law firms.


French Company Tarkett Hit by Cyber Attack, Shares Fall

Permalink - Posted on 2020-05-04 15:00

French floor surfaces company Tarkett said on Monday that it had been the victim of a cyberattack, which had resulted in an ongoing disruption to its operations, causing its shares to fall.


Indonesia's Tokopedia Probes Alleged Data Leak of 91 Million Users

Permalink - Posted on 2020-05-04 15:00

Data breach monitoring firm Under the Breach published a Twitter post on Saturday showing screenshots from an unnamed individual who claimed he had acquired the personal details of 15 million Tokopedia users during a March 2020 hack on the e-commerce site.


Consumers Will Opt for Competitors After a Single Ransomware-Related Service Disruption

Permalink - Posted on 2020-05-04 15:00

While most consumers are taking necessary security precautions to protect their online accounts, businesses may not be doing enough to protect their information – inadvertently driving sales to competitors that can, an Arcserve research reveals.


Singapore to Require Smartphone Check-Ins at All Businesses and Will Log Visitors' National Identity Numbers

Permalink - Posted on 2020-05-04 15:00

Singapore will from May 12th require all businesses to adopt a system that checks visitors into and out of their premises using their smartphones, and has already made using the system compulsory before entering some venues.


India Orders Mandatory Use of COVID-19 Contact Tracing App for All Workers

Permalink - Posted on 2020-05-04 15:00

Likewise, it is also mandatory for residents living in "containment zones" to download the app and they cannot leave these zones except for medical emergencies, and for maintaining supply of essential goods and services.


Breach Exposes Data of 774,000 Australian Migrants

Permalink - Posted on 2020-05-04 15:00

Partial names, ADUserIDs, and the outcome of applications made by people wishing to migrate to Australia were discovered online by Guardian Australia via a publicly available app hosted on the employment department's domain. Other information uncovered by the newspaper included the age, country of birth, and marital status of applicants.


Tesla Has Been Getting Rid of Computers Without Wiping Them — Compromising Customer Accounts

Permalink - Posted on 2020-05-04 15:00

Tesla has been throwing away computers without wiping them, leaving some customer accounts compromised. Be aware if Tesla ever had to replace your onboard computer.


Suspicious Business Emails Increase, Imposters Pretend to Be Executives

Permalink - Posted on 2020-04-30 19:00

U.S. small businesses report an increase in suspicious business emails over the past year, a cyber survey by HSB shows, and employees are taking the bait as they fall for phishing schemes and transfer tens of thousands of dollars in company funds into fraudulent accounts.


Data Breach Settlement Calls for Enhanced Security Measures

Permalink - Posted on 2020-04-30 19:00

The amount that Banner Health has agreed to spend in improving its security practices is redacted in court documents. A separate court document that outlines the other steps that Banner Health has agreed to take to improve its information security program is sealed.


Personal Data of Thousands of 'Figaro' Readers Exposed on a Server

Permalink - Posted on 2020-04-30 19:00

A large volume of data, including personal data of subscribers and subscribers to the Figaro site , remained accessible for several months online without protection, reveals a report by the computer security company Safety Detective , published Thursday, April 30.


Alabama Dept. of Labor Fixes App After Personal Information Revealed

Permalink - Posted on 2020-04-30 19:00

WPMI reports that an app developed to help Alabamians apply for unemployment benefits and check on their status was exposing personal information.


GCHQ Granted Access to NHS Data as Privacy Concerns Increase

Permalink - Posted on 2020-04-30 19:00

A statement claimed that Hancock has permitted GCHQ access to “any information relating to the security of any network and information system held by or on behalf of the NHS or a public health body during the period ending on December 31 2020.”


Investors Sue LabCorp Over Security Failures in Light of Data Breach, Ransomware Attack

Permalink - Posted on 2020-04-30 19:00

Investors have filed a lawsuit against LabCorp, claiming that the company's board failed to address security problems that led to financial losses. According to the lawsuit, failing to address these problems has impacted investors and resulted in financial losses due to share price changes, and therefore, damages are sought.


Chegg Confirmed Data Breach of Employee Records

Permalink - Posted on 2020-04-30 19:00

Digital attackers succeeded in stealing 700 records associated with current and former Chegg employees. Those records contained individuals’ personally identifiable information (PII) including their names and Social Security Numbers.


Numerous Sites Leak User Emails to Advertising, Analytics Services

Permalink - Posted on 2020-04-30 19:00

Multiple online services and products are leaking email data belonging to their users to third-party advertising and analytics companies, shows a research published today. Websites mentioned in the report include Quibi.com, JetBlue.com, KongHQ.com, NGPVan.com, Mailchimp’s Mandrill.com, WashingtonPost.com, Wish.com. Between them, there are hundreds of millions of emails.


Average Ransomware Payments Soared in the First Quarter

Permalink - Posted on 2020-04-30 19:00

New data from Coveware on ransomware attacks in the first quarter of this year showed that compared with the fourth quarter of 2019, median ransomware payments held relatively steady at around $44,000, but average payments soared 33% to $111,605.


445 Million Attacks Detected Since the Beginning of 2020, COVID-19 Wreaks Havoc

Permalink - Posted on 2020-04-29 17:00

In the first quarter of 2020, the Arkose Labs network recorded the highest attack rate ever seen. 26.5% of all transactions were fraud and abuse attempts, which is a 20% increase over the previous quarter.


Chegg Data Breach Lawsuit Heads to Arbitration

Permalink - Posted on 2020-04-29 17:00

A federal judge has ruled that a lawsuit against education technology company Chegg Inc over its 2018 data breach that may have exposed the personal information of about 40 million users must proceed to arbitration.


California Tops States with Highest Number of Data Breaches and Records Lost

Permalink - Posted on 2020-04-29 17:00

Using data on the total number of records lost per breach from 2005 to 2019, email marketing company Omnisend compiled a study ranking US states and companies. It found that California topped the list with 18,921,723 records lost, followed by 10,402,035 in New York, and both Texas and Georgia came in at over five million.


Consumers Have Little Patience for Businesses Hit by Cyber Attack

Permalink - Posted on 2020-04-29 17:00

With cyberattacks occurring so frequently, many people are naturally worried about their own personal data being leaked or compromised. Almost 40% of those surveyed said that security concerns about their personally identifiable information (PII) was the sole reason they opted not to open an account or do business with a particular company.


PrimoHoagies Sued Over Data Breach

Permalink - Posted on 2020-04-29 17:00

Earlier this month, PrimoHoagies revealed that cyber-attackers had broken into its online payment platform and accessed the payment card information of customers who made online purchases between July 15, 2019, and February 18, 2020. Customers who made purchase in-store were not impacted.


Two Usenet Providers Blame Data Breaches on Partner Company

Permalink - Posted on 2020-04-29 17:00

According to a near-identical message posted on both sites [1, 2], the two companies say the intruder gained access to information such as names, billing addresses, payment details (IBAN and account number), and other information users provided during the process of creating an account on the two websites.


WHO Confirms Fivefold Increase in Cyber Attacks on Its Staff

Permalink - Posted on 2020-04-28 17:00

The World Health Organization is one of the leading agencies combating COVID-19 and has proven to be an attractive target for hackers and hacktivists, who have stepped up attacks on the organization during the COVID-19 pandemic. Cyberattacks on WHO are at five times the level they were at this time last year.


233,000 Patients Notified About PHI Breach at Genetic Testing Lab

Permalink - Posted on 2020-04-28 17:00

Ambry Genetics, an Aliso Viejo, CA-based genetic testing laboratory, is notifying 232,772 individuals that some of their protected health information was exposed as a result of a recent email security breach. At almost 233,000 records, this is the second largest healthcare data breach to be reported in 2020.


China Mandates Cyber Security Reviews for Tech Product Acquisitions

Permalink - Posted on 2020-04-28 17:00

New rules that will take effect on June 1 require critical information infrastructure operators in China to conduct cybersecurity reviews when acquiring network products and services.


Former Prime Communications Employee Sent Personal Info. of Thousands of Employees

Permalink - Posted on 2020-04-28 17:00

Thousands of employees’ personal information was sent right to a former Prime Communications employee’s email. “I’ve never experienced anything like this before,” said Tonya Smith. Smith said nothing but nervousness filled her mind after the human resources department sent her 105 pages of personal information of thousands of Prime Communications employees across the nation.


Massive & Unprecedented Security Breach Takes Usenet Providers Offline

Permalink - Posted on 2020-04-28 17:00

A massive security breach has taken at least one major Usenet provider offline. UseNext says that a "security hole in a partner company" could have revealed names and bank account information, exposing customers to fraud and identity theft. The precise nature of the breach isn't clear but reports that a Usenet client has been stealing login credentials is being linked to the security disaster.


'Smart' Parking Meter Vendor Had Data Stolen in Ransomware Attack

Permalink - Posted on 2020-04-28 17:00

CivicSmart, a Milwaukee firm that sells parking meters capable of processing mobile payments, hardware and software used in enforcing parking rules and mobile apps used by motorists and government employees alike, was hit last month with a form of ransomware known alternatively as Sodinokibi or REvil. Messages posted to a website on which the hackers name their victims and leak stolen files in an attempt to elicit ransom payments suggest that CivicSmart paid an unspecified amount to have its files decrypted.


Nine Mil Logs of Brits' Road Journeys Exposed from Password-Less Number-Plate Camera Dashboard

Permalink - Posted on 2020-04-28 17:00

Exclusive In a blunder described as "astonishing and worrying," Sheffield City Council's automatic number-plate recognition (ANPR) system exposed to the internet 8.6 million records of road journeys made by thousands of people, The Register can reveal. The ANPR camera system's internal management dashboard could be accessed by simply entering its IP address into a web browser. No login details or authentication of any sort was needed to view and search the live system – which logs where and when vehicles, identified by their number plates, travel through Sheffield's road network.


100k+ WordPress Sites Exposed to Hack Due to a Bug in Real-Time Find and Replace Plugin

Permalink - Posted on 2020-04-28 17:00

The vulnerability was discovered by Wordfence researchers, it is a Cross-Site Request Forgery flaw that could lead to Stored Cross-Site Scripting (Stored XSS) attacks. Attackers can trigger the issue to trick WordPress admins into injecting malicious JavaScript into the pages of their websites by clicking a malicious link within a comment or email.


GDPR Compliance Site Leaks Git Data, Passwords

Permalink - Posted on 2020-04-28 17:00

Researchers discovered a .git folder exposing passwords and more for a website that gives advice to organizations about complying with the General Data Protection Regulation (GDPR) rules.


Biopharmaceutical Firm Suffers Ransomware Attack, Data Dump

Permalink - Posted on 2020-04-28 17:00

Pharmaceutical clinical research organization ExecuPharm last week reported a March 13 ransomware attack that exposed employee personal data including Social Security numbers, taxpayer and bank account information, passport, and credit card information. And according to a report on Tech Crunch, the attackers also later dumped the stolen data onto a Dark Web site.


'Florentine Banker' Group Steals Approximately £600K in Successful BEC Scam

Permalink - Posted on 2020-04-28 17:00

@ 12:40 PM | By David Bisson | 2 min read A threat group known as “The Florentine Banker” stole approximately £600K in a successful business email compromise (BEC) scam. Check Point Research reported that the Florentine Banker group had targeted three large organizations in the British and Israeli financial sectors. Those attacks began when the threat group set up a phishing campaign that targeted the CEO, CFO and/or other individuals in the organization who had the authority to authorize money transfers. After gaining access to a victim’s account, the attackers read the emails stored therein to learn about the channels used to process money transfers and to glean more about who might be involved in completing such a transaction.


Cyber Attack Strikes Down Colorado's Parkview Medical Center

Permalink - Posted on 2020-04-28 17:00

The Pueblo, Colo. medical facility has given no details on the attack other than a post on its homepage saying its network is out. Local news reports say a statement from the hospital was received from a private Gmail account, indicating the 370-bed facility’s email system is affected.


Experts Detect 30,000% Increase in #COVID19 Threats

Permalink - Posted on 2020-04-27 16:00

Zscaler VP of security research, Deepen Desai, revealed in a blog post that the firm’s cloud security platform had stopped 380,000 attacks targeting home workers in March, up from just 1200 at the start of the year.


Nintendo Breach Affects 160,000 User Accounts

Permalink - Posted on 2020-04-27 16:00

The Japanese gaming giant said it was disabling access to accounts via the legacy Nintendo Network ID (NNID), which was associated with its now-defunct Nintendo 3DS handsets and Wii U consoles. That’s because, since the beginning of April, hackers have been using NNIDs “obtained illegally by some means other than our service” to access user accounts and buy digital items using stored cards.


U.S. Universities Hit With "Adult Dating" Spear-Phishing Attack

Permalink - Posted on 2020-04-27 16:00

More than 150,000 emails spreading the Hupigon RAT that use adult dating as a lure have been uncovered, with almost half being sent to U.S. university and college email addresses.


$8.9 Million Banner Health Data Breach Settlement Gets Final Approval

Permalink - Posted on 2020-04-27 16:00

A settlement proposed by Banner Health to resolve a class action lawsuit filed on behalf of victims of its 3.7 million-record data breach in 2016 has received final approval from a Federal judge.


Israel Says Hackers Targeted SCADA Systems at Water Facilities

Permalink - Posted on 2020-04-27 16:00

According to an alert published by Israel’s National Cyber Directorate, the attacks targeted supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stations and sewage facilities.


Zaha Hadid Architects Held to Ransom by Cyber Attack

Permalink - Posted on 2020-04-27 16:00

A computer hacker has attempted to extort money from Zaha Hadid Architects (ZHA) after breaking into its servers and stealing confidential information


Warwick University Was Hacked and Kept Breach Secret from Students and Staff

Permalink - Posted on 2020-04-27 16:00

Hackers accessed the University of Warwick's administrative network last year in an attack which has been kept secret from the affected individuals and organisations, Sky News has learnt. The security incident occurred when a staff member installed remote-viewing software enabling hackers to steal sensitive personal information on students, staff and even volunteers taking part in research studies.


Optus Facing Class Action Over Alleged Customer Privacy Breaches

Permalink - Posted on 2020-04-27 16:00

Optus has been hit with a class action complaint after it mistakenly published the names, addresses and phone numbers of tens of thousands of customers. The details of about 50,000 of the telco's customers were published in the White Pages, run by Sensis, last year.


Insider Threats Jump 47 Percent, as Incident Costs Reach $11.45 Million, New Study Shows

Permalink - Posted on 2020-04-27 16:00

While careless or negligent employees make for 62% of incidents, costing organizations an average of $307,111 per incident, malicious insiders or credential thieves bare a higher price tag of $871,686 per incident. The cost per incident is also influenced by organization size and operating industry.


Chinese "Frontline" COVID-19 Research Firm Reported Hacked: Data Now on Dark Web

Permalink - Posted on 2020-04-27 16:00

Cyber researchers at Cyble now report that a threat actor they describe as “credible,” has gained access to the medical company’s “COVID-19 detection technology source code and COVID-19 experimental data.” Huiying Medical has not yet responded to a request for comment from the day before publishing. According to Cyble, the threat actor “THE0TIME” is selling the data for 4 BTC, around $30,000. That data is said to include user information, technology source code, and reports on experiments.


Survey Reveals Lax Attitudes to Password Security

Permalink - Posted on 2020-04-23 16:00

Around 38% of people never update their passwords, according to a survey by Specops Software which has revealed some concerning trends regarding password safety.


Most Remote Workers Have Received No Security Training for a Year

Permalink - Posted on 2020-04-23 16:00

Two-thirds of remote workers in the UK haven’t received cybersecurity training over the past year, raising fears that they may be more susceptible to attacks as hackers adapt their tactics during the current crisis.


Small Businesses Admit Secure Data Storage Issues

Permalink - Posted on 2020-04-23 16:00

Researchers found that the data most commonly collected by companies is contact information (61%), customer name (52%), customer location (39%), physical address of customer (36%), and payment details (31%). For almost a quarter of respondents, lack of funding for cybersecurity was an issue. Researchers observed that 23% of survey respondents admitted that more resources needed to be injected into their company's cybersecurity.


Danish Agro's Computer Systems Hacked

Permalink - Posted on 2020-04-23 16:00

A section of the group's IT environment was affected by the incident, said the company. The Danish Agro Group is owned by 9,000 Danish farmers.


Nagaland Gov't Investigating Data Leak of Stranded Persons

Permalink - Posted on 2020-04-23 16:00

A major data breach in the government of Nagaland website to help citizens stranded outside the state has led to personal details of these individuals being exposed. Personal information including bank account details, AADHAAR number, phone numbers, address etc have been leaked into the public domain.


New York Payments Startup Exposed Millions of Credit Card Numbers

Permalink - Posted on 2020-04-23 16:00

A massive database storing millions of credit card transactions has been secured after spending close to three weeks exposed publicly to the internet. The database belongs to Paay, a card payments processor based in New York. Like other payment processors, the company verifies payments on behalf of selling merchants, like online stores and other businesses, to prevent fraudulent transactions.


Online Leak Undermines Torrance's Claim That No Personal Data Was Affected by Cyber Attack

Permalink - Posted on 2020-04-23 16:00

Brett Callow, threat analyst at Emsisoft, shared several examples of sensitive data published on DoppelPaymer’s doxxing site, where the threat actors post documents stolen from victims as part of an extortion scheme. Examples included a probation violation form from the Torrance City Attorney’s Office; a declaration in support of access to juvenile records filed with the Superior Court of California, County of Los Angeles; and a budget import audit listing.


Email Addresses, Passwords from WHO, NIH, Wuhan Lab, and Gates Foundation Dumped on 4chan

Permalink - Posted on 2020-04-22 16:00

A cache of nearly 25,000 email addresses and passwords allegedly belonging to the World Health Organization (WHO), National Institutes of Health (NIH), Wuhan Institute of Virology, Bill Gates Foundation and several other groups involved with the coronavirus pandemic response were dumped on 4chan before appearing on several other websites, according to the SITE Intelligence Group.


Hackers Have Breached 60 Ad Servers to Load Their Own Malicious Ads

Permalink - Posted on 2020-04-22 16:00

A mysterious hacker group has been taking over ad servers for the past nine months in order to insert malicious ads into their ad inventory, ads that redirect users to malware download sites. This clever hacking campaign was discovered last month by cyber-security firm Confiant and appears to have been running for at least nine months, since August 2019.


Hackers Can Exfiltrate Data From Air-Gapped Computers Via Fan Vibrations

Permalink - Posted on 2020-04-22 16:00

A researcher was able to exfiltrate data from air-gapped computers using vibrations produced by controlling the rotation speed of the machines’ internal fans. Previously, researchers demonstrated that it was possible to exfiltrate data from air-gapped systems via heat emissions, HDD LEDs, infrared cameras, magnetic fields, power lines, router LEDs, scanners, screen brightness, USB devices, and noise from hard drives and fans.


Report Shows Attacks on Cloud Services More Than Doubled in 2019

Permalink - Posted on 2020-04-22 16:00

The volume of attacks on cloud services more than doubled in 2019, in line with the trend of organizations increasingly moving operations to the cloud, according to the 2020 Trustwave Global Security Report. Amongst a range of cybersecurity trends from 2019 that were highlighted, cloud services are now the third most targeted environment by cyber-criminals. In total, this amounts to 20% of investigated incidents, representing an increase of 7% from the previous year.


Government-Aided Grants and Relief Packages Turning Out to be Easy Targets for Hackers

Permalink - Posted on 2020-04-22 16:00

A large number of hackers are specifically targeting financial aids and subsidies given by governments across the world to fight against the COVID-19 epidemic.


Los Angeles County Hit with DoppelPaymer Ransomware Attack

Permalink - Posted on 2020-04-22 16:00

Impacted is the city of Torrance, a coastal U.S. city in the South Bay region of LA, which has a population of nearly 150,000. According to a Tuesday report by Bleeping Computer, the attackers behind the DoppelPaymer ransomware are demanding 100 Bitcoin ($689,147) in ransom from the city. The attackers told the news outlet that they encrypted 150 servers and 500 workstations, to steal over 200GB of files, in a cyberattack on March 1.


Personal Data of Nearly 8,000 Small Business Owners Seeking Relief Loans May Have Been Exposed to Other Applicants

Permalink - Posted on 2020-04-22 16:00

The SBA notified nearly 8,000 business owners of the potential inadvertent disclosure of information, which included names, Social Security numbers, tax identification numbers, addresses, dates of birth, email, phone numbers, marital and citizenship status, household size, income, disclosure inquiry and financial and insurance information, according to a letter sent to business owners, which CNBC obtained.


46% of SMBs Have Been Targeted by Ransomware, 73% Have Paid the Ransom

Permalink - Posted on 2020-04-21 17:00

Almost a third (32%) of the SMBs said they simply have limited time to research ransomware mitigation solutions. The same share said their IT teams are so stretched that they feel their organizations don’t have the adequate resources to address the ransomware threat.


New iOS Exploit Discovered Being Used to Spy on China's Uyghur Minority

Permalink - Posted on 2020-04-21 17:00

The exploit, which Volexity named Insomnia, works against iOS versions 12.3, 12.3.1, and 12.3.2. Apple patched the iOS vulnerability behind this exploit in July 2019, with the release of iOS version 12.4. Volexity said the Insomnia exploit was used in the wild between January and March 2020.


UniCredit Hackers Try to Sell Employee Data on Cyber Crime Forums

Permalink - Posted on 2020-04-21 17:00

The data went on sale on April 19 and contained what the hacker said was information on UniCredit workers, including emails, phone numbers, encrypted passwords and names, Telsy, a unit of Telecom Italia SpA, wrote on its website Monday.


PHI of 41,000 Patients Exposed in Aurora Medical Center and UPMC Altoona Phishing Attacks

Permalink - Posted on 2020-04-21 17:00

Several employees responded to the messages and disclosed their email account credentials, which gave the attackers access to their email accounts. The breach was discovered by the medical center on January 9, 2020. A password reset was immediately performed to prevent any further account access and the security breach was reported to law enforcement.


A Quarter of Website Traffic Is Bad Bots

Permalink - Posted on 2020-04-21 17:00

According to the 2020 edition of Imperva's annual "Bad Bot" report, in 2019, bad bot traffic rose to its highest ever percentage of 24.1 percent of all traffic. Eerily, 37.2% of all traffic on the internet last year wasn't human.


Work-from-Home Exposes Already-Infected Machines in 50K U.S. Organizations

Permalink - Posted on 2020-04-21 17:00

New findings from security firms Arctic Security and Team Cymru show that some 50,000 US organizations had infected devices that have been moved from the relative safety of the corporate network to home networks in the rush to empty offices amid the pandemic.


Proposed Government Coronavirus Tracking App Falls at the First Hurdle Due to Data Breach

Permalink - Posted on 2020-04-21 17:00

The shortlisted mobile app's source code was published online over the weekend for scrutiny as the government decides which solution to back. It was not long before developers realized that the source files contained user data -- originating from another application.


Personal Data of 23 Million Players of Webkinz Children's Game Hacked

Permalink - Posted on 2020-04-20 15:00

A hacker has compromised personal data of 23 million players of online children game Webkinz World by Canadian toy company Ganz, dumping the usernames and passwords on the Dark Web.


Hackers Selling 267 Million Facebook Records on Hacker Forum

Permalink - Posted on 2020-04-20 15:00

In December 2019, Hackread.com reported that a misconfigured Elasticsearch server exposed the personal information of 267 million (267,140,436) users. These records mostly belonged to users in the United States and included Facebook profiles, full names, a unique ID for each account and timestamp, etc. Don’t be surprised, 70% of the US citizens are active on Facebook which means that out of the country’s total population of 327.2 million, roughly 232.6 million people are on Facebook. Now, it seems like the same database is being sold on a hacker forum, Hackread.com has learned.


Students, University Clash Over Forced Installation of Remote Exam Monitoring Software on Home PCs

Permalink - Posted on 2020-04-20 15:00

Proctorio is at the heart of the controversy. The platform is touted as a "comprehensive learning integrity platform" and a means to "secure remote exams." This includes the verification of exam takers prior to an assessment through the upload of biometric data and IDs; a remote "lockdown" to prevent outside information from reaching a test taker during the exam period; and the recording of a user's environment -- potentially achieved by taking control of a machine's microphone and camera.


Beaumont Health Notifies 112,000 Patients About May 2019 Data Breach

Permalink - Posted on 2020-04-20 15:00

Michigan’s largest healthcare system, Beaumont Health, has announced that unauthorized individuals have gained access to the email accounts of some of its employees and potentially viewed or obtained patient information stored in emails and email attachments.


Equifax Settles With Massachusetts, Indiana Over 2017 Breach

Permalink - Posted on 2020-04-20 15:00

Massachusetts will receive $18 million to settle its claims, says Attorney General Maura Healey, while Indiana will receive $19.5 million as part of its settlement with the company, according to Attorney General Curtis Hill.


LED Light Control Console Abused to Spew Malware

Permalink - Posted on 2020-04-20 15:00

Proof of that comes from an incident uncovered in Taiwan, where such a device was used to spew malware as part of an operation that leveraged a botnet of IoT products to distribute malware and ransomware, send phishing emails, and launch distributed denial-of-service (DDoS) attacks.


Twitter Fails to Obtain Permission to Disclose Surveillance Requests

Permalink - Posted on 2020-04-20 15:00

Twitter will not be allowed to disclose more information on national security requests after the U.S. government convinced a judge that the disclosure of such information could harm national security.


CISI Payment Breach Leaves Members Vulnerable to Fraud

Permalink - Posted on 2020-04-20 15:00

The Chartered Institute for Securities and Investments (CISI) has confirmed that some of its members may have had their financial information stolen after “malicious code” was inserted on its website. It comes after the professional body was made aware that members were noticing fraudulent activity on their credit/debit cards after a payment transaction on its website.


Hackers Steal $25 Million Worth of Cryptocurrency from Uniswap and Lendf.me

Permalink - Posted on 2020-04-20 15:00

The attacks took place over the weekend, on Saturday and Sunday, respectively. Although an investigation is currently underway, the two attacks are believed to be related, and most likely carried out by the same group or individual. According to investigators, hackers appear to have chained together bugs and legitimate features from different blockchain technologies to orchestrate a sophisticated "reentrancy attack."


U.S. Facing Four Times as Many DDoS Attacks as China

Permalink - Posted on 2020-04-16 15:00

New research from Atlas VPN has shown that the United States experienced more than 175,000 DDoS attacks in the month of March, more than double the number faced by the next highest country and four times as many as China. According to data gathered and analyzed by Atlas VPN researchers, South Korea and Brazil both suffered from more than 50,000 DDoS attacks while China came in just ahead of the United Kingdom with about 45,000 attacks.


AST LLC Announces Data Breach and Circulates Notices to Employees

Permalink - Posted on 2020-04-16 15:00

AST LLC has announced a data breach and is now sending notices to its employees to inform them that they have been compromised. The incident occurred on March 9, 2020, when someone managed to access employee payroll information by using a previously compromised email employee address. In fact, the infiltrator set up rules that diverted the messages received by the employee to the hacker’s address, so the realization of the breach wasn’t immediate. The information that was accessed by the unknown party involves the employees’ 2019 W-2 wage and tax statements.


Wappalyzer Discloses Security Breach After Hacker Starts Emailing Users

Permalink - Posted on 2020-04-16 15:00

Tech company Wappalyzer has disclosed a security incident this week after a hacker began emailing its customers and offering to sell Wappalyzer's database for $2,000.


Malware Found on 45 Percent of Home Office Networks

Permalink - Posted on 2020-04-16 15:00

New research by BitSight compared malware infections on home office networks versus corporate networks, and the results were unsettling for remote enterprise users.


Over 700 Malicious Typosquatted Libraries Found on RubyGems Repository

Permalink - Posted on 2020-04-16 15:00

The malicious campaign leveraged the typosquatting technique where attackers uploaded intentionally misspelled legitimate packages in hopes that unwitting developers will mistype the name and unintentionally install the malicious library instead.


Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000

Permalink - Posted on 2020-04-15 16:00

The two flaws are so-called zero-days, and are currently present in Zoom’s Windows and MacOS clients, according to three sources who are knowledgeable about the market for these kinds of hacks. The sources have not seen the actual code for these vulnerabilities, but have been contacted by brokers offering them for sale.


Spanish Hospital Faces Netwalker Ransomware Attack in the Midst of Pandemic

Permalink - Posted on 2020-04-15 16:00

Sent under the guise of a COVID-19 email related to restroom use, this simple attack utilized a .VBS file as the attachment. What makes Netwalker so dangerous is its ability to evade antivirus engines and spread throughout a network.


REvil Ransomware Rocks Town of Jupiter in Florida

Permalink - Posted on 2020-04-15 16:00

A malware attack on the Florida town of Jupiter has caused problems that are out of this world. The Palm Beach County conurbation was struck with REvil ransomware, also known as Sodinokibi, on March 21 in an attack that took down the town's computer system for three weeks. Kate Moretto, Jupiter's public information officer, confirmed that multiple files had been encrypted as a result of the incident.


Washington University School of Medicine Breach Impacts 14,795 Oncology Patients

Permalink - Posted on 2020-04-15 16:00

An unauthorized individual gained access to the email account of a research supervisor in the Division of Oncology between January 12, 2020 and January 13, 2020 as a result of a response to a phishing email. Upon discovery of the breach, immediate action was taken to secure the account and prevent further unauthorized access and a third-party computer forensics firm was engaged to assist with the investigation.


New York State Confirms Breach of Government Network

Permalink - Posted on 2020-04-15 16:00

The breach was not previously reported but was confirmed by the state when the WSJ inquired. Officials say New York hired security firm CrowdStrike in mid-February "to assess the scope of the situation." ITS hired a third party when, a few weeks into its internal investigation, it discovered a previously unknown backdoor. New York is working with the FBI to learn the hackers' identities; sources familiar with the case think a foreign attacker is responsible.


The Pentagon Hasn't Fixed Basic Cyber Security Blind Spots

Permalink - Posted on 2020-04-15 16:00

Five years ago, the Department of Defense set dozens of security hygiene goals. A new report finds that it has abandoned or lost track of most of them.


A Worrisome Increase in Call Traffic from Fraudsters Exploiting the Pandemic

Permalink - Posted on 2020-04-14 19:00

After just 3 weeks, high-risk calls are up 28% on average, outpacing the growth rate of overall call traffic – suggesting that as concerned customers call in waves, hundreds of thousands of potentially fraudulent attacks pummel contact centers in their wake.


MSC Data Center Closes Following Suspected Cyber Attack

Permalink - Posted on 2020-04-14 19:00

The incident, which is thought to have occurred on Thursday, April 9, also brought down the shipping company's myMSC portal.


Four Million Quidd User Credentials Found on Dark Web

Permalink - Posted on 2020-04-14 19:00

It apparently features the email addresses, usernames and bcrypt hashed passwords of 3,954,416 users.


PHI of 16,600 Patients Potentially Compromised in Ransomware Attack on Andrews Braces

Permalink - Posted on 2020-04-14 19:00

The Sparks, NV orthodontics practice, Andrews Braces, has experienced a ransomware attack that resulted in the encryption of patient data. The attack was discovered on February 14, 2020, with the subsequent investigation determining the ransomware was downloaded the previous day.


Phishing Attacks Reported by Hartford Healthcare and Saint Francis Ministries

Permalink - Posted on 2020-04-14 19:00

The breach was identified on December 19, 2019 when suspicious activity was detected in an employee’s email account. A third-party computer forensics firm was engaged to investigate the breach and determined on February 12, 2020 that the account was subjected to unauthorized access between December 13, 2020 and December 20, 2019.


SCUF Gaming Exposes Data on 1.1 Million Customers

Permalink - Posted on 2020-04-14 19:00

The company says customer orders, returns and repairs, and other “non-sensitive customer information” were stored in the database. The peripherals maker also admitted that names, email/shipping/billing addresses, SCUF order history, and returns and repairs history details were included.


Ransomware Attacks Lock 2 Manitoba Law Firms Out of Computer Systems

Permalink - Posted on 2020-04-14 19:00

The Law Society of Manitoba said entire computer systems at the two firms were infected with ransomware, a type of virus that blocks access to computers or files until a ransom is paid, in the last two weeks. It left lawyers and staff at the firms without access to client lists, emails, accounting and financial information, photos and other digital files. Cloud backups were also locked.


RagnarLocker Ransomware Hits EDP Energy Giant, Asks for €10 Million

Permalink - Posted on 2020-04-14 19:00

EDP Group is one of the largest European operators in the energy sector (gas and electricity) and the world's 4th largest producer of wind energy.


Equifax Settles Indiana Case Over Massive Data Breach for $19.5 Million

Permalink - Posted on 2020-04-14 19:00

The credit-reporting company has also agreed to settle similar claims by Massachusetts, the only other state that had chosen to proceed with a lawsuit against Equifax when it announced $700 million in federal, state and class action settlements in July.


Canadian Passengers from Virus-Stricken Zaandam Cruise Ship Hit by Federal Gov't Privacy Breach

Permalink - Posted on 2020-04-14 19:00

In a detailed email Global Affairs Canada sent Canadian passengers during the Easter holiday weekend, it explained that, "due to an administrative error," it had mistakenly sent them an email on April 1 with an attachment containing personal information on each passenger — including their address, date of birth, email, phone number and passport number.


Cyber Crime May Be the World's Third-Largest Economy by 2021

Permalink - Posted on 2020-04-13 18:00

The World Economic Forum's (WEF) "Global Risks Report 2020" states that cybercrime will be the second most-concerning risk for global commerce over the next decade until 2030. It's also the seventh most-likely risk to occur, and eighth most impactful. And the stakes have never been higher. Revenue, profits, and the brand reputations of enterprises are on the line; mission-critical infrastructure is being exposed to threats; and nation-states are engaging in cyber warfare and cyber espionage with each other. The WEF report concludes that, by 2021, global cybercrime costs may hit $6 trillion — as much as the GDP of the world's third-largest economy.


San Francisco International Airport Discloses Data Breach

Permalink - Posted on 2020-04-13 18:00

Hackers managed to breach two websites pertaining to the San Francisco International Airport (SFO) in March 2020, the airport has revealed.


Personal Touch and Crossroads Technologies Sued After Maze Team Attack

Permalink - Posted on 2020-04-13 18:00

The hospital ransomware class action lawsuit was filed by plaintiff Lugenia Booker, who says that her personal information was included in the computer records of Personal Touch Holding Corp. Personal Touch runs a group of subsidiaries nationwide that provide home health care services in a range of states. Co-defendant Crossroads Technologies manages Personal Touch’s sensitive information in cloud-based computer storage, the complaint says.


Small Businesses Unprepared for Remote Working, Most Don't Provide Cyber Security Training

Permalink - Posted on 2020-04-13 18:00

Conducted from March 25-27, the survey of 412 small business owners found that half of all business owners are concerned that remote working will lead to more cyberattacks. Yet, nearly 40% feel that economic uncertainty will prevent them from making necessary cybersecurity investments. This is particularly concerning for companies with fewer than 20 employees as the survey showed they were distinctly unprepared for remote working. Only 22% provided additional cybersecurity training prior to enabling remote working and just 33% provided “any cybersecurity training.”


Spike in Cyber Attacks as Cyber Criminals Exploit Covid-19 Lockdown

Permalink - Posted on 2020-04-13 18:00

Unprecedented digital dependency has created unprecedented vulnerability, and an increase in malicious attempts to exploit the mass shift to online platforms for remote working, with South Africa experiencing a ten-fold spike in network attacks in mid-March when much of the country moved to working from home.


Danish Pump Maker DESMI Reveals Cyber Attack

Permalink - Posted on 2020-04-13 18:00

DESMI is a global company specialised in the development and manufacture of pump solutions for marine, industry, oil spill combating, defence & fuel and utility (District Heating, District Cooling, Water & Waste Water a.o.).


Data of 115 Million of Pakistan's Mobile Users Up for Sale on Dark Web

Permalink - Posted on 2020-04-13 18:00

Rewterz Threat Intelligence, a cybersecurity firm, found the data dump and said that the cybercriminal behind this data breach was demanding USD 2.1 million for the data. “This indicates that financially motivated threat actors are active in Pakistan and organizations are becoming a victim of these cyberattacks," stated the firm.


Gambling Firm Anticipates Spending up to $100 Million in Recovery from Cyber Incident

Permalink - Posted on 2020-04-13 18:00

In a filing with the U.S. Securities and Exchange Commission (SEC), SBTech mentions a “cybersecurity incident” that took place on March 27, shortly after Diamond Eagle Acquisition Corporation (DEAC) agreed to acquire the firm and rival platform DraftKings with plans to merge the two later this year, according to ZDNet.


Food Delivery Service in Germany Under DDoS Attack

Permalink - Posted on 2020-03-19 17:00

Under these conditions, many Germans order in through food delivery services like Takeaway.com (Lieferando.de). Yet cybercriminals have launched a distributed denial-of-service attack on the website demanding 2 bitcoins (around $11,000) to stop the siege.


Blizzard Hit by Massive DDoS Attack; EA Sports Facing Lagging Issue

Permalink - Posted on 2020-03-19 17:00

It is a fact that hackers carry out DDoS attacks especially during the holiday season but due to Coronavirus or COVID-19; companies are encouraging their employees to work from home. And while at home, there is no way one can stay away from gaming.


Rogers Notifies Customers Their Personal Information May Have Been Compromised

Permalink - Posted on 2020-03-19 17:00

This means that information required to access a database with customer details appeared online. If someone gained access to the database, they would get customers’ names, addresses, account numbers, email addresses and phone numbers.


Cost of Cyber-Events Worsening for Large Businesses

Permalink - Posted on 2020-03-19 17:00

According to a new research paper by the Cyentia Institute, it is estimated that one in four Fortune 1000 businesses will suffer a cyber-related loss event, whilst there is a 6% chance that a Fortune 1000 firm will lose $100m or more in a 12 month period due to cyber-events.


500,000 Documents Exposed in Open S3 Bucket Incident

Permalink - Posted on 2020-03-18 16:00

An unprotected AWS S3 bucket exposed some 425 GB of data, representing approximately 500,000 documents related to MCA Wizard, an iOS and Android app developed by Advantage Capital Funding and Argus Capital Funding. According to vpnMentor researcher Noam Rotem, who led the team of researchers who found the open database, the app appears to be a tool for a Merchant Cash Advance (MCA), which provides relatively small, high-interest business loans typically made to small companies.


Montenegrin Coronavirus Patients' Identities Exposed Online

Permalink - Posted on 2020-03-18 16:00

After Montenegrin Prime Minister Dusko Markovic announced on Tuesday evening that the country had its first two coronavirus cases, the patients’ identities were published by social media users. Photos of one of the patients and her family were also posted online.


Thousands of COVID-19 Scam and Malware Sites Are Being Created on a Daily Basis

Permalink - Posted on 2020-03-18 16:00

A security researcher who goes online by the name of DustyFresh began tracking some of these domains last week. According to a list the researcher shared online, crooks have created more than 3,600 new domains that contain the "coronavirus" term between March 14 and March 18.


NutriBullet Experiences Multiple Magecart Skimmer Infections

Permalink - Posted on 2020-03-18 16:00

According to RiskIQ, the group is identified as Magecart Group 8, and RiskIQ was able to catch the attack as it happened. “Group 8 operators were using this domain to receive stolen credit card information, and its takedown prevented there being new victims,” said Yonathan Klijnsma, head of threat research at RiskIQ.


Most Ransomware Attacks Take Place During the Night or Over the Weekend

Permalink - Posted on 2020-03-17 17:00

FireEye: 27% of all ransomware attacks take place during the weekend, 49% after working hours during weekdays.


WordPress and Apache Struts Account for 55% of All Weaponized Vulnerabilities

Permalink - Posted on 2020-03-17 17:00

A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails and Laravel, according to a report published this week by risk analysis firm RiskSense.


Student Loans Company Hit by 5.4 Million Email Attacks in 2019

Permalink - Posted on 2020-03-17 17:00

A Freedom of Information (FOI) request issued by law firm Griffin Law revealed the scale and nature of the email threat to the government-owned public body, which provides funding for over 1.3 million UK students.


Guitar Tuition Website Suffers Six-Month Data Breach

Permalink - Posted on 2020-03-17 17:00

A Florida company that offers guitar lessons online to millions of students around the world has suffered a data breach. Unauthorized access of TrueFire's computer system went on for six months before the breach was detected on January 10, 2020.


8 Million E.U. Retail Sales Records Exposed on AWS MongoDB

Permalink - Posted on 2020-03-17 17:00

The open MongoDB database had no password or other authentication set. It was operated by a third-party vendor who pulled sales data from a range of retailers, including Amazon UK, Ebay, Shopify, PayPal and Stripe in order to calculate value-added taxes for different countries. The information left unprotected included customer names, email addresses, shipping addresses, purchases and the last four digits of credit card numbers.


Online Printing Site Doxzoo Exposed Thousands of Customer Files

Permalink - Posted on 2020-03-17 17:00

The U.K. printing company left its customer files on a cloud storage bucket, hosted on Amazon Web Services, without a password. Anyone who knew the easy-to-guess bucket name could access the massive trove of customer files. By the time the company secured the bucket, it contained more than 250,000 customer-uploaded files.


Financial Companies Leak 425GB in Company, Client Data Through Open Database

Permalink - Posted on 2020-03-17 17:00

On Tuesday, vpnMentor researchers led by Noam Rotem said the database appears to be connected to MCA Wizard, a now-defunct app that appears to have been developed by Advantage Capital Funding and Argus Capital Funding.


2,500 Attacks in Less Than a Day: Coronavirus Scammers Just Went into Overdrive

Permalink - Posted on 2020-03-16 17:00

Cybercriminals have been increasingly capitalizing on the coronavirus scare in the weeks prior to today’s jump. As Forbes reported last week, a massive number of new websites had been registered using the coronavirus or COVID-19 names, some of which were already trying to infect visitors. Government hackers have been taking advantage too, with a Pakistan-linked group allegedly caught doing so on Monday too.


88% of IT Pros say World Is in Permanent State of Cyber War

Permalink - Posted on 2020-03-16 17:00

A recent survey of 485 IT experts and cybersecurity officials attending the 2020 RSA Conference in San Francisco last month found that nearly 90% believe the world is now in a permanent state of cyberwar. Security company Venafi conducted the survey as a followup to its findings in 2018, when 86% of 515 IT security professionals at the Black Hat conference in Las Vegas expressed the same belief.


Half of UK Firms Suffer Basic Cyber-Skills Gaps

Permalink - Posted on 2020-03-16 17:00

The number of UK companies with a basic cybersecurity skills gap has dropped from 2018 but still stands at around half of all businesses, according to a new government study.


Suspicious Cyber Activity Targeting HHS Tied to Coronavirus Response

Permalink - Posted on 2020-03-16 17:00

The Department of Health and Human Services experienced suspicious cyberactivity Sunday night related to its coronavirus response, administration sources confirmed to ABC News Monday. The suspicious activity HHS was not a hack but it may have been a distributed denial of service -- or DDOS -- attack, according to multiple sources.


90,000 Staff, Students, Suppliers Impacted at Melbourne Polytechnic

Permalink - Posted on 2020-03-13 17:00

In a security alert issued yesterday (March 11), Melbourne Polytechnic said Victoria Police had notified them that an individual who attended the campus in late 2018 had “obtained unauthorised access to Melbourne Polytechnic’s computer systems by hard logging onto the network; overcoming security measures”.


Google Hit with Nearly $8 Million GDPR Penalty

Permalink - Posted on 2020-03-13 17:00

Google has been hit with a 75 million kroner ($7.8 million) GDPR fine by the Swedish Data Protection Authority (DPA) over the failure to comply with ‘right-to-be-forgotten’ requests from EU citizens to have web pages removed from its search engine listings.


Oklahoma Accused of Negligence in Massive Data Breach

Permalink - Posted on 2020-03-13 17:00

A December 2018 data breach in the Oklahoma Department of Securities allegedly released names, Social Security numbers and other information of more than 300,000 people. A class-action lawsuit has been filed in response.


Coronavirus-Linked Hacks Likely as Czech Hospital Comes Under Attack

Permalink - Posted on 2020-03-13 17:00

As countries around Europe enact drastic measures to try to contain the spread of the Covid-19 coronavirus, a hospital in Brno, Czechia, has been forced to cancel all planned operations and farm out acute patients to other hospitals after falling victim to a major cyber attack.


Card Data from Breached Volusion Platform Shows Up on Dark Web

Permalink - Posted on 2020-03-12 17:00

Payment card data stolen from an e-commerce platform last year has already netted criminals $1.6 million in card data sales on the dark web. And according to a new report out today, that’s just from the initial card data offering.


European Electricity Association Warns of Office Network Breach

Permalink - Posted on 2020-03-12 17:00

ENTSO-E, or the European Network of Transmission System Operators for Electricity, represents 42 electricity transmission system operators (TSOs) from 35 countries across Europe.


90% of Healthcare Organizations Have Experienced an Email-Based Attack in the Past Year

Permalink - Posted on 2020-03-12 17:00

A recently published study conducted by HIMSS Media on behalf of Mimecast has revealed 90% of healthcare organizations have experienced at least one email-based threat in the past 12 months. 72% have experienced downtime as a result and one in four said the attack was very or extremely disruptive.


Misconfiguration Accounts for 82% of Security Vulnerabilities

Permalink - Posted on 2020-03-12 17:00

Organizations in the UK and Netherlands are more exposed to high-risk vulnerabilities than any others in Europe, with misconfiguration a major challenge, according to new data from Outpost24.


Beware of 'Coronavirus Maps' – It's a Malware Infecting PCs to Steal Passwords

Permalink - Posted on 2020-03-12 17:00

Reason Cybersecurity recently released a threat analysis report detailing a new attack that takes advantage of internet users' increased craving for information about the novel coronavirus that is wreaking havoc worldwide.


Car Auction House Hit with $30 Million Ransom Demand After Crippling Cyber Attack

Permalink - Posted on 2020-03-12 17:00

The Australian branch of Manheim Auctions has previously confirmed it was the target of a ransomware attack on February 14 but in a statement released on Tuesday, WA's Consumer Protection agency revealed the extent of the attack and how much the cyber criminals were asking for.


New CoronaVirus Ransomware Acts as Cover for Kpot Infostealer

Permalink - Posted on 2020-03-12 17:00

A new ransomware called CoronaVirus is has been distributed through a fake web site pretending to promote the system optimization software and utilities from WiseCleaner.


Comcast "Accidentally" Published 200,000 "Unlisted" Phone Numbers

Permalink - Posted on 2020-03-11 18:00

Comcast made the same mistake once before and had to pay $33 million.


European Electricity Association Warns of Office Network Breach

Permalink - Posted on 2020-03-11 18:00

An association of European electricity companies has confirmed that hackers have breached its office network. "ENTSO-E has recently found evidence of a successful cyber intrusion into its office network," the association said in a statement.


February Sees Huge Jump in Exploits Designed to Spread Mirai Botnet

Permalink - Posted on 2020-03-11 18:00

In its Global Threat Index for February 2020, Check Point discovered a significant increase in malware designed to exploit certain vulnerabilities to spread the Mirai botnet. Infamous for a huge cyberattack in 2016 that took down several major websites, Mirai has a nasty habit of infecting Internet of Things devices and launching large Distributed denial of service (DDoS) attacks.


Brazil: Millions of Records Leaked, Including Biometric Data

Permalink - Posted on 2020-03-11 18:00

The security research team at Safety Detectives has discovered a significant data leak in addition to other security flaws (such as lack of password protection) relating to fingerprint data on an Antheus log server in Brazil. The team, led by Anurag Sen, discovered almost 2.3 million data points in total and estimates that 76,000 unique fingerprints were found on the database.


Eight Million Shopper Records Leaked Online

Permalink - Posted on 2020-03-11 18:00

Noted researcher Bob Diachenko discovered the unsecured MongoDB database residing on an Amazon Web Services (AWS) server on February 3. It was secured five days later, after Diachenko identified and notified the owner, a third-party company that helps merchants to aggregate sales data from multiple online marketplaces and VAT for cross-border sales.


Fetishes Exposed by Secret-Sharing App Whisper

Permalink - Posted on 2020-03-11 18:00

Whisper users' data found to be free ranging on the net included intimate confessions, fetishes, ages, ethnicities, genders, and location information. Among the viewable data were 1.3 million records involving users who had listed their age as 15.


First 100,000 Victims of Western Union Fraud Scheme Receive $153m

Permalink - Posted on 2020-03-11 18:00

A remission fund set up by Western Union to compensate the victims of money transfer scams that the business "turned a blind eye to" has made its first distribution payment.


Raspberry Pi-Powered LEGO Robot Brute-Force Attacked an iPhone

Permalink - Posted on 2020-03-11 18:00

iOS has a built-in blacklist of certain four-digit and six-digit PIN codes. But which combination of numbers are blacklisted, and does this improve security? These security researchers built a LEGO robot with a Raspberry Pi brain to help find out.


Blacklists Miss 21% of Phishing Attacks, Internet Traffic Reveals

Permalink - Posted on 2020-03-11 18:00

Visibility into phishing attacks by content delivery networks and security firms shows many domains fail to be classified as malicious.


More Than Half of IoT Devices Vulnerable to Severe Attacks

Permalink - Posted on 2020-03-11 18:00

A full 98 percent of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.


All Bets Off as Children's Data Is Leaked

Permalink - Posted on 2020-03-10 17:00

The way that the Department for Education (DfE) handles sensitive data on children and students needs a thorough independent investigation, experts argue, following revelations that one of its datasets had been used to help betting companies target new customers.


Attacks Targeting Recent Microsoft Exchange Flaw Ramping Up

Permalink - Posted on 2020-03-10 17:00

Multiple threat actors are already targeting Microsoft Exchange servers in an attempt to exploit a vulnerability fixed by Microsoft with its February 2020 Patch Tuesday updates.


Q3, 2019 Saw a 350% Increase in Ransomware Attacks on Healthcare Providers

Permalink - Posted on 2020-03-10 17:00

Ransomware attacks on healthcare providers increased by 350% in Q4, 2019, according to a recently published report from Corvus. The attacks show no sign of letting up in 2020. Already in 2020 attacks have been reported by NRC Health, Jordan Health, Pediatric Physician’s Organization at Children’s, and the accounting firm BST & Co., which affected the medical group Community Care Physicians.


March 2020 Deadline for Compliance with New York SHIELD Act Data Security Requirements

Permalink - Posted on 2020-03-10 17:00

n July 2019, the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act was signed into law. The New York SHIELD Act expanded the breach notification requirements for businesses that collect the personal information of New York residents. On March 21, 2020, the data security provisions of the New York SHIELD Act come into effect.


Los Angeles Utility Accused of Cyber Security Coverup

Permalink - Posted on 2020-03-10 17:00

The Los Angeles Department of Water and Power has been accused of deliberately keeping widespread gaps in its cybersecurity a secret from regulators in a large-scale coverup involving the city's mayor.


Human Error Linked to 60% of Security Breaches

Permalink - Posted on 2020-03-10 17:00

Three-fifths (60%) of UK businesses have experienced a cyber-attack and/or data breach caused by human error, knocking them out of action for days, according to new research from Gallagher.


Fort Worth ISD Hacked, Joining Other Texas Schools, Towns Hit by Ransomware Attacks

Permalink - Posted on 2020-03-10 17:00

The Fort Worth Independent School District is recovering from a ransomware attack last week. The district hopes everything will be back to normal by next Monday, when students and teachers return from spring break — but that may not be the case.


Bogus HIV Test Results Are the Latest Lures Used by Cyber Crooks

Permalink - Posted on 2020-03-10 17:00

As phishing attempts related to the novel coronavirus surged in late January, another health-related scam was kicking off. Crooks were sending people fake HIV test results that were laced with malicious code. To make the ruse more believable, the emails purported to come from Vanderbilt University’s prestigious medical center.


Most Medical Imaging Devices Run Outdated Operating Systems

Permalink - Posted on 2020-03-10 17:00

You'd think that mammography machines, radiology systems, and ultrasounds would maintain the strictest possible security hygiene. But new research shows that a whopping 83 percent of medical imaging devices run on operating systems that are so old they no longer receive any software updates at all.


Entercom Radio Giant Says Data Breach Exposed User Credentials

Permalink - Posted on 2020-03-10 17:00

US radio giant Entercom reported a data breach that took place in August 2019 after an unauthorized party was able to access database backup files stored third-party cloud hosting services and containing Radio.com user credentials.


9 Years of AMD Processors Vulnerable to 2 New Side-Channel Attacks

Permalink - Posted on 2020-03-09 18:00

AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research.


Kentucky University System Network Reboots After Cyberattack

Permalink - Posted on 2020-03-09 18:00

A monthlong attack on the computer networks at Kentucky's largest university system has prompted officials to conduct a major reboot of the networks.


Ryuk Ransomware Behind Durham, North Carolina Cyber Attack

Permalink - Posted on 2020-03-09 18:00

The City of Durham, North Carolina has shut down its network after suffering a cyberattack by the Ryuk Ransomware this weekend. Local media reports that the city fell victim to a phishing attack that ultimately led to the deployment of the Ryuk Ransomware on their systems.


Coronavirus-Themed Scams and Attacks Intensify

Permalink - Posted on 2020-03-09 18:00

According to Reuters, victims in the United Kingdom have lost more than 800,000 pounds ($1 million) to coronavirus-linked scams since last month.


Virgin Media Accused of Downplaying Security Incident

Permalink - Posted on 2020-03-09 18:00

The cybersecurity company that discovered the database, TurgenSec, has provided more details about its findings. TurgenSec described the telecom firm’s response to the breach as “strong” and commended the company for quickly removing access to the database. However, TurgenSec is not pleased with Virgin Media’s disclosure of the incident.


53% of Healthcare Organizations Have Experienced a PHI Breach in the Past 12 Months

Permalink - Posted on 2020-03-09 18:00

The 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses Report from Keeper Security shows approximately two thirds of healthcare organizations have experienced a data breach in the past and 53% have experienced a breach of protected health information in the past 12 months.


Only 11% of All Enterprise Accounts Use a MFA Solution

Permalink - Posted on 2020-03-06 18:00

Microsoft said that, on average, around 0.5% of all accounts get compromised each month, a number that in January 2020 was about 1.2 million.


266,000 Passwords Stolen in Trident Crypto Fund Data Breach

Permalink - Posted on 2020-03-06 18:00

Data stolen in the attack against the fund is said to have included email addresses, cell phone numbers, encrypted passwords, and IP addresses.


Fake Tech Support Company Dupes 40K Victims Out of $8m

Permalink - Posted on 2020-03-06 18:00

Former engineering student Amit Chauhan set up a bogus technical support call-center company called Tech Support in January 2019. Together with his accomplice and Jind resident Sumit Kumar, Chauhan ran the center from the upscale Udyog Vihar area of Gurugram, a city just southwest of New Delhi in northern India.


Brazilian Security Firm Leaks More Than 25 GB of Client and Staff Data

Permalink - Posted on 2020-03-06 18:00

A home and business security business with several subsidiaries has exposed hundreds of thousands of client and employee files, an investigation by ZDNet in partnership with The Hack has found.


Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys

Permalink - Posted on 2020-03-06 18:00

Over the past few years, owners of cars with keyless start systems have learned to worry about so-called relay attacks, in which hackers exploit radio-enabled keys to steal vehicles without leaving a trace. Now it turns out that many millions of other cars that use chip-enabled mechanical keys are also vulnerable to high-tech theft. A few cryptographic flaws combined with a little old-fashioned hot-wiring—or even a well-placed screwdriver—lets hackers clone those keys and drive away in seconds.


Virgin Media Reports Database Breach

Permalink - Posted on 2020-03-06 18:00

Virgin Media, owned by Liberty Global (LBTYA.O), on Thursday reported a breach that allowed unauthorized access to the cable company’s database that contained personal information of about 900,000 customers.


EVRAZ N. America Got Hit by Ransomware

Permalink - Posted on 2020-03-06 18:00

Steel maker EVRAZ's North American operations are down after an infection with the Ryuk ransomware.


J.Crew Customer Accounts Breached a Year Ago

Permalink - Posted on 2020-03-05 17:00

The popular US clothing retailer claimed the hacker obtained customer usernames and logins and used them to access the accounts in around April 2019.


T-Mobile Notifying Customers of Data Breach

Permalink - Posted on 2020-03-05 17:00

The incident, the company says, was a sophisticated, malicious attack that targeted its email vendor. As part of the assault, unknown adversaries gained unauthorized access to the email accounts of some T-Mobile employees.


U.S. Property and Demographic Database of 200 Million Records Leaked on the Web

Permalink - Posted on 2020-03-05 17:00

An exposed online database consisting of some 200 million records included a wide range of sensitive personal and demographic data about residents and their properties. Homeowners were identified as well as info about their credit ratings, net worth, and income, among other details. At this time we have not been able to determine who owns the database, which was hosted on an exposed Google Cloud server.


Malta-Based Crypto-Fund Suffers Data Breach

Permalink - Posted on 2020-03-05 17:00

According to the Technical Director of cybersecurity firm, DeviceLock, Ashot Oganesyan, the breach resulted in the leak of 10,000 users’ records and took advantage of vulnerabilities found on the foundation’s website.


Ryuk Ransomware Hits Fortune 500 Company EMCOR

Permalink - Posted on 2020-03-05 17:00

Company expects the incident to have an impact on its 2020 earnings, according to its 2019 Q4 financial report.


Boots Advantage Card Hit by Cyber Attack

Permalink - Posted on 2020-03-05 17:00

Hackers used passwords taken from other websites in an attempt to break into Advantage Card accounts in a bid to steal customers’ reward points to spend on themselves.


Vulnerability Allows Attackers to Register Malicious Lookalikes of Legitimate Web Domains

Permalink - Posted on 2020-03-05 17:00

Cybercriminals were able to register malicious generic top-level domains (gTLDs) and subdomains imitating legitimate, prominent sites due to Verisign and several IaaS services allowing the use of specific characters that look very much like Latin letters, according to Matt Hamilton, principal security researcher at Soluble.


Email Domains Without DMARC Enforcement Spoofed Nearly Four Times as Often

Permalink - Posted on 2020-03-05 17:00

As of January 2020, nearly 1 million (933,973) domains have published DMARC records — an increase of 70% compared to last year, and more than 180% growth in the last two years. In addition, 80% of all inboxes worldwide do DMARC checks and enforce domain owners’ policies — if domain owners have configured DMARC, a new Valimail report reveals.


Huge Ransomware Attack Laid Bare French Lingerie Firm and Cost It Millions

Permalink - Posted on 2020-03-05 17:00

High-end French lingerie firm Lise Charmel has gone into receivership after being floored by a ransomware attack that encrypted its entire computer system and paralysed the company for a month.


EternalBlue Longevity Underscores Patching Problem

Permalink - Posted on 2020-03-05 17:00

Three years after the Shadow Brokers published zero-day exploits stolen from the National Security Agency, the SMB compromise continues to be a popular Internet attack.


Zynga Facing Lawsuit Over Data Breach

Permalink - Posted on 2020-03-04 17:00

A class-action lawsuit has been filed against gaming company Zynga Inc. over a data breach that exposed the personal information of 173 million users.


Data Breach Affects Princess Cruises, Holland America Line Guests

Permalink - Posted on 2020-03-04 17:00

According to a statement from both cruise lines, in late May 2019 Princess and Holland America identified a series of deceptive emails sent to employees that resulted in unauthorized third-party access to some employee email accounts.


Casinos in Las Vegas Hit by Suspected Ransomware Attack

Permalink - Posted on 2020-03-04 17:00

Slot machines in two Las Vegas casinos were out of action for almost a week in an incident that bears all the hallmarks of a ransomware attack.


Cathay Pacific Airways Limited Fined £500,000 for Failing to Secure Its Customers' Personal Data

Permalink - Posted on 2020-03-04 17:00

Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed, 111,578 of whom were from the UK, and approximately 9.4 million more worldwide.


Singapore to Introduce Security Label for Smart Home Devices

Permalink - Posted on 2020-03-04 17:00

The proposed Cybersecurity Labelling Scheme for home routers and smart home hubs are part of efforts to increase consumer awareness around secured products and push manufacturers to deploy additional cybersecurity measures.


Online Payment Fraud Attempts See 73% Increase

Permalink - Posted on 2020-03-04 17:00

And while, unsurprisingly, the number one most targeted industry vertical in 2019 was physical e-commerce, business services, digital e-commerce, education, and on-demand services all fell within the top ten fraudiest verticals.


The Cyber Crime Pandemic Keeps Spreading

Permalink - Posted on 2020-03-04 17:00

When asked to describe the "short-term risk outlook"("short-term" being the next 12 months) 76.1% of the respondents to the WEF's survey expected cyberattacks to increase in 2020 and named them as one of top five global threats — outpacing even terrorism, which did not make it into the top five. The others were economic confrontations (78.5%), domestic political polarization (78.4%), extreme heatwaves (77.1%), and destruction of natural ecosystems (76.2%).