What is a JSON feed? Learn more

JSON Feed Viewer

Browse through the showcased feeds, or enter a feed URL below.

Now supporting RSS and Atom feeds thanks to Andrew Chilton's feed2json.org service

CURRENT FEED

Cyber Security & Privacy News | Hippogriff LLC

Every week Hippogriff shares some of the most alarming data breach and privacy infringing occurrences throughout the world. Keep stopping by to see the most recent entries.

A feed by Wizards that are not wee at work...

XML


Avaddon Ransomware Launches Data Leak Site to Extort Victims

Permalink - Posted on 2020-08-10 16:00

Avaddon ransomware is the latest cybercrime operation to launch a data leak site that will be used to publish the stolen data of victims who do not pay a ransom demand.


Nearly Half of Dutch Listed Companies Do Not Provide Information on Cyber Security in Annual Report

Permalink - Posted on 2020-08-10 16:00

The Cyber Security Annual Report (CSAR) by the Erasmus School of Law in Rotterdam shows that nearly half of those companies do not mention any specific measures taken on the cybersecurity front, thereby keeping investors in the dark. Only Ahold (Giant Food Stores, Stop & Shop, Peapod), paint and coatings company AkzoNobel, commercial real estate company Unibail-Rodamco-Westfield and private banking firm Van Lanschot provided six or more cybersecurity measures in place in their annual reports. Amongst those were the appointment of a CISO and providing employees with security awareness training (SAT).


U.N. Reports Sharp Increase in Cybercrime During Pandemic

Permalink - Posted on 2020-08-10 16:00

A 350% increase in phishing websites was reported in the first quarter of the year, many targeting hospitals and health care systems and hindering their work responding to the COVID-19 pandemic.


DDoS Attacks Cresting Amid Pandemic

Permalink - Posted on 2020-08-10 16:00

According to the latest Kaspersky quarterly DDoS attacks report, DDoS events were three times more frequent in comparison to the second quarter last year (up 217 percent), and were up 30 percent from the number of DDoS attacks observed in the first quarter of 2020.


Children's Hospital Colorado Suffers Phishing Attack

Permalink - Posted on 2020-08-10 16:00

Credentials to access the account were obtained when an employee responded to a phishing email. The phishing attack was identified by the hospital on June 22, 2020 and the account was immediately secured. A review of the emails and email attachments in the account revealed they contained patient names, zip codes, dates of service, medical record numbers, and clinical diagnosis information.


Ransomware Threatens Production of 300 Ventilators 0er Day

Permalink - Posted on 2020-08-10 16:00

The FDA-approved Coronavirus ventilator manufacturer Boyce Technologies has been targeted by ransomware launched by the DoppelPaymer gang, who are threatening to leak data from the company. Cointelegraph has viewed the DoppelPaymer blog, where the gang lists example files of the data stolen during the attack, including sales and purchase orders, assignment forms, among others.


Travelex Forced into Administration After Ransomware Attack

Permalink - Posted on 2020-08-10 16:00

PwC announced late last week that it had been appointed join administrators of the currency exchange business. Despite operating over 1000 ATMs and 1000+ stores globally, and providing services for banks, supermarkets and travel agencies in over 60 countries, the firm was forced to cut over 1300 jobs as part of the restructuring.


SPARTOO: Sanction of 250,000 Euros and Injunction Under Penalty to Comply with the GDPR

Permalink - Posted on 2020-08-07 16:00

On the basis of the investigations carried out, the restricted committee – the CNIL body responsible for imposing sanctions – considered that the company had failed to meet several obligations provided for by the GDPR.


Intel Investigating Data Leak of Technical Documents, Tools

Permalink - Posted on 2020-08-07 16:00

Intel is investigating reports that a claimed hacker has leaked 20GB of data coming from the chip giant, which appear to be related to source code and developer documents and tools.


Blackbaud Breach Impacts National Trust Volunteers

Permalink - Posted on 2020-08-07 16:00

Britain's National Trust has warned volunteers of a data breach linked to a cyber-attack on US cloud computing and software provider Blackbaud in May. The charity and membership organization for heritage conservation in England, Wales, and Northern Ireland has been contacting volunteers by email to notify them of the breach. National Trust data exposed as a result of the ransomware attack on Blackbaud belongs to past and present volunteers and applicants for the trust's volunteer program.


Nearly 50% of All Smartphones Affected by Qualcomm Snapdragon Bugs

Permalink - Posted on 2020-08-07 16:00

Several security vulnerabilities found in Qualcomm's Snapdragon chip Digital Signal Processor (DSP) chip could allow attackers to take control of more than 40% of all smartphones without user interaction, spy on their users, and create un-removable malware capable of evading detection. DSPs are system-on-chip units are used for audio signal and digital image processing, and telecommunications, in consumer electronics including TVs and mobile devices.


25% of IT Workers Don't Enforce Security Policies

Permalink - Posted on 2020-08-06 16:00

14% of IT workers are consumed with Identity and Access Management (IAM), spending at least an hour per day on routine IAM tasks, according to 1Password. IAM continues to be a significant productivity bog for IT and employees alike, with 57% of IT workers resetting employee passwords up to five times per week, and 15% doing so at least 21 times per week.


Class Action Proposed for Victims of Central Health Privacy Breach

Permalink - Posted on 2020-08-06 16:00

St. John’s lawyers Bob Buckingham and Eli Baker say they will launch a class-action lawsuit in relation to a recent privacy breach by a former employee of Central Health. Last week, officials with the health authority said an employee had inappropriately accessed the health records of 240 people online over a two-year span. Central Health was informed of a potential privacy breach July 14 and immediately undertook an investigation, they said.


Court Approves Class Action Settlement in RE: YAHOO! Inc.

Permalink - Posted on 2020-08-06 16:00

Yahoo!’s data breach class action is finally being put to rest. Last month, the Northern District of California approved the proposed $117.5M settlement to resolve the claims of approximately 194 million class members in In re Yahoo! Inc. Customer Data Sec. Breach Litig., No. 16-MD-02752-LHK, 2020 U.S. Dist. LEXIS 129939 (N.D. Cal. July 22, 2020). This approval did not come easily. During several rounds before the Court to obtain settlement approval, the Court pointed out that while “other data breach cases focus on one data breach, the instant case involves multiple data breaches over a period of five years, each of which Yahoo failed to timely disclose.”


Insecure Satellite Internet Is Threatening Ship and Plane Safety

Permalink - Posted on 2020-08-06 16:00

While researchers such as Adam Laurie and Leonardo Nve demonstrated the insecurity of satellite Internet in 2009 and 2010, respectively, Pavur has examined the communications at scale, with the interception of more than 4 terabytes of data from the 18 satellites he tapped. He has also analyzed newer protocols, such as Generic Stream Encapsulation and complex modulations including 32-Ary Amplitude and Phase Shift Keying (APSK). At the same time, he has brought down the interception cost of those new protocols from as much as $50,000 to about $300.


Half of Orgs Regularly Push Vulnerable Code in App Security Programs

Permalink - Posted on 2020-08-06 16:00

Nearly half (48%) of organizations regularly push vulnerable code into production in their application security programs due to time pressures, while 31% do so occasionally, according to a new report published by Synopsys entitled Modern Application Development Security. As a result, 60% have reported production applications exploited by OWASP top-10 vulnerabilities in the past 12 months.


Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Permalink - Posted on 2020-08-06 16:00

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned.


CDP and Two Other Organisations Fned for Data Privacy Breach

Permalink - Posted on 2020-08-06 16:00

The Central Depository (CDP) and two other organisations have been fined a total of $47,000 for breaching data privacy laws. CDP received the biggest fine of $32,000 after it mailed dividend cheques to outdated addresses, putting more than 200 account holders at risk of having their personal data disclosed.


69,777 Patients Impacted by Allergy and Asthma Clinic of Fort Worth Hacking Incident

Permalink - Posted on 2020-08-06 16:00

Allergy and Asthma Clinic of Fort Worth has discovered an unauthorized individual gained access to its computer systems and potentially obtained patients’ billing information. The breach was detected on June 4, 2020 and steps were immediately taken to prevent further unauthorized access. The breach investigation revealed the hacker gained access to the network on May 20, 2020.


2019 Breach Leads to $80 Million Fine for Capital One

Permalink - Posted on 2020-08-06 16:00

In the data breach, more than 100 million credit applications were accessed by malicious actors. The office said that Capital One deserved credit for its victim notification and remediation actions following the breach.


Dutch Hackers Found a Simple Way to Mess with Traffic Lights

Permalink - Posted on 2020-08-06 16:00

By reverse engineering apps intended for cyclists, security researchers found they could cause delays in at least 10 cities from anywhere in the world.


Australian Universities Investigate Online Exam Tool Data Breach

Permalink - Posted on 2020-08-06 16:00

Australian universities using the ProctorU online exam monitoring tool are included in a data breach affecting 444,000 users of the platform.


Canon Hit by Maze Ransomware Attack, 10TB Data Allegedly Stolen

Permalink - Posted on 2020-08-05 16:00

Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications.


Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter Hacker

Permalink - Posted on 2020-08-05 16:00

Perhaps fittingly, a Web-streamed court hearing for the 17-year-old alleged mastermind of the July 15 mass hack against Twitter was cut short this morning after mischief makers injected a pornographic video clip into the proceeding.


Colorado City Pays $45,000 Ransom After Cyber Attack

Permalink - Posted on 2020-08-05 16:00

Lafayette, Colorado, officials announced Tuesday the city’s computer systems were hacked and they were forced to pay a ransom to regain access.


Hacker Leaks Passwords for 900+ Enterprise VPN Servers

Permalink - Posted on 2020-08-05 16:00

A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community.


Many Companies Have Not Taken Basic Steps to Protect Their Remote Workforce

Permalink - Posted on 2020-08-05 16:00

AT&T’s study of 800 cybersecurity professionals across the UK, France and Germany shows that while 88% initially felt well prepared for the migration, 55% now believe widespread remote working is making their companies more or much more vulnerable to cyberattacks. This figure jumps to 70% for large businesses with over 5,000 employees.


Redcar Cyber Attack Vost Council £10.4m

Permalink - Posted on 2020-08-05 16:00

About 135,000 people were without online public services after Redcar and Cleveland's website and computers were targeted in February.


UberEats Data Leaked on the Dark Web

Permalink - Posted on 2020-08-05 16:00

Security researchers from threat intelligence firm Cyble have discovered user records of American online food ordering and delivery platform UberEats on DarkWeb.


British Dental Association Members Targeted by Hackers

Permalink - Posted on 2020-08-04 16:00

Dentists' bank account numbers and correspondence with a trade body are feared to have been stolen by hackers. The British Dental Association has told its members that it is still not sure exactly what was accessed in a breach on 30 July. A spokeswoman told the BBC it was possible that information about patients was exposed, but was vague about the potential context. The BDA's website has been offline since the attack.


Second Data Breach at Kentucky Unemployment System

Permalink - Posted on 2020-08-04 16:00

The reporter of the alleged breach logged on to the Office of Unemployment Insurance's (OUI) online system on July 27 to work on their unemployment application. While trying to enter their own details, the claimant was able to view information about another claimant's former employer and health.


Michigan's Largest Healthcare Provider Phished Again

Permalink - Posted on 2020-08-04 16:00

Michigan's largest healthcare provider has warned around 6,000 patients that their data may have been exposed following a cyber-attack. The cybersecurity incident is the second phishing-related data breach to befall Beaumont Health in recent months.


Garmin Pays Up to Evil Corp After Ransomware Attack

Permalink - Posted on 2020-08-04 16:00

The ransom for the decryptor key in the WastedLocker attack could have topped $10 million, sources said.


Robocall Legal Advocate Leaks Customer Data

Permalink - Posted on 2020-08-04 16:00

A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.


AU: Aged Care Operator's Sensitive Data Stolen in Foreign Cyber Attack

Permalink - Posted on 2020-08-03 15:00

ASX-listed aged care operator Regis has been hit by an international cyber attack that has led to the release of sensitive personal data, adding to the woes of the company which is battling a coronavirus outbreak at one of its Melbourne centres. The $400 million operator told investors on Monday an "overseas third party" was responsible for an attack on its operations resulting in data being copied from its servers and publicly released.


LifeLabs Agrees to Comply with Privacy Commissioners' Orders

Permalink - Posted on 2020-08-03 15:00

From the Office of the Information & Privacy Commissioner of British Columbia, this press release below. This is the second time in the past few months where we have seen an entity really fight an order to release a forensics report on a breach.


Zello Resets All User Passwords After Data Breach

Permalink - Posted on 2020-08-03 15:00

The push-to-talk app, Zello, has disclosed a data breach that revealed user's email addresses and hashed passwords after discovering unauthorized activity on their systems.


Hackers Cause Telstra Outages in Australia's Eastern States with Cyber Attack

Permalink - Posted on 2020-08-03 15:00

Hackers have carried out a “malicious” cyber attack on Telstra, creating connectivity issues for some home internet users. Telstra reported the denial of service attack on its servers on Sunday which led to widespread internet outages in Australia’s eastern states.


Havenly Discloses Data Breach After 1.3M Accounts Leaked Online

Permalink - Posted on 2020-08-03 15:00

Havenly, a US-based interior design web site, has disclosed a data breach after a hacker posted a database containing 1.3 million user records for free on a hacker forum.


2gether Hacked: €1.2m in Cryptocurrency Stolen

Permalink - Posted on 2020-08-03 15:00

The unknown threat actors reportedly behind the attack made off with €1.183 million in cryptocurrency in investment accounts, which equates to 26.79% of overall funds.


After Ransomware Attack, Legal Services Company Epiq Faces California Privacy Lawsuit

Permalink - Posted on 2020-07-31 16:00

Lawyers for Epiq Systems Inc have removed a lawsuit to federal court that alleges the legal services provider failed to adequately protect personal information under California’s consumer privacy law.


Travel Giant CWT pays $4.5 Million Ransom to Cyber Criminals

Permalink - Posted on 2020-07-31 16:00

U.S. travel management firm CWT paid $4.5 million this week to hackers who stole reams of sensitive corporate files and said they had knocked 30,000 computers offline, according to a record of the ransom negotiations seen by Reuters.


Canadian MSP Discloses Data Breach, Failed Ransomware Attack

Permalink - Posted on 2020-07-31 16:00

Managed service provider Pivot Technology Solutions has disclosed that it was the victim of a ransomware attack that resulted with sensitive information being accessed by the hackers. The incident occurred last month and hit impacted data held by the parent company and its subsidiaries and/or former and current affiliates.


Infosec Researchers Cause 3D Printers to Catch Fire Due to Vulnerabilty

Permalink - Posted on 2020-07-31 16:00

Some 3D printers can be flashed with firmware updates downloaded directly from the internet – and an infosec research firm says it has discovered a way to spoof those updates and potentially make the printer catch fire. Research from the appropriately named Coalfire biz claimed printers from Chinese company Flashforge could be abused through crafted updates that bypass safety features built into the devices' firmware.


Personal Data of 24k Students Gets Posted on GTU Website

Permalink - Posted on 2020-07-31 16:00

Gujarat Technological University (GTU) may be running a cybersecurity centre and helping police train for the same, but that does not keep it safe from hackers. In a glaring lapse, personal data of as many as 24,000 students who took the pre-test for an online exam on Thursday was allegedly leaked or stolen and put up on the varsity’s website.


IndieFlix Streaming Leaves Thousands of Confidential Files and Personal Info. Exposed on Public Server

Permalink - Posted on 2020-07-31 16:00

The CyberNews research team discovered an unsecured data bucket on a publicly accessible Amazon Simple Storage (S3) server containing confidential data belonging to IndieFlix. IndieFlix is a US-based entertainment company offering a subscription-based online video streaming service that mainly specializes in independent titles, including feature films, shorts, and documentaries.


India Found Cyber Security Lapses at National Payments Corp in 2019

Permalink - Posted on 2020-07-30 17:00

A government audit of India’s flagship payments processor last year found more than 40 security vulnerabilities including several it called “critical” and “high” risk, according to an internal government document seen by Reuters.


Dussmann Group Data Leaked After Ransomware Attack

Permalink - Posted on 2020-07-30 17:00

German giant Dussmann Group has become the latest company to fall victim to a ransomware-data breach attack, after hackers began posting stolen files to the dark web. The facilities management multinational, which employs over 66,000 staff worldwide and makes billions of euros in sales annually, appears to have been struck by the Nefilim variant.


New Zealand: Police Name Firm That Lost Information on Crime Reports to Hackers

Permalink - Posted on 2020-07-30 17:00

Police are axing their contract with Auckland research firm Gravitas after information they sent the firm about police complainants was lost in a Nigerian hack. Assistant commissioner Jevon McSkimming announced earlier this month – without naming the company – that Gravitas had alerted Police to the data breach and had also reported it as “a crime” which Police were investigating. Police had now decided to terminate their contract with Gravitas after they had been “unable to get assurances that our information has been kept properly secure”, Police said in a statement on Thursday.


Athens ISD Pays $50K for Release of Data in Ransomware Attack

Permalink - Posted on 2020-07-30 17:00

Athens ISD Board of Trustees has agreed to pay a $50,000 ransom for school data that was taken in a criminal ransomware attack. The attack targeted data stored on district servers, backup systems, and hundreds of computers. As a result, access to data has been blocked including teacher communications, student schedules, grades, and assignments.


GTU Students Complain of Massive Data Leak After Mock Test

Permalink - Posted on 2020-07-30 17:00

The students of Gujarat Technological University have complained of massive data leaks during online pre-check trial/mock tests. The test was conducted by the university on July 28. Students allege that their personal details including ID proofs were leaked on the university's website.


Vermont Tax Department Exposed 3 Years Worth of Tax Return Info.

Permalink - Posted on 2020-07-30 17:00

The Vermont Department of Taxes today disclosed that taxpayers' private information was exposed because of a security issue affecting its online filing site discovered on July 2, 2020. The data breach affected all Vermonters who electronically filed Property Transfer Tax returns using the tax department's site between February 2017 and July 2020.


Connecticut Insurance Dept. Reminds Licensees to Comply with Data Security Law

Permalink - Posted on 2020-07-30 17:00

On July 20, 2020, the Connecticut Insurance Department issued a bulletin to licensees reminding them that the Connecticut Insurance Data Security Law (“Act”) becomes effective on October 1, 2020 and providing guidance on compliance. The Act requires “all persons who are licensed, authorized to operate or registered, or required to be licensed, authorized or registered pursuant to the insurance laws of Connecticut” to “develop, implement and maintain a comprehensive written information security program (“ISP”) that complies with” the Act “not later than October 1, 2020.” The Act generally applies to domestic insurers and health care centers, with some exemptions.


Researchers Report Mobile Operating Systems Bugs Have Surged 50%

Permalink - Posted on 2020-07-30 17:00

Skybox Security predicts that 2020 will end with 20,000 reported vulnerabilities, as compared to 17,306 in 2019. Till mid-2020, 9000 vulnerabilities have been reported.


Personal Information of 34 Lakh Dunzo Users Leaked

Permalink - Posted on 2020-07-30 17:00

In an online blog post on Wednesday, the Bengaluru-based company said the “servers of a third party we work with were compromised.” This allowed the attacker to get unauthorized access and breach the company's database, which included phone numbers, email addresses, the users' last known location, phone type, and last login dates.


10,000 Patients Affected by Data Breach at University of Utah Health

Permalink - Posted on 2020-07-30 17:00

The health system stated in a press release on June 5 that a breach occurred between April 6 and May 22. A hacker gained unauthorized access to some of the U of U health employees’ email accounts as part of a phishing scheme. In the press release, the U did not specify how many employees were affected.


In Latest Crypto Wallet Breach, Ledger Users Have Data Stolen

Permalink - Posted on 2020-07-29 16:00

Ledger has acknowledged that hackers also gained access to 9500 Phone numbers among other data.


Business Giant Dussmann Group's Data Leaked After Ransomware Attack

Permalink - Posted on 2020-07-29 16:00

The Nefilim ransomware operation has begun to publish unencrypted files stolen from a Dussmann Group subsidiary during a recent attack. The Dussmann Group is the largest multi-service provider in Germany with subsidiaries focusing on facility management, corporate childcare, nursing and care for the elderly, and business systems solutions, including HVAC, electrical work, and elevators. The company has confirmed to BleepingComputer that one of their subsidiaries, Dresdner Kühlanlagenbau GmbH (DKA), recently suffered a ransomware attack where data was stolen.


Michigan Online Bar Exam Temporarily Taken Down by Cyber Attack

Permalink - Posted on 2020-07-29 16:00

ExamSoft, one of the three vendors offering the exam that certifies potential attorneys, said the test had been hit by a distributed denial of service (DDoS) attack, which involves a hacker or group attempting to take down a server by overwhelming it with traffic.


Today's "Mega" Data Breaches Now Cost Companies $392 Million to Recover From

Permalink - Posted on 2020-07-29 16:00

If an organization is acting as a data controller for between 40 and 50 million records, the cost on average is $364 million, and organizations could face a cost of up to $175 per consumer record involved in data theft or leaks.


Alcohol Delivery Service Drizly Confirms Data Breach

Permalink - Posted on 2020-07-29 16:00

As many as 2.5 million Drizly accounts are believed to have been stolen. TechCrunch obtained a portion of the data, including several accounts of Drizly staff members. We verified the data against public records. The portion of data we obtained also contains user phone numbers, IP addresses and geolocation data associated with the user’s billing address.


Global Firms Delayed Key Security Projects as Pandemic Struck

Permalink - Posted on 2020-07-29 16:00

Over 90% of global organizations were forced to delay key security projects as they transitioned to remote working earlier this year and many stopped patching, exposing themselves to cyber-threats, according to Tanium.


IBM Security 2020 Cost of Data Breach Report Shows 10% Annual Increase in Healthcare Data Breach Costs

Permalink - Posted on 2020-07-29 16:00

The 2020 Cost of Data Breach Report from IBM Security has been released and reveals there has been a slight reduction in global data breach costs, falling to $3.86 million per breach from $3.92 million in 2019 – A reduction of 1.5%. There was considerable variation in data breach costs in different regions and industries. Organizations in the United States faced the highest data breach costs, with a typical breach costing $8.64 million, up 5.5% from 2019.


Security Teams Increasingly Stressed Due to Lack of Proper Tools, Executive Support

Permalink - Posted on 2020-07-29 16:00

93% of security professionals lack the tools to detect known security threats, and 92% state they are still in need of the appropriate preventative solutions to close current security gaps, according to LogRhythm.


OCR Imposes $1 Million HIPAA Penalty on Lifespan for Lack of Encryption and Other HIPAA Failures

Permalink - Posted on 2020-07-28 17:00

Lifespan is a not-for-profit health system based in Rhode Island that has many healthcare provider affiliates in the state. On April 21, 2017, a breach report was filed with OCR by Lifespan Corporation, the parent company and business associate of Lifespan ACE, about the theft of an unencrypted laptop computer on February 25, 2017.


National Cardiovascular Partners Email Hack Impacts 78 Thousand Patients

Permalink - Posted on 2020-07-28 17:00

An investigation led with support from an outside cybersecurity forensics firm determined the account contained patient information, including names, contact information, and a host of other sensitive data that varied by patient.


Cosmetics Giant Avon Leaks 19 Million Records

Permalink - Posted on 2020-07-28 17:00

Researchers at SafetyDetectives led by Anurag Sen told Infosecurity that they found the Elasticsearch database on an Azure server publicly exposed with no password protection or encryption.


Promo.com Discloses Data Breach After 22 Million User Records Leaked Online

Permalink - Posted on 2020-07-28 17:00

In a report shared with BleepingComputer by cybersecurity intelligence firm CloudSEK, a well-known seller of data breaches posted a database containing 22.1 million user records on a hacker forum. This data contains users email addresses, names, genders, geographic location, and for 2.6 million of the users, their hashed passwords.


SEI Investments Customer Data Exposed in Ransomware Attack on Vendor

Permalink - Posted on 2020-07-28 17:00

A May ransomware attack on M.J. Brunner Inc. exposed data pertaining to clients of SEI Investments Co., among them money managers like Pacific Investment Management Co. (Pimco), Fortress Investment Group LLC and Centerbridge Partners.


Over Half of Universities Suffered Data Breach in Past Year

Permalink - Posted on 2020-07-28 17:00

Over half (54%) of UK universities reported a data breach to the regulator in the past 12 months, with an average of two reports each, according to new Freedom of Information (FOI) data collected by Redscan.


Bank of Ireland Fined €1.66 Million After Being Tricked by Fraudster

Permalink - Posted on 2020-07-28 17:00

One of Ireland’s largest banks, Bank of Ireland, has been fined almost €1.7 million after regulators discovered it had failed to inform financial regulators and the police after a fraudster tricked them into transferring funds from a client’s account.


Hedge Funds Client Data Exposed in Massive Ransomware Attack

Permalink - Posted on 2020-07-27 16:00

Investors in hedge fund Angelo Gordon received an unpleasant letter advising them that a "data security incident" had taken place due to a breach of a third-party vendor used by the fund's external fund administrator, SEI Global Fund Services.


Sheffield Hallam University Confirms Blackbaud-Linked Data Breach

Permalink - Posted on 2020-07-27 16:00

University secretary Michaela Boryslawskyj said in an email to members of its community that it was notified by Blackbaud that Sheffield Hallam and a number of other universities had been affected by the incident. As detailed in the Sheffield Star, the email said Blackbaud’s systems were hacked and personal information relating to its alumni and other members of the community were stolen on Thursday July 16 2020.


Garmin's Outage, Ransomware Attack Response Lacking as Earnings Loom

Permalink - Posted on 2020-07-27 16:00

Garmin's response to a cyberattack has been less than stellar, but earnings loom and Wall Street will want answers just as much as customers do.


Source Code from Dozens of Companies Leaked Online

Permalink - Posted on 2020-07-27 16:00

A public repository of leaked code includes big names like Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon (owned by Huawei), Mediatek, GE Appliances, Nintendo, Roblox, Disney, Johnson Controls; and the list keeps growing.


Tech Unicorn Dave Admits to Security Breach Impacting 7.5 Million Users

Permalink - Posted on 2020-07-27 16:00

Digital banking app and tech unicorn Dave.com confirmed today a security breach after a hacker published the details of 7,516,625 users on a public forum. In an email to ZDNet today, Dave said the security breach originated on the network of a former business partner, Waydev, an analytics platform used by engineering teams.


Adif Hit by Cyber Attack

Permalink - Posted on 2020-07-24 16:00

Spanish infrastructure manager Adif has been hit by a cyberattack in which hackers have claimed to have taken 800GB of data including correspondence and contracts.


Keizer Discloses Costs of Recovering from Recent Ransomware Attack

Permalink - Posted on 2020-07-24 16:00

When Keizer, Oregon was attacked in June with ransomware, the attackers demanded $48,000, and the city paid.


North Carolina Healthcare Provider Fined $25,000 for HIPAA Noncompliance

Permalink - Posted on 2020-07-24 16:00

Washington, NC-based Metropolitan Community Health Services is a Federally Qualified Health Center that provides integrated medical, dental, behavioral health & pharmacy services for adults and children. Operating as Agape Health Services, Metro provides discounted medical services to the underserved population in rural North Carolina. Metropolitan Community Health Services has around 43 employees and serves 3,100 patients each year.


U.S. Law Firm Sued Over Fraudulent Wire Transfer from Phising Scam

Permalink - Posted on 2020-07-24 16:00

American international law firm Holland & Knight is facing a lawsuit over a fraudulent wire transfer that saw criminals make off with more than $3m. According to the suit, the law firm was hired by two foundations to sell some stock and carry out a merger plan related to the sale. However, a fraudster was able to steal the proceeds from the sale after intercepting emails from the firm and impersonating the stock seller. Posing as the seller in an email, the fraudster asked Holland & Knight to wire $3.1m from the stock buyer to a fraudulent account identified as Wemakos Furniture Co. Limited.


Blackbaud Breach Hits Nine More Universities

Permalink - Posted on 2020-07-24 16:00

A combined ransomware and data breach attack on a US cloud computing provider in May has affected many more universities and non-profits than at first thought.


Garmin Services and Production Go Down After Ransomware Attack

Permalink - Posted on 2020-07-24 16:00

The company is currently planning a multi-day maintenance window to deal with the attack's aftermath, which includes shutting down its official website, the Garmin Connect user data-syncing service, Garmin's aviation database services, and even some production lines in Asia.


278k Instacart Customer Records Reportedly Hacked, Includes Order History

Permalink - Posted on 2020-07-23 16:00

Some 278,531 Instacart customer records have reportedly been hacked, and are for sale on the dark web. The data includes names, email addresses, the last four digits of credit card numbers, and order histories.


Over 1500 Exposed Online Databases Wiped by 'Meow' Attacker

Permalink - Posted on 2020-07-23 16:00

According to a Shodan search, there was 1269 impacted Elasticsearch servers globally and 276 MongoDB instances hit buy the “meow” bot at the time of writing. It’s unclear whether the attacker has first stolen victims’ data or if this is a purely destructive campaign.


Florida Tax Office Blames Data Breach on Virus

Permalink - Posted on 2020-07-23 16:00

A Florida Tax Collector's Office has blamed malware found on an employee's computer for a data breach that affected around 450,000 residents of Polk County.


More Than Half of European Citizens Worry About Malicious Use of Their Online Data

Permalink - Posted on 2020-07-23 16:00

According to the European Union Agency for Fundamental Rights (FRA), 55% of European citizens are concerned about their online data being accessed by cyber criminals and fraudsters.


GEDmatch Confirms Data Breach After Users' DNA Profile Data Made Available to Police

Permalink - Posted on 2020-07-23 16:00

GEDmatch, the DNA analysis site that police used to catch the so-called Golden State Killer, was pulled briefly offline on Sunday while its parent company investigated how its users’ DNA profile data apparently became available to law enforcement searches. The company confirmed Wednesday that the permissions change was caused by a breach.


New York Charges Big Title Insurer First American Over Security Gap

Permalink - Posted on 2020-07-23 16:00

First American Financial Corp (FAF.N), the second largest U.S. title insurer, was charged on Wednesday by New York’s top financial regulator with exposing millions of documents with sensitive consumer information, in the regulator’s first cybersecurity enforcement case.


COVID-19-Related Attacks Exploded in the First Half of 2020

Permalink - Posted on 2020-07-23 16:00

A midyear report on cyber threats finds that COVID-19-related attacks grew from fewer than 5,000 per week in February to more than 200,000 per week in late April. And those attacks didn't mark the end of threats, as all cyberattacks increased in number by 34% in May and June compared with March and April.


Password Reuse to Blame for Fifth of Account Takeovers

Permalink - Posted on 2020-07-23 16:00

Email account takeover (ATO) attacks often last for over a week and result from employees reusing passwords across multiple sites, according to new research from Barracuda Networks.


Nearly Half of Employees Make Mistakes with Cyber Security Repercussions

Permalink - Posted on 2020-07-22 16:00

Nearly half (47%) of employees cited distraction as a top reason for falling for a phishing scam. This was closely followed by the fact that the email looked legitimate (43%), with 41% saying the phishing email looked like it came from a senior executive or a well-known brand.


20,000+ New Vulnerability Reports Predicted for 2020, Shattering Previous Records

Permalink - Posted on 2020-07-22 16:00

Over 9,000 new vulnerabilities have been reported in the first six months of 2020, and we are on track to see more than 20,000 new vulnerability reports this year — a new record, Skybox Security reveals.


Disabled Delawareans' Personal Data Ends Up in Student Project

Permalink - Posted on 2020-07-22 16:00

The breach occurred when four students from the University of Delaware contacted a Delaware Division of Developmental Disabilities Services (DDDS) provider. The students reached out to request data for a project that aimed to use geo-mapping to detect gaps in the services received by DDDS recipients. A DDDS employee who emailed out information in response to the students' request neglected to anonymize sensitive data. Their slip-up caused the private information of 350 recipients of DDDS support to be exposed. The data breach was only discovered when the unwitting students included the sensitive data in a presentation on their senior project, given via Zoom on May 8.


University of York Investigating Data Theft Incident

Permalink - Posted on 2020-07-22 16:00

As outlined in a statement on the university’s website, the source of the breach was an attack on a third-party service provider, tech firm Blackbaud, which fell victim to ransomware in May 2020. The University of York was first informed of the incident on July 16.


Online Poker Operator Hit by DDoS Attack on Opening Day of WSOP Event

Permalink - Posted on 2020-07-22 16:00

GGPoker, which mainly serves the Asian market but has customers across Europe and America, claims that it migrated servers to a new cloud data center on July 16 to improve performance and account for increased load during the tournament. However, it claims, “the tech team made a mistake of not shielding this server with our DDoS protection service after the migration”.


Public's Info. Compromised in Cyber Attack on Cooke County, TX

Permalink - Posted on 2020-07-21 16:00

A cyberattack on the Cooke County Sheriff’s Office compromised people’s personal information, County Judge Jason Brinkley said. A press release issued Monday, July 20, states a ransomware attack on the county’s information system for the CCSO on July 4 resulted in a data breach of personal identification information.


Companies with Poor Privacy Practices Are 80% More Apt to Suffer Data Breach

Permalink - Posted on 2020-07-21 16:00

In addition to poor privacy policy resulting in an 80% possible data breach, companies with the lowest privacy scores lost 600% more records than companies at the other end of the scale, with the highest scores.


Major Security Flaws Found in South Korea Quarantine App

Permalink - Posted on 2020-07-21 16:00

The defects, which were confirmed by The New York Times and have now been fixed, could have let attackers retrieve the names, real-time locations and other details of people in quarantine. The flaws could also have allowed hackers to tamper with data to make it look as if users of the app were either violating quarantine orders or still in quarantine despite being somewhere else.


Genealogy Software Maker Exposes Data on 60,000 Users

Permalink - Posted on 2020-07-21 16:00

A US tech company that manages popular family tree software has exposed tens of thousands of its users’ personal information online via a misconfigured cloud server, according to researchers.


Lorien Health Services Discloses Ransomware Attack Affecting Nearly 50,000

Permalink - Posted on 2020-07-21 16:00

Lorien Health Services in Maryland announced that it was the victim of a ransomware incident in early June. Data was stolen and then encrypted during the incident. Responsible for the attack are Netwalker ransomware operators, who leaked the information after Lorien refused to pay the ransom demand.


Fast Chargers Can Be Modified to Damage Mobile Devices

Permalink - Posted on 2020-07-20 16:00

Users’ mobile devices can also be implanted with malware with BadPower attack capabilities and be the infection agent for every fast charger that is connected to it.


Two More Cyber Attacks Hit Israel's Water System

Permalink - Posted on 2020-07-20 16:00

The first attack hit agricultural water pumps in upper Galilee, while the second one hit water pumps in the central province of Mateh Yehuda, local media reported last week.


The Privacy Breach That Exposed Sensitive Details of WA's Virus Fight

Permalink - Posted on 2020-07-20 16:00

One of Western Australia's biggest privacy breaches, which involves the interception of thousands of State Government communications, is under investigation. Nine News revealed on Monday evening that the most sensitive information to be hacked and posted to a public website relates to the management of the Covid-19 crisis in WA.


70% of Companies Have Suffered a Public Cloud Data Breach in the Past Year

Permalink - Posted on 2020-07-20 16:00

A recent study conducted by Sophos has revealed 96% of companies are concerned about the state of their public cloud security. There appears to be a valid cause for that concern, as 70% of companies that host data or workloads in the cloud have experienced a breach of their public cloud environment in the past year. The most common attack types were malware (34%), followed by exposed data (29%), ransomware (28%), account compromises (25%), and cryptojacking (17%).


Cyber Crime Jumped 23% Over Past Year

Permalink - Posted on 2020-07-20 16:00

The double-digit increase in reported cybercrime came in spite of improvements to “internal case review processes” and an online reporting tool at Action Fraud in October 2018 which meant some offenses previously categorized as computer misuse are now being properly identified as fraud, ONS said. On that note, when fraud is added to computer misuse, there was an increase of just 12% in cases reported to the NFIB over the period.


Ransomware Gang Demands $7.5 Million from Argentinian ISP

Permalink - Posted on 2020-07-20 16:00

Sources inside the ISP said hackers caused extensive damage to the company's network after they managed to gain control over an internal Domain Admin, from where they spread and installed their ransomware payload to more than 18,000 workstations.


340 GDPR Fines for a Total of €158,135,806 Issued Since May 2018

Permalink - Posted on 2020-07-17 16:00

Since rolling out in May 2018, there have been 340 GDPR fines issued by European data protection authorities. Every one of the 28 EU nations, plus the United Kingdom, has issued at least one GDPR fine, Privacy Affairs finds.


Cloud Provider Pays Ransom Demand

Permalink - Posted on 2020-07-17 16:00

Blackbaud, a provider of software and cloud hosting solutions, said it stopped a ransomware attack from encrypting files earlier this year but still had to pay a ransom demand anyway after hackers stole data from the company's network and threatened to publish it online.


Over Half of Canadians Victims of Cyber Crime

Permalink - Posted on 2020-07-16 15:00

28% of consumers are reporting that their personal information had been exposed through a cybersecurity incident of this nature. While the majority of those surveyed had not experienced a hack of an online account, 22% had fallen victim to this particular cybercrime. A malicious email or spoofed website had managed to deceive 13% of consumers.


Three-Quarters of U.K. Businesses Facing Compliance Problems Following Lockdown

Permalink - Posted on 2020-07-16 15:00

UK data protection officers (DPOs) anticipate the Covid-19 lockdown will cause difficulties in meeting data compliance obligations, potentially leading to large fines. 72% of DSOs expect a backlog of data subject access requests (DSARs) upon returning to the office, while 3% are concerned there will be a “mountain” of DSARs to complete when they go back. 30% of DPOs believe there will be a massive increase in DSARs over the next six months. Furloughed or laid off employees during the pandemic will be a major driver of this growth according to 73% of respondents, while one in five said it will be the biggest single factor.


Walmart Sued Under CCPA After Data Breach

Permalink - Posted on 2020-07-16 15:00

Customer names, addresses, financial and other information were among the haul for attackers, according to the suit filed in the US District Court for the Northern District of California.


Tech Giants Sued Over Biometric Privacy

Permalink - Posted on 2020-07-16 15:00

Online retail giant Amazon and tech leaders Microsoft and Google are reportedly being sued for allegedly violating a biometric privacy law in the state of Illinois.


36,000 Members Affected by Central California Alliance for Health Email Breach

Permalink - Posted on 2020-07-16 15:00

The Central California Alliance for Health has discovered an unauthorized individual gained access to the email accounts of several employees and potentially viewed or copied information in emails and email attachments. The breach was detected on May 7, 2020 and prompt action was taken to secure the affected accounts. In each case, the accounts were accessed for a period of about one hour.


A Hacker Used Twitter's Own Admin Tool to Spread Cryptocurrency Scam

Permalink - Posted on 2020-07-16 15:00

A hacker allegedly behind a spate of Twitter account hacks on Wednesday gained access to a Twitter “admin” tool on the company’s network that allowed them to hijack high-profile Twitter accounts to spread a cryptocurrency scam, according to a person with direct knowledge of the incident.


U.S. Casting Company Leaked Private Data of Over 260,000 Individuals

Permalink - Posted on 2020-07-16 15:00

New Orleans-based MyCastingFile.com is an online casting agency that recruits talent. Users can sign up -- for free or on a subscription basis -- to apply for casting notices. The company claims to have provided actors for productions including True Detective, Pitch Perfect, NCIS: New Orleans, and Terminator Genisys.


SMBs Face Greater Malware Risk This Year

Permalink - Posted on 2020-07-16 15:00

ast year, the average risk globally of a small or medium-sized business (SMB) encountering malware was 11%. Over the last 12 months, that risk has risen to 15%.


New Zealand Property Management Company Leaks 30,000 Users' Passports, Driver's Licenses

Permalink - Posted on 2020-07-16 15:00

CyberNews received information from reader Jake Dixon, a security researcher with Vadix Solutions, who discovered an unsecured Amazon Simple Storage Solution (S3) database containing more than 31,000 images of users’ passports, driver’s licenses, evidence of age documents, and more. These files are publicly accessible to anyone who has the URL and appears to be owned by the Wellington, New Zealand company LPM Property Management.


Indonesia Bhinneka Batabase Dumped 1 Million Accounts

Permalink - Posted on 2020-07-16 15:00

The database was initially hacked on 27 January earlier this year but has now been put out in the open by the attacker. The downloadable folder contains 2 SQL files which contain the records of approximately 1,262,300 accounts in totality.


At Least 41 Healthcare Providers Experienced Ransomware Attacks in the First Half of 2020

Permalink - Posted on 2020-07-15 14:00

There were 128 successful ransomware attacks on federal and state entities, healthcare providers, and educational institutions in the first 6 months of 2020, with the healthcare industry accounting for 32% of those attacks.


Data Breach at Texas Benefits Recovery Firm

Permalink - Posted on 2020-07-15 14:00

The malware may have allowed unauthorized individuals to view and obtain the personal and protected health information (PHI) of 274,837 people.


99% of U.K. Organizations Suffered Security Breaches in the Past One Year

Permalink - Posted on 2020-07-15 14:00

While 98% of those surveyed said that attack volumes have increased in the last 12 months, 99% of them said their business has suffered a security breach in the last 12 months, with the average organisation experiencing 63 breaches in the period. Even though 96% of the respondents also said that cyber attacks have become more sophisticated, only 6% said they plan to increase cyber defence spending in the coming year. Security professionals also admitted their organisations are using more than eight different tools or consoles on average to manage their cyber defence programme, thereby making their environments complex and hard-to-manage.


13 Percent of Q1 Phishing Attacks Related to COVID-19

Permalink - Posted on 2020-07-15 14:00

In the first quarter of 2020 phishing attacks increased by 22.5 percent compared to the end of 2019, and 13 percent of all phishing was related to COVID-19.


South Korean Regulator Fines TikTok Over Mishandling Child Data

Permalink - Posted on 2020-07-15 14:00

The Korea Communications Commission (KCC), the country's telecommunications watchdog, said it has fined the company 186 million won -- around $155,000 -- for failing to protect users' private data. The fine is equivalent to 3% of the company's annual sales in South Korea, an amount designated for such violations under local privacy laws. The investigation began last year in October, the KCC said.


Massive DDoS Attack on Cloudflare Network

Permalink - Posted on 2020-07-15 14:00

Cloudflare researchers reported a DDoS attack that exceeded 400-600 million packets per second (Pps), and that peaked multiple times above 700 million packets per second (Mpps), with a top peak of 754 Mpps.


Media and Video Companies Suffer Huge Increase in Cyber Attacks

Permalink - Posted on 2020-07-15 14:00

According to research by Akamai, between January 2018 and December 2019, 20% of the 88 billion total attacks recorded were against media companies. The company also recorded 630% and 208% year-over-year increases in attacks against broadcast TV and video sites, respectively.


Hacker Releases Database of 270 Million Alleged Wattpad Records

Permalink - Posted on 2020-07-14 15:00

An allegedly stolen Wattpad database containing 270 million records were being sold in private sales for over $100,000. Now it is being offered for free on hacker forums.


Hacker Selling Details of 142 Million MGM Hotel Guests on the Dark Web

Permalink - Posted on 2020-07-14 15:00

The MGM Resorts 2019 data breach is much larger than initially reported, and is now believed to have impacted more than 142 million hotel guests, and not just the 10.6 million that ZDNet initially reported back in February 2020. The new finding came to light over the weekend after a hacker put up for sale the hotel's data in an ad published on a dark web cybercrime marketplace. According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900.


EFF's New Database Reveals What Tech. Local Police Are Using to Spy on You

Permalink - Posted on 2020-07-14 15:00

Launched on Monday in partnership with the University of Nevada's Reynolds School of Journalism, the "Atlas of Surveillance" is described as the "largest-ever collection of searchable data on police use of surveillance technologies." The civil rights and privacy organization says the database was developed to help the general public learn about the accelerating adoption and use of surveillance technologies by law enforcement agencies.


Ransomware Now Stealing Data as Well as Encrypting It

Permalink - Posted on 2020-07-14 15:00

There's now an increasing chance of getting your data stolen, in addition to your network being encrypted, when you are hit with a ransomware attack - which means falling victim to this kind of malware is now even more dangerous.


Welcome Chat App Spies on Users

Permalink - Posted on 2020-07-14 15:00

While functioning as a communication app, Welcome Chat was found to simultaneously be serving as spyware, harvesting data for a campaign with links to threat group Gaza Hacker, also known as Molerats.


IT Staffing Services Collabera Hit by Ransomware, Employee Personal Data Stolen

Permalink - Posted on 2020-07-14 15:00

Hackers infiltrated Collabera, siphoned off at least some employees' personal information, and infected the US-based IT consultancy giant's systems with ransomware.


Belgium Suffers First Jackpotting Attack

Permalink - Posted on 2020-07-14 15:00

Antwerp-based savings bank Argenta has fallen victim to what is believed to be Belgium’s first jackpotting attacks. Also known as a logical attack, jackpotting is a sophisticated crime in which cyber-criminals install malicious software and/or hardware on an ATM that forces the machine to spew out all of its cash on demand.


Security Alerts More Than Doubled in the Last 5 Years

Permalink - Posted on 2020-07-13 16:00

Enterprises are arguably dealing with more data today than ever before, and the pain security operations teams are feeling is significant. Security alert volumes create problems for security operations. 99% report high volumes of alerts cause problems for IT security teams. 83% say their security staff experiences "alert fatigue."


Benefit Recovery Specialists Hacked and PHI of 274,837 Individuals Exposed

Permalink - Posted on 2020-07-13 16:00

The Houston, TX-based billing and collection company, Benefit Recovery Specialists, Inc., (BRSI) has announced it has discovered malware on its systems that may have allowed unauthorized individuals to view or obtain protected health information.


Dunzo Security Breach Exposes Users' Phone Numbers, Email IDs

Permalink - Posted on 2020-07-13 16:00

Hyperlocal delivery startup Dunzo announced on Saturday a security breach of one of its databases that has exposed phone numbers and email IDs of its users.


Records of 45 million+ Travelers to Thailand and Malaysia Surfaced in the Dark Web

Permalink - Posted on 2020-07-13 16:00

The huge trove of data was discovered by the researchers during their regular Deepweb and Darkweb monitoring activity. The experts came across a post published by a credible threat actor that claimed to be in possession of a database containing the above records.


Personal Details and SSNs of 40,000 U.S. Citizens Available for Sale

Permalink - Posted on 2020-07-13 16:00

The huge trove of data was discovered by the researchers during their regular Deepweb and Darkweb monitoring activity. The experts came across a post published by a credible actor that claimed to be in possession of a database containing data of US citizens.


Tax Filers Face "Enormous" Risk for Identity Theft as July 15th Deadline Looms

Permalink - Posted on 2020-07-10 16:00

As of July, the count is 58,000 fraudulent claims and a total of $158 million in nearly-stolen money, according to an investigation conducted by Ernst & Young.


Smartwatch Vulnerability Hackers Overdose Dementia Patients

Permalink - Posted on 2020-07-10 16:00

The watch in question uses the SETtracker app to have the tracking function which can be found in a multitude of similar devices worldwide. The manufacturer on the other hand is different and unidentified as of now. The issue remains as to how many other similar vulnerable smartwatches are out there and even so in this case if any patients were a victim of such an attack.


More than Half of Canadians Polled Say They Have Experienced a Cyber Crime

Permalink - Posted on 2020-07-10 16:00

A report from the Cybersecure Policy Exchange at Ryerson University in Toronto found 57 per cent of respondents in an online survey in May had encountered at least one cybercrime.


Vancouver Coastal Health Hit by Cyber Attack

Permalink - Posted on 2020-07-10 16:00

The health authority said malicious ransomware was discovered in data related to its Employee and Family Assistance Program on May 21, and that officials responded by bringing in external cybersecurity experts to investigate.


5 Billion Unique Credentials Circulating on Darknet

Permalink - Posted on 2020-07-10 16:00

Researchers found that more than 15 billion user credentials are in circulation, of which 5 billion username and password combinations don't have repeated credential pairs and have been advertised on underground forums only once.


Researchers Find Pre-Installed Malware on More Android Phones in U.S.

Permalink - Posted on 2020-07-10 16:00

Following a January report on malware found pre-installed on smartphones sold in the United States to budget-conscious users, Malwarebytes has discovered another mobile device riddled with malware from the get-go.


Mumbai: BKC Company's Data Stolen, Clients Receive Email to Boycott It

Permalink - Posted on 2020-07-10 16:00

A renowned Bandra Kurla Complex (BKC)-based gemological company has approached police to lodge a complaint of forgery, theft and cheating against an unidentified accused. According to the complainant, the accused allegedly stole the company's client data, forged the logo and sent out emails to the clientele, asking them to boycott the company as it is China-based. While police have registered a First Information Report (FIR), the probe is underway.


Egyptian Bus Operator Swvl Hit by Data Breach

Permalink - Posted on 2020-07-10 16:00

Swvl, a bus-booking app and operator of bus routes in Egypt, Kenya, and Pakistan, has been struck by a data breach. The company, based in Cairo, became aware of “unauthorized access to its IT infrastructure” on the evening of July 3, according to a security alert.


70% of Organizations Experienced a Public Cloud Security Incident in the Last Year

Permalink - Posted on 2020-07-09 16:00

70% of organizations experienced a public cloud security incident in the last year – including ransomware and other malware (50%), exposed data (29%), compromised accounts (25%), and cryptojacking (17%), according to Sophos.


95% of Brits Unable to Consistently Identify Phishing Messages

Permalink - Posted on 2020-07-09 16:00

Just 5% of Brits are able to recognize all scam emails and texts, a study from Computer Disposals Limited has found. Just 44% able to identify the genuine messages and emails.


Alabama County Computers Down After Incident

Permalink - Posted on 2020-07-09 16:00

The Chilton County Commission computer network is temporarily down as specialists research a cyber incident, potentially ransomware, which has disrupted the system. This incident means normal services offered at the Courthouse requiring local records are temporarily unavailable.


Teen Murdered After Confronting Cyber Bullies

Permalink - Posted on 2020-07-09 16:00

A teenager from San Diego has been fatally shot after confronting cyber-bullies who targeted her sister online. The life of 19-year-old Janessa Del Valle was tragically cut short on July 4 as America celebrated its national Independence Day. The young woman from Bonita was killed while attempting to stop bullies from using the internet to body-shame her 13-year-old sibling.


Florida Lawsuit Offers Glimpse into Estimated $1.4B Ransomware Toll on U.S. Businesses

Permalink - Posted on 2020-07-09 16:00

A class-action lawsuit seeking $99 million in damages has been lodged against a Tampa-based healthcare provider for alleged negligence in a ransomware breach of patient and employee records. Morgan & Morgan law firm’s June 30 lawsuit claims Florida Orthopaedic Institute failed to properly secure the records of 100,000 to 150,000 current and former patients exposed in an April ransomware attack. Orlando-based Morgan & Morgan filed the claim days after UnityPoint Health agreed to pay $2.8 million in a preliminary settlement of a similar ransomware-related negligence lawsuit after a data breach in Iowa. The Iowa lawsuit against UnityPoint Health and Morgan & Morgan’s legal challenge could unseal exactly how pervasive ransomware is nationwide.


2020 on Track to Hit a New Data Breach Record

Permalink - Posted on 2020-07-09 16:00

Around 16 billion records have been exposed so far this year. According to researchers, 8.4 billion were exposed in the first quarter of 2020 alone, a 273% increase from the first half of 2019 which saw only 4.1 billion exposed.


Over 5 Billion Unique Credentials Offered on Cyber Crime Marketplaces

Permalink - Posted on 2020-07-08 16:00

More than 15 billion username and password pairs have been offered on cybercrime marketplaces, including over 5 billion unique credentials, according to a report published on Wednesday by San Francisco-based risk protection solutions provider Digital Shadows.


Australians Ignoring Cyber Security Policies in Favor of Productivity

Permalink - Posted on 2020-07-08 16:00

61% acknowledge that using non-work applications on a corporate device is a security risk. However, just because most people understand the risks does not mean they stick to the rules, the survey highlights. 51% of employees admit to using a non-work application on a corporate device, and 68% of them have actually uploaded corporate data to that application. 37% often or always access corporate data from a personal device, and 7% of respondents admit to watching or accessing porn on their work laptop, and 7% access the dark web.


Organizations' Security Measures Failing to Keep Pace with BYOD Use

Permalink - Posted on 2020-07-08 16:00

Businesses are increasingly embracing the use of BYOD in the workplace but are not taking corresponding steps to protect corporate data. This is according to the Bitglass 2020 BYOD Report, in which 69% of IT professionals surveyed revealed that employees at their companies are allowed to use personal devices to perform work functions. A significant proportion of organizations also allow BYOD for contractors (26%), partners (21%), consumers (18%) and suppliers (16%).


NZ: Far North Council Scammed Out of $100,000 After Supplier's Email Hacked

Permalink - Posted on 2020-07-08 16:00

The cyber-attack occurred last December, when one of its Auckland-based supplier's emails was hacked and the council received a request to change the supplier's bank account details. The council implemented the change and paid $100,600.30 into the fraudulent bank account over the holiday period.


Casino App Clubillion Leaks PII on Millions of Users

Permalink - Posted on 2020-07-08 16:00

Unlike many similar discoveries, this online database was updated with huge amounts of users’ personal information every single day: in the region of 200 million new records, or 50GB, daily, and sometimes considerably more, according to vpnMentor.


65% of Organizations Saw at Least 3 OT System Intrusions Within the Past Year

Permalink - Posted on 2020-07-07 15:00

The majority of organizations (65%) experienced at least three operational technology (OT) system intrusions within the past year, up from 18% in 2019. Some nine out of 10 organizations said they saw at least one intrusion in the same time frame, a Fortinet report found.


Brazil's Hapvida Discloses Cyber Breach, Potential Client Data Leak

Permalink - Posted on 2020-07-07 15:00

Brazilian health insurer Hapvida said in a securities filing on Monday it has suffered a cyber attack potentially involving access to the personal information of its customers.


Try2Cry Ransomware Spreads via USB Drives

Permalink - Posted on 2020-07-07 15:00

Dubbed Try2Cry, the new piece of ransomware borrows functionality from Spora, which first emerged three years ago. Written in .NET, Try2Cry features a USB worm component similar to that previously observed in the njRAT remote access Trojan.


Manufacturing Sector Paid Out 62% of Total Ransomware Payments in 2019

Permalink - Posted on 2020-07-07 15:00

The manufacturing industry spent more than any other sector last year on ransomware payments, paying out $6.9m, according to a new study by Kivu Consulting. This represents 62% of the total $11m+ of ransoms transferred to cyber-criminals throughout 2019, despite manufacturing only making up 18% of all paid ransom cases.


UnityPoint Health Settles Lawsuit Regarding Data Breaches

Permalink - Posted on 2020-07-07 15:00

UnityPoint Health, which owns Meriter Health Services in Madison, agreed to a deal last month that would put to rest a case related to two separate data breaches that occurred in 2018. Possible information compromised in both events included names of patients, addresses and medical information, as well as for some, driver’s licenses, social security numbers and payment card or bank account numbers.


X-FAB Affected by Cyber Attack

Permalink - Posted on 2020-07-07 15:00

On July 5, 2020, X-FAB Group was the target of a cyber security attack. Following the advice of leading security experts engaged by X-FAB, all IT systems have been immediately halted. As an additional preventive measure, production at all six manufacturing sites has been stopped.


Texas County Sheriff's Office Suffers Ransomware Attack

Permalink - Posted on 2020-07-07 15:00

Hackers claim they stole data from the Cooke County Sheriff’s Office and are threatening to publish it online if their demands are not met. Attacks of this kind are trending across the country.


Texas Bicycle Sharing Company Breached by Malware

Permalink - Posted on 2020-07-07 15:00

A Fort Worth bicycle sharing service, BCycle, found the malware in April and launched an investigation, according to a company letter. The stolen information may have included names, credit card numbers and addresses.


Premier League Club Targeted in £100 Million BEC Scam

Permalink - Posted on 2020-07-07 15:00

Among nearly two million targets in a £380 million BEC scamming operation were a Premier league football team, a US lawyer and an international bank. The alleged scammer was arrested in Dubai.


Volume and Size of Fines for Data Breaches Expected to Rise

Permalink - Posted on 2020-07-06 17:00

The number and value of fines for data breaches is predicted to increase between now and 2025, according to a new study by DSA Connect. Interviews with 1000 workers between 24 and 27 April 2020 revealed that 37% think there will be an increase and 6% believe the rise will be dramatic. Just 3% expect a reduction.


Corporate Cybercrime Victims Double in Five Years

Permalink - Posted on 2020-07-06 17:00

Although large firms with over 250 employees were the most likely to suffer attacks, with over 87% impacted last year, smaller businesses (11-50 employees) experienced the steepest rise, from 28% in 2015 to 68% last year.


Flaw Fixed in Hotels.com Generator as Tesco Clubcard Users Impacted

Permalink - Posted on 2020-07-06 17:00

Tesco Clubcard users have been warned to check their accounts, after a weakness was discovered in the way that Hotels.com codes were generated, which then impacted Clubcard members as they tried to use their points.


U.S. Secret Service Reports an Increase in Hacked Managed Service Providers

Permalink - Posted on 2020-07-06 17:00

US Secret Service says hackers are breaching MSPs to orchestrate ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams.


Ransomware Attack on Insurance MSP Xchanging Affects Clients

Permalink - Posted on 2020-07-06 17:00

DXC Technology notified its investors in an 8-K form filed with the U.S. Securities and Exchange Commission that Xchanging has detected a ransomware attack on some of its systems.


EDP Energy Giant Confirms Ragnar Locker Ransomware Attack

Permalink - Posted on 2020-07-06 17:00

EDP Renewables North America (EDPR NA) confirmed a Ragnar Locker ransomware attack that affected its parent corporation's systems, the Portuguese multinational energy giant Energias de Portugal (EDP).


V Shred Data Leak Exposes PII, Sensitive Photos of Fitness Customers and Trainers

Permalink - Posted on 2020-07-03 16:00

Fitness brand V Shred exposed the personally identifiable information (PII) of over 99,000 customers and trainers -- and has yet to fully resolve the leaking database responsible.


BMW Customer Database for Sale on Dark Web

Permalink - Posted on 2020-07-03 16:00

A database of 384,319 BMW car owners in the U.K. is being offered for sale on an underground forum by the KelvinSecurity Team hacking group, according to KELA, a darknet threat intelligence firm, based in Tel Aviv.


One of Florida's Largest Orthopedic Providers Faces Class-Action Lawsuit After Data Breach

Permalink - Posted on 2020-07-03 16:00

Attorney John Yanchunis of Morgan & Morgan filed the lawsuit against the Florida Orthopedic Institute, seeking at least $99 million on behalf of patients and former patients citing a “failure to properly secure and safeguard protected health information,” according to the complaint filed June 30. The case filed in Hillsborough County seeks long-term identity theft protection for patients, payment for victims who suffer losses as a result of the breach and a court order to force the medical group to strengthen its cybersecurity methods going forward.


AU: Thousands of MyGov Accounts for Sale on Dark Web

Permalink - Posted on 2020-07-03 16:00

The MyGov accounts are among a list of more than 150,000 hacked ".com.au" logins available for sale on dark web marketplaces, where logins are sold for as little as a few cents and as much as several hundred dollars.


Up to 58,000 Individuals Impacted by Healthcare Fiscal Management Ransomware Attack

Permalink - Posted on 2020-07-03 16:00

An unauthorized individual gained access to HFMI systems on April 12, 2020 and deployed a ransomware payload the following day which encrypted data on its systems. The systems accessed by the attacker were found to contain the personal and protected health information of patients who received healthcare services at St. Mary’s between November 2019 and April 2020.


Credit Unions Can Serve Up Negligence Claim in Sonic Data Breach Case

Permalink - Posted on 2020-07-03 16:00

An Ohio federal judge ruled on Sonic Corp’s bid to dismiss claims brought by financial institutions over a 2017 data breach in which hackers accessed customers’ payment card data from 325 of its drive-in locations, allowing a negligence claim to proceed while nixing claims of negligence per se and for declaratory and injunctive relief.


Privacy Breach at DU Reveals Students' Personal Details

Permalink - Posted on 2020-07-03 16:00

A serious data privacy breach on the DU admit card 2020 download portal was noted by two Twitter users. Personal details of all Delhi University students are now easily available to the public.


40% of Security Pros say Half of Cyber Attacks Bypass Their WAF

Permalink - Posted on 2020-07-03 16:00

49% of security professionals reported more than a quarter of attempts to sidestep their WAF protocols had been successful in the last 12 months. In addition, as many as four in ten respondents disclosed that 50% or more of attacks had managed to get around their application layer firewall.


Woolies Hit with AU$1 Million Spamming Fine

Permalink - Posted on 2020-07-02 16:00

The Australian Communications and Media Authority (ACMA) has hit Woolworths Group with a fine of AU$1,003,800, the largest it has handed down, due to five million breaches of the Spam Act 2003 made between October 2018 and July 2019.


Ransomware Operators Demand $14 Million from Power Company

Permalink - Posted on 2020-07-02 16:00

The company has confirmed that it was hit with a cyberattack without providing specific information on the type of compromise, but AppGate’s security researchers, who have obtained a sample of the malware believed to have been used in the attack, are confident that the incident involves the Sodinokibi ransomware.


Magellan Health Ransomware Attack Impacts More Than 364,000 Individuals

Permalink - Posted on 2020-07-02 16:00

The incident has now been listed on the HHS’ Office for Civil Rights breach portal as affecting 6 Magellan entities, each of which has reported the incident separately. Several other entities have also submitted breach reports confirming their patients and subscribers have also been affected.


The California Consumer Privacy Act Is Now Being Enforced

Permalink - Posted on 2020-07-02 16:00

On July 1, 2020, enforcement of the California Consumer Privacy Act (CCPA) of 2018 began. The CCPA took effect on January 1, 2020 and all companies covered by the Act were given a 6 month grace period before compliance with the CCPA would be enforced, although compliance with the provisions of the Act have been mandatory since January 1, 2020.


Data Breach at CNY Works Career Center May Have Exposed Personal Information of 56,000 Clients

Permalink - Posted on 2020-07-02 16:00

Clients potentially impacted by the breach began receiving letters from the agency this week warning that files targeted by a suspected ransomware attack on the agency’s servers contained their names and Social Security numbers.


IBM Study says More Than Half of Indian Companies Report Data Breach in Last Two Years

Permalink - Posted on 2020-07-02 16:00

Cyberattacks have been on the rise in the last two years with 56 per cent of Indian organisations confirming that they had experienced a data breach that had lead to the loss or theft of more than 1,000 records containing sensitive or confidential customer or business information. The responses were part of a global survey conducted by Ponemon Institute and sponsored by IBM Security.


Hacker Ransoms 23k MongoDB Databases and Threatens to Contact GDPR Authorities

Permalink - Posted on 2020-07-02 16:00

A hacker has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password, a number that accounts for roughly 47% of all MongoDB databases accessible online, ZDNet has learned.


Italian Garante Fines Bank 600,000 Euros for Pre-GDPR Data Breach

Permalink - Posted on 2020-07-02 16:00

The sanction was imposed following a data breach that took place between April 2016 and July 2017 that the banking institution notified to the Garante at the end of July 2017. As a result of the breach, the personal data of over 700,000 customers, including contact details, employment data (e.g., salary information), education data, identification details and financial data (e.g., bank account number, information on loans, payment status and customers’ credit ratings), was unlawfully accessed.


Surge in Unique Clients Reporting Brute-Force Attack Attempts

Permalink - Posted on 2020-07-01 16:00

Despite the increasing importance of RDP, as well as other remote access services, organizations often neglect its settings and protection. Employees use easy-to-guess passwords, and without additional layers of authentication or protection, there is little that can stop cybercriminals from compromising an organization’s systems.


One Out of Every 142 Passwords Is '123456'

Permalink - Posted on 2020-07-01 15:00

The '123456' password was spotted 7 million times across a data trove of one billion leaked credentials, in one of the biggest password re-use studies of its kind.


Hackers Obtain Covid-19 Patient Database in Protest at Treatment of Indian Health Workers

Permalink - Posted on 2020-07-01 15:00

Hackers claim they have accessed the personal data of 80,000 Covid-19 patients in New Delhi stored on a local government website, in protest at the treatment of beleaguered healthcare workers.


Grays Harbor County Hospital Settlement

Permalink - Posted on 2020-07-01 15:00

Grays Harbor Community Hospital in Washington suffered a ransomware attack in 2019. Despite their best efforts, not all data was recoverable. And not surprisingly in our litigious society, a lawsuit was filed against it.


e-Learning Platform OneClass Exposed Data on Students, Lecturers

Permalink - Posted on 2020-07-01 15:00

An Elasticsearch database pertaining to e-learning platform OneClass was found to expose data on over one million students and lecturers, vpnMentor reveals.


California's CCPA Gets Teeth Today

Permalink - Posted on 2020-07-01 15:00

As of today, the California state government is enforcing the California Consumer Privacy Act (CCPA). Companies that don't comply with the law can expect stiff penalties from the government, along with potential consumer lawsuits.


Unsecured Chinese Companies Leak Users' Sensitive Personal and Business Data

Permalink - Posted on 2020-07-01 15:00

Research uncovered two unsecured databases, with millions of records, belonging to companies that are based in China and provide different types of services. One database belongs to Xiaoxintong, which offers multiple apps and services aimed at elderly care. The other database we discovered seems to be connected to Shanghai Yanhua Smartech tools, which provides services related to intelligent buildings. The database for Xiaoxintong, which serves more than 200 million elderly people in China, contains sensitive information such as GPS locations, mobile numbers, addresses, hashed passwords and more. The second database that may be from Shanghai Yanhua Smartech has even more sensitive data, such as easily-decoded audio files, names, employee ID numbers, heart rates, oxygen levels, GPS locations and more. Both databases are now closed.


Personal Details of 1.29 Million Limeroad Customers Up for Sale on Dark Web

Permalink - Posted on 2020-07-01 15:00

Even as online shoppers switch from Chinese apps to Indian e-commerce apps, US-based cyber security firm Cyble reported that fashion platform Limeroad’s customer database has suffered a breach with details of 1.29 million shoppers up for sale on the darkweb.


DDoS Attacks Jump 542% from Q4 2019 to Q1 2020

Permalink - Posted on 2020-06-30 16:00

In the first quarter of 2020, distributed denial-of-service (DDoS) attacks jumped more than 542% compared with the last quarter of 2019 and more than 278% year-over-year. NexusGuard researchers suggest the spike may be linked to a parallel increase in malicious cyber activity during the COVID-19 pandemic.


200% Increase in Invoice and Payment Fraud BEC Attacks

Permalink - Posted on 2020-06-30 15:00

Out of all types of BEC attacks, invoice and payment fraud BEC attacks are increasing in popularity. In April, these types of attacks comprised 14% of all BEC attacks, increasing to 17% in May.


Remote Employees Encounter 59 risky URLs per Week

Permalink - Posted on 2020-06-30 15:00

NetMotion recently aggregated a sample of anonymized network traffic data, searching specifically for evidence of users attempting to access flagged (or blocked) URLs, otherwise known as risky content. The analysis, which is derived from data gathered between May 30th – June 24th, 2020, revealed that employees clicked on 76,440 links that took them to potentially dangerous websites.


Businesses Lack a Workable Ransomware Recovery Strategy

Permalink - Posted on 2020-06-30 15:00

According to research from Ontrack of 484 organizations, 39% either did not have or were not unaware of a ransomware strategy, while 26% admitted they couldn’t access any working backups after an attack.


Personal Data of Thousands of Users from Four Continents Exposed in Bitcoin Scam

Permalink - Posted on 2020-06-30 15:00

A joint investigation of Group-IB’s Threat Intelligence and Brand Protection teams revealed 248,926 sets of personally identifiable information exposed in what turned to be a complex three-stage fraud designed to drag people into a shady bitcoin investment scheme.


Eight Cities Using Click2Gov Targeted in Magecart Skimming Attacks

Permalink - Posted on 2020-06-30 15:00

ince April 10, eight cities in three states using the Click2Gov web-based platform to collect payments for services have been hit with Magecart card-skimming attacks that still appear active. Credit card information including card number, expiration date and CVV, as well as personal information such as name and contact address, were being exfiltrated from the municipalities, which were not named.


Half of Internet Users Fall Victim to Cyber Attacks

Permalink - Posted on 2020-06-30 15:00

Brits hold steady at 55%, while 67% of Americans admit to having encountered malicious cyber activities while using their Internet-enabled devices. Computer viruses, phishing scams and stolen passwords were among the most common cyber-related incidents mentioned by user.


UnityPoint Health Reaches $2.8M Settlement Over 2018 Data Breach

Permalink - Posted on 2020-06-29 15:00

After two years of litigation and a partial dismissal, UnityPoint Health has reached a proposed $2.8M settlement with the 1.4 million patients impacted by two phishing-related data breaches.


UCSF Paid $1.4 Million Ransom in NetWalker Attack

Permalink - Posted on 2020-06-29 15:00

The disclosed technical details of the attack are obscure and insufficient to derive definitive conclusions about the origins and nature of this exorbitant incident.


Over 100k Daily Brute-Force Attacks on RDP in Pandemic Lockdown

Permalink - Posted on 2020-06-29 15:00

Telemetry data recorded by cybersecurity company ESET since December 1, 2019, shows a steep increase in the daily number of brute-force attacks against RDP. Between December 2019 and until February 2020, the values were between 70,000 and 40,000 daily attacks. The upward trend started in February when the number shot to 80,000. Since then, the values steadily rose and went past 100,000 in April and May, which corresponds to when most countries with a high number of COVID-19 infections had declared a national emergency and were in pandemic lockdown.


More Than 75% of All Vulnerabilities Reside in Indirect Dependencies

Permalink - Posted on 2020-06-26 16:00

JavaScript, Ruby, and Java are the ecosystems with most bugs in indirect dependencies.


Hackers Threaten to Leak Files Stolen from Australian Beverage Firm Lion

Permalink - Posted on 2020-06-26 16:00

Australian beverage company Lion says it has found no evidence that hackers have stolen information from its systems, but the hackers claim they have and are threatening to leak it unless the company pays up.


LifeLabs Failed to Protect the Personal Health Information of Millions of Canadians

Permalink - Posted on 2020-06-26 16:00

In November, 2019, Canadian testing laboratory provider LifeLabs disclosed a data breach. In February, 2020, it tried to block regulators from accessing a report on the breach prepared for it by Crowdstrike. Today, the B.C. and Ontario privacy commissioners released their report on the incident. It was highly critical of LifeLabs.


Domestic Abuse Victims Exposed in Cloud Misconfiguration

Permalink - Posted on 2020-06-26 16:00

Thousands of domestic violence victims have had their emergency distress messages exposed after a developer misconfigured a back-end AWS bucket. Researchers at vpnMentor led by Noam Rotem and Ran Locar found the voice recordings stored on a publicly accessible AWS S3 bucket.


Cyber Accounts for 26% of All Crimes in Singapore

Permalink - Posted on 2020-06-26 16:00

Accounting for 26.8% of all crimes in the country, cybercrime remains on an upwards trajectory with 9,430 cases reported last year and e-commerce scams leading the way.


Biggest-Ever Packets-per-Second DDoS Attack Hits Large European Bank

Permalink - Posted on 2020-06-26 16:00

Akamai said that the attack on a bank earlier this week was the largest ever packet per second (pps) distributed denial of service (DDoS) attack on its platform. The attack generated 809 million packets per second (Mpps). The targeted bank has not been revealed.


Chinese Bank Forced Western Companies to Install Malware-Laced Tax Software

Permalink - Posted on 2020-06-25 16:00

GoldenSpy installs two identical versions of itself, both as persistent autostart services. If either stops running, it will respawn its counterpart. Furthermore, it utilizes an exeprotector module that monitors for the deletion of either iteration of itself. If deleted, it will download and execute a new version. Effectively, this triple-layer protection makes it exceedingly difficult to remove this file from an infected system.


Personal Data of 350,000+ Social Media Influencers and Users Compromised Following Preen.Me Hack

Permalink - Posted on 2020-06-25 16:00

The personal information of an estimated 100,000+ social media influencers has been compromised and partially leaked, following the breach of social media marketing company, Preen.Me. Furthermore, as a result of this breach, over 250,000 social media users have had their information fully exposed on a deep web hacking forum.


Two-Year Data Breach at Florida Senior Care Provider

Permalink - Posted on 2020-06-25 16:00

Cano Health discovered in April 2020 that some email accounts belonging to its employees had been compromised by threat actors. After investigating the incident, the healthcare company found that the accounts had been accessed multiple times in a prolonged security breach that took place between May 18, 2018, and April 13, 2020.


Billions of Records of Web-Tracking Data Exposed by Oracle's BlueKai

Permalink - Posted on 2020-06-25 16:00

This month, Oracle’s BlueKai left exposed an unsecured database containing billions of records like names, home addresses, email addresses, and sensitive users’ web browsing activity — from purchases to newsletter unsubscribes.


33% Surge in Financial Fraud Attempts During COVID19 Lockdown

Permalink - Posted on 2020-06-25 16:00

Across all financial products, fraud rates increased by a third when compared with previous monthly averages. The largest increase was in fraudulent car and other asset finance applications, which saw a rise of 181%, followed by current accounts (35%) and then saving accounts (28%), according to Experian.


OneClass Unsecured S3 Bucket Exposes PII on More Than One Million Students, Instructors

Permalink - Posted on 2020-06-25 16:00

An unsecured database belonging remote learning platform OneClass has exposed information associated with more than a million students in North America who use the platform to access study guides and educational assistance.


IndiaMART Data Breach: 40,000 Company Records Discovered on Cyber Crime Forums

Permalink - Posted on 2020-06-25 16:00

A breach at online marketplace IndiaMART has leaked the sensitive data of more than 40,000 suppliers. IndiaMART is a business-to-business e-commerce site, connecting suppliers from across India. Last year, the official app had 10 million downloads.


Average Cost of a Data Breach Climbs to $116M

Permalink - Posted on 2020-06-24 15:00

The authors of the "Trends in Cybersecurity Breach Disclosures" report from Audit Analytics reviewed 639 cybersecurity breaches at public companies since 2011 and discovered that, on average, each cyber breach costs $116 million. The report found that in 2019, cybercriminals usually targeted customer names, addresses, and e-mail addresses (48%, 29%, and 28%, respectively). In 2018, names and credit card information were the most-sought types of information. Between 2011 and 2019, malware (34%) was the common commonly used method to obtain data, followed by phishing (25%), unauthorized access (20%), and misconfiguration (12% percent). However, almost half (43%) of companies that suffered a data breach kept the type of attack to themselves.


N.S. Government Reveals May Privacy Breach Involved 10,599 Unredacted Decisions

Permalink - Posted on 2020-06-24 15:00

The Nova Scotia government has now disclosed the number of unredacted decisions posted online in a May privacy breach by the Workers' Compensation Appeals Tribunal totalled 10,599. The decisions contained highly-sensitive information, including employer names, as well as employee names and their medical and psychiatric information. Until now, the government has said little about the error other than it was following the province's privacy breach protocol, which includes conducting a thorough investigation.


Threat Actor Sold Access to Networks of 135 Organizations

Permalink - Posted on 2020-06-24 15:00

Over a period of two years, a threat actor sold access to the compromised networks of 135 organizations in 44 countries and likely made over $1.5 million, Group-IB says.


German Court Orders Facebook to Rein in Data Collection

Permalink - Posted on 2020-06-24 15:00

A top German court on Tuesday ordered Facebook to stop merging data collected through its Whatsapp and Instagram subsidiaries or other websites unless users explicitly agree, in a legal victory for competition authorities.


American Medical Technologies Email Breach Affects 47,767 Patients

Permalink - Posted on 2020-06-24 15:00

American Medical Technologies, a Irvine, CA-based provider of wound care solutions and medical supplies, has discovered an unauthorized individual gained access to the email account of one of its employees and potentially accessed and copied the protected health information of some of its patients.


Over Two-Thirds of Q1 Malware Hidden by HTTPS

Permalink - Posted on 2020-06-24 15:00

Over two-thirds of malware detected in the first three months of the year was hidden in HTTPS encrypted tunnels in a bid to evade traditional AV, according to Watchguard.


Exposed Frost & Sullivan Databases for Sale on Hacking Forum

Permalink - Posted on 2020-06-24 15:00

U.S. business consulting firm Frost & Sullivan was breached after data from an unsecured backup folder exposed on the Internet was sold on a hacker forum.


Citing NY's SHIELD Act, NYSBA Approves Cyber Security CLE Requirement for All Attorneys

Permalink - Posted on 2020-06-23 16:00

Citing a rise in data breaches among New York law firms coupled with the recent enactment of the SHIELD Act that “creates, for the first time, substantive security requirements for persons or businesses that hold the ‘private information’ of New York residents”, the Committee on Technology and the Legal Profession recommended the adoption of a cybersecurity CLE. Because the SHIELD Act applies to “all law firms, even to solo practitioners and small law firms”, the Committee advocated for the requirement as an “important initiative”.


Vermont's Amendments to Data Breach Law and New Student Privacy Law Effective July 1, 2020

Permalink - Posted on 2020-06-23 16:00

The amendments to Vermont’s Security Breach Notice Act include expanding the definition of Personally Identifiable Information (“PII”), expanding the definition of a breach to include login credentials and narrowing the permissible circumstances under which substitute notice may be used.


Only 31% of Americans Concerned with Data Security, Despite 400% Rise in Cyber Attacks

Permalink - Posted on 2020-06-23 16:00

Less than one-third (31%) of Americans said they are concerned about their data security while working from home during the COVID-19 pandemic, a Unisys Security report found. Overall concerns around internet security, including computer viruses and hacking, have dropped since 2019, ranking the lowest among the four primary areas of security in the survey.


Oregon City Pays $48,000 Cyber Ransom

Permalink - Posted on 2020-06-23 16:00

The city of Keizer's computer system was successfully targeted by threat actors using ransomware in the early hours of June 10. The attack left officials unable to access either files or their email accounts for a full seven days.


Indiabulls Group Hit by CLOP Ransomware

Permalink - Posted on 2020-06-23 16:00

Indian conglomerate Indiabulls Group has allegedly been hit with a cyberattack from the CLOP Ransomware operators who have leaked screenshots of stolen data.


Irish Firms Pay Most for Cyber Attacks

Permalink - Posted on 2020-06-22 16:00

Irish firms suffer the highest median cost in Europe from cyber-attacks, at almost €92,000, a major new survey claims. Cyber incidents and breaches cost sampled Irish companies €113m over a six month period, with one unnamed Irish company suffering total cyber losses of €17.8m.


BlueLeaks: Data from 200 U.S. Police Departments and 'Fusion Centers' Published Online

Permalink - Posted on 2020-06-22 16:00

The data has been made available online on a searchable portal. According to the BlueLeaks portal, the leaked data contains more than one million files, such as scanned documents, videos, emails, audio files, and more


Online Fraudsters Steal £17m Over COVID19 Lockdown

Permalink - Posted on 2020-06-22 16:00

The UK’s National Fraud and Cybercrime Reporting Center claimed that online scams had snared 16,352 victims with online shopping and auction fraud since bricks and mortar stores were ordered to close on March 23.


Stalker Online Breach: 1.3 Million User Records Stolen

Permalink - Posted on 2020-06-22 16:00

Two databases were found on underground sites as part of a dark web monitoring project undertaken by the research outfit, one containing around 1.2 million records and another of 136,000 records.


230k+ Indonesian COVID-19 Patients' Records for Sale in the Darkweb

Permalink - Posted on 2020-06-22 16:00

The leaked dump includes name, address, present address, telephone number, citizenship, diagnosis date, result, result date, and many more. Cyble has analyzed the data and confirmed its authenticity, it also indexed the record in its data breach monitoring and notification service AmiBreached.com.


Pennsylvania Health System Hit by NetWalker Ransomware

Permalink - Posted on 2020-06-19 16:00

NetWalker ransomware operators have added Crozer-Keystone Healthy System to their list of victims who have not paid their ransom demands. As proof of claims, the threat actors posted a few screencaps. Several related to finances, one was fairly unreadable, and one was a directory of folders. None of the screencaps were of any medical records of patients.


The Smaller the Business, the Smaller the Focus on Cyber Security

Permalink - Posted on 2020-06-19 16:00

With 89% of small businesses moving to a remote workforce, there remains a significant gap between the perceived importance of cybersecurity protections for businesses with fewer than 10 employees and those with more than 10 employees.


Cyber Crisis Deepens at Lion as Second Attack Bites Beer Giant

Permalink - Posted on 2020-06-19 16:00

The Australia-based beverage giant behind beer brands Little Creatures, XXXX, Tooheys and James Squire has been hit by a second cyber attack after its manufacturing and IT systems were crippled by hackers demanding a ransom of reportedly $1 million last week.


Australian PM says Nation Under Serious Attacks Using Microsoft, Citrix, Telerik UI Bugs

Permalink - Posted on 2020-06-19 16:00

Journalists in the PM’s press conference immediately asked if China was a suspect, as the nation recently took offence at Australia’s call for an international inquiry into the source of the COVID-19 pandemic and appears to have retaliated with new trade disputes and advice that its citizens should not visit Australia as tourists or students. Morrison stonewalled when asked if China is the actor behind these attacks.


IT Giant Cognizant Confirms Data Breach After Ransomware Attack

Permalink - Posted on 2020-06-18 16:00

In a series of data breach notifications, IT services giant Cognizant has stated that unencrypted data was most likely accessed and stolen during an April Maze Ransomware attack. Cognizant is one of the largest IT managed services company in the world with close to 300,000 employees and over $15 billion in revenue.


Most COVID-19 Contact-Tracing Apps Are Not Adequately Secured

Permalink - Posted on 2020-06-18 16:00

Guardsquare researchers have unpacked and decompiled 17 Android contact-tracing apps from 17 countries to see whether developers implement name obfuscation, string, asset/resource and class encryption. They’ve also checked to see whether the apps will run on rooted devices or emulators (virtual devices). The results? Only 41% of the apps have root detection. Only 41% include some level of name obfuscation. Only 29% include string encryption. Only 18% include emulator detection. Only 6% include asset/resource encryption. Only 6% include class encryption.


83% of Global 2000 Enterprises Have Not Adopted Basic Domain Security Practices

Permalink - Posted on 2020-06-18 16:00

These security shortfalls are the direct result of not executing proper domain security techniques. Domain security cannot be an afterthought, and there needs to be a conscious effort to make this an intentional and critical part of every company’s overall cyber security posture, especially as criminals evolve their attack methods.


Aerospace Executives Targeted via LinkedIn Recruitment Messages

Permalink - Posted on 2020-06-17 16:00

According to new research from ESET, the technique involved threat actors contacting the executives via LinkedIn posing as recruiters. Named Operation In(ter)ception, the actions took place from September to December 2019 and began with what ESET called “a quite believable job offer, seemingly from a well-known company in a relevant sector” and contained a OneDrive link which contained a PDF document with salary information related to the fake job offer. However, ESET malware researcher Dominik Breitenbacher said malware was silently deployed on the victim’s computer giving the attacker “an initial foothold and reached a solid persistence on the system.”


Keizer City Computers Hacked, $48,000 Ransom Demanded

Permalink - Posted on 2020-06-17 16:00

The city of Keizer’s computer system was hacked on Wednesday, June 10, and officials were only able to regain access to the data by paying the perpetrators a $48,000 ransom.


RCMP Warn of Ransomware Scam After Business Hacked, $270,000 Extorted

Permalink - Posted on 2020-06-17 16:00

RCMP is warning the public about a type of scam targeting businesses after a recent report received by Halifax District RCMP. Police received the report from a business that had their network hacked with ransomware. The hackers demanded $270,000 to reinstate their network.


Cyber Crime and Cryptocurrency Exchange Hacks Up by 75% During Coronavirus Pandemic

Permalink - Posted on 2020-06-17 16:00

With more people working from home, online crime increased by 75%, some of which are enabled by anonymous cryptocurrencies. Congressman Emanuel Cleaver of Missouri said an FBI report revealed daily cyber crimes increased by 75% during the COVID-10 pandemic. He made his opening remark during the United States House meeting on illegal digital activities. According to Cointelegraph, Tom Kellermann, head of cybersecurity at VMware, said the finance industry got hit the hardest with a 238% increase in related digital crime and a 900% increase in ransomware attacking the industry.


DraftKings Discloses SBTech Ransomware Attack in SEC Filing

Permalink - Posted on 2020-06-17 16:00

In a Form S-1 filed with the SEC today, DraftKings disclosed that SBTech, who they merged with in April, was hit by a ransomware attack at the end of March 2020.


30,000+ Italian Sales Agents' Personal Data, IDs Leaked

Permalink - Posted on 2020-06-17 16:00

We recently uncovered an unsecured Amazon Simple Storage Service (S3) bucket that contains more than 36,000 documents, including scans of national IDs, credit cards, and health insurance cards. The database also contains sales representative enrollment contracts that include personally identifiable information such as full names, addresses, tax identification numbers, and signatures of mostly Italian citizens.


Hosting Provider Hit with Largest-Ever DDoS Attack

Permalink - Posted on 2020-06-17 16:00

Attackers leveled a massive distributed denial-of-service attack against a specific website in early June, topping a bandwidth of 1.44 terabits-per-second and 385 million packets-per-second, the largest volumetric attack encountered by Internet infrastructure firm Akamai.


Chipmaker MaxLinear Reports Data Breach After Maze Ransomware Attack

Permalink - Posted on 2020-06-16 16:00

U.S. system-on-chip (SOC) maker company MaxLinear disclosed that some of its computing systems were encrypted by Maze Ransomware operators last month, after an initial breach that took place around April 15.


eBay Executives Charged with Cyber Stalking Critics

Permalink - Posted on 2020-06-16 16:00

The executives, who no longer work for the online marketplace, allegedly sent a stream of terrifying deliveries to the homes of the newsletter's editor and publisher and their neighbor. Sinister deliveries received by the couple over a period of weeks included a bloody pig mask, a wreath of funeral flowers, and live spiders and cockroaches.


46% of SMEs Sharing Confidential Files by Email During Lockdown

Permalink - Posted on 2020-06-16 16:00

Nearly half of small and medium-sized enterprises (SMEs) regularly share confidential files via email, including financial and employee data in spreadsheets, according to a new study from the Lanop Accountancy Group. This is despite the fact that 60% have not upgraded their organizations’ cybersecurity capabilities since shifting to remote working during COVID-19.


Ransomware Attacks Reported by Rangely District Hospital and Electronic Waveform Lab

Permalink - Posted on 2020-06-16 16:00

Rangely District Hospital in Colorado has started notifying patients that some of their protected health information was stored on parts of its network that were affected by an April 2020 ransomware attack.


Cano Health Discovers 2-Year Email Account Breach

Permalink - Posted on 2020-06-16 16:00

The Florida-based population health management company and healthcare provider Cano Health has discovered the email accounts of three employees have been accessed by an unauthorized individual who set up a mail forwarder on the email accounts that sent emails to external addresses.


Mobile Threats Delivered by Adult Content Double

Permalink - Posted on 2020-06-16 16:00

Kaspersky's review of 2019 threat activity discovered that the number of mobile users attacked by threats disguised as pornographic content grew two-fold in 2019, reaching 42,973 users, compared to the 19,699 targeted in 2018.


83% of Forbes 2000 Companies' Web Domains Are Poorly Protected

Permalink - Posted on 2020-06-16 16:00

Only a handful have controls against domain-name hijacking, DNS modifications, and other threats, a new CSC study finds.


Magecart Attackers Hit Claire's, Intersport Web Shops

Permalink - Posted on 2020-06-15 16:00

The skimmer was served from a domain made to look like it might belong to the company (claires-assets.com), and it was added to the two online stores between April 25th and 30th.


Live Event Manufacturer Reveals Employee Data Breach

Permalink - Posted on 2020-06-15 16:00

Tait Towers Manufacturing produces rigging, lighting and other equipment for concerts, theatrical performances and the like. It claims to have worked on many of the highest-grossing concert tours of all time. The US-headquartered multinational waited nearly two months before last week disclosing an incident which was detected on April 6, but began on February 16. The firm said an unauthorized third party had accessed a server and some employee email accounts.


Norway Suspends Virus-Tracing App After Privacy Concerns

Permalink - Posted on 2020-06-15 16:00

Norway's health authorities said on Monday they had suspended an app designed to help trace the spread of the new coronavirus after the national data protection agency said it was too invasive of privacy.


Exposed Cloud Databases Attacked 18 Times a Day

Permalink - Posted on 2020-06-15 16:00

The largest number of attacks (22) on any one day came just after the instance was indexed by Shodan. In fact, two attacks came in just a minute after it was indexed. This according to a new study from Comparitech.


Complexity and Size of DDoS Attacks Have Increased

Permalink - Posted on 2020-06-15 16:00

The complexity and size of DDoS attacks in 2019 has increased significantly compared to 2018. A report published by NaWas by NBIP concludes that despite the number of attacks has decreased slightly over 2019, their complexity and size has increased significantly.


Accidental Loss of Database Leads to Outage, Potential Threat for Jenkins Artifactory Portal

Permalink - Posted on 2020-06-15 16:00

Accidental deletion of user data can cause severe consequences, like a loss of users' trust on any organization. In a recent incident, accidental deletion of user database by Jenkins created a loophole, that could have allowed threat actors to hijack the user accounts of Jenkins plugin authors.


Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More

Permalink - Posted on 2020-06-15 16:00

3somes, Gay Daddy Bear, and Herpes Dating are among the nine services that leaked the data of hundreds of thousands of users.


South African Bank to Replace 12 Million Cards After Employees Stole Master Key

Permalink - Posted on 2020-06-15 16:00

Postbank says employees printed its master key at one of its data centers and then used it to steal $3.2 million.


Delivery Hero Confirms Foodora Data Breach

Permalink - Posted on 2020-06-15 16:00

Breached information from 14 countries includes personal details for 727,000 accounts - names, addresses, phone numbers and hashed passwords. It also contains latitude and longitude coordinates to six decimal points, which is accurate to within just a few inches. No financial data was leaked.


Sapiens Pays $250,000 in Bitcoin to Hackers Who Took Over Its Computers

Permalink - Posted on 2020-06-15 16:00

Nasdaq and Tel Aviv listed Israeli software company Sapiens International Corp. N.V. was forced to pay $250,000 ransom in Bitcoin to hackers that threatened to shut down its computers, a person with knowledge of the matter told Calcalist on condition of anonymity. The company, which is based out of the Tel Aviv suburb of Holon did not report the matter to the American or Israeli exchange authorities. Sapiens specializes in developing software for insurance and finance companies and has hundreds of clients around the world.


Lion Warns of Beer Shortages Following Ransomware Attack

Permalink - Posted on 2020-06-12 16:00

Australian beverage giant Lion on Friday added further detail to the cyber incident it disclosed earlier this week, confirming it fell victim to a ransomware attack.


12,000+ Indian Blood Donors' PII and Passwords Leaked

Permalink - Posted on 2020-06-12 16:00

A CloudSEK researcher discovered posts on 2 forums advertising a database of Indian blood donors registered on http://www.indianblooddonors.com/index.php. The posts claimed that the database, which contains donors’ Personally Identifiable Information (PII), blood type, and passwords in plain text, was available for free. So, we were able to obtain the complete database at no cost to validate its contents.


Authorities Probe Radio, Website Disruptions During Protests

Permalink - Posted on 2020-06-12 16:00

Authorities are investigating interference with police radio communications, websites and networks used by law enforcement and other officials during recent U.S. protests over the death of George Floyd in Minneapolis.


New York Accounting Firm Facing Class Action Lawsuit Over Maze Ransomware Attack

Permalink - Posted on 2020-06-12 16:00

The lawsuit alleges BST & Co. was negligent for failing to take appropriate and reasonable steps to prevent the attack and did not provide a prompt an accurate notice to affected patients. The lawsuit also alleges the company breached its fiduciary duty to protect sensitive patient information and violated state laws related to deceptive business practices.


Lawsuit Filed Against Accounting Firm in Patient Data Hack

Permalink - Posted on 2020-06-12 16:00

A proposed class action lawsuit filed against an accounting firm in the wake of a 2019 ransomware incident that allegedly exposed patient information serves as the latest reminder of the security and privacy risks posed by vendors.


Fortune 500 Insurance Firm Genworth Discloses Data Breach

Permalink - Posted on 2020-06-12 16:00

Fortune 500 insurance holding company Genworth Financial disclosed a data breach after an unauthorized party gained access to insurance agents' online accounts using compromised login credentials. The U.S. mortgage and long term care insurer had revenue of $8,6 billion during the last fiscal year and it reached a deal with China Oceanwide Holdings Group that will allow the Chinese company to buy Genworth for $2.7 billion.


Knoxville Shuts Down IT Network Following Ransomware Attack

Permalink - Posted on 2020-06-11 16:00

The attack took place last night, between June 10 and June 11. The city's IT department did not detect the intrusion until it was too late and the ransomware had already encrypted multiple systems.


Police Officers' Personal Info. Leaked Online

Permalink - Posted on 2020-06-11 16:00

Personal information of police officers in departments nationwide is being leaked online amid tense interactions at demonstrations across the U.S. over the police custody death of George Floyd and others, according to an unclassified intelligence document from the U.S. Department of Homeland Security, obtained by The Associated Press.


Macy's Pays $192,000 to Settle Data Breach Suit

Permalink - Posted on 2020-06-11 16:00

The class-action lawsuit was brought after a third party managed to obtain customer information from the company in spring 2018. In the suit, plaintiff Anna Carroll accused the 162-year-old company of failing to properly secure customer data against cyber-attackers.


MAZE Attacks Victoria Beckham's Advisory Firm

Permalink - Posted on 2020-06-11 16:00

The threat group MAZE claims to have carried out a cyber-attack on a mergers and acquisitions firm whose client list includes former Spice Girl and fashion designer Victoria Beckham.


TA410 Targets U.S. Energy Providers Using New FlowCloud RAT

Permalink - Posted on 2020-06-11 16:00

A new wave of spear-phishing campaigns has been identified by Proofpoint researchers targeting US-based energy providers. The threat actor, tracked as TA410, also tried to pose as another hacking group, namely TA429 (APT10).


Average Cost of DNS Attacks Hovering Around $924,000

Permalink - Posted on 2020-06-11 16:00

In terms of regional damage from DNS attacks, North America leads the way with the average cost of attack at $1,073,000. This is a modest decrease by about 1.36% from the year prior. And while the United States saw nearly a 4% decrease in attack damages, it still has the highest cost globally at $1,082,710.


Hackers Breached A1 Telekom, Austria's Largest ISP

Permalink - Posted on 2020-06-11 16:00

A1 needed more than six months to kick the hackers off its network. Whsitleblower claims the intruders were Chinese hackers.


Health Sector Most Targeted by Hackers, Breach Costs Rise to $17.76 Billion

Permalink - Posted on 2020-06-10 17:00

ForgeRock’s annual consumer identity breach report found the healthcare sector was the most targeted by hackers in 2019, which has continued into 2020. And its 382 data breaches cost the sector more than $2.45 billion.


60% of Organizations to Suffer Email Attacks

Permalink - Posted on 2020-06-10 17:00

A survey from email and data security firm Mimecast revealed that nearly 60% of organizations believe that they will likely suffer from an email-borne attack in the coming year. And 77% of respondents stated that they are introducing a cyber resilience strategy, with 31% of respondents citing data loss; 31% of them stated a decrease in employee productivity, and 29% reported business downtime due to lack of cyber resilience preparedness.


FTC Reaches Settlement with Kohl's in Failure to Notify Customers of Identity Theft

Permalink - Posted on 2020-06-10 17:00

Kohl’s Department Stores, Inc. has agreed to pay a civil penalty of $220,000 to settle Federal Trade Commission allegations that the Wisconsin-based retailer violated the Fair Credit Reporting Act (FCRA) by refusing to provide complete records of transactions to consumers whose personal information was used by identity thieves.


Everett & Hurite Ophthalmic Association Email Breach Impacts 34,000 Patients

Permalink - Posted on 2020-06-10 17:00

The Everett & Hurite Ophthalmic Association (EHOA), a team of ophthalmology specialists serving Pittsburgh, PA & Warrendale, PA, has discovered an unauthorized individual gained access to the email account of one of its employees and potentially viewed patient information.


Attacks on Cloud Services Increased by 630% Between January and April

Permalink - Posted on 2020-06-10 17:00

COVID-19 has forced businesses to close their offices and allow employees to work from home. Cloud services have been provisioned to support home working and communication solutions such as Zoom, Cisco WebEx, and Microsoft Teams have allowed remote workers in collaborate effectively.


Healthcare Provider Babylon Reports Data Breach

Permalink - Posted on 2020-06-10 17:00

Whilst the company said it has fixed an issue where video recordings of other patients' consultations could be accessed, and notified regulators, one UK-based user found he had access to 50 videos in the Consultation Replays section of the app, and one contained footage of another person's appointment.


FCC Failed to Monitor Chinese Telecoms for Almost 20 Years

Permalink - Posted on 2020-06-10 17:00

After a year-long investigation, the staff report by the US Senate's Permanent Subcommittee on Investigations "found that the FCC and 'Team Telecom'—an informal group comprised of officials from the Departments of Justice, Homeland Security, and Defense—have failed to monitor these three Chinese government-owned carriers," a joint announcement by the subcommittee's Republican and Democratic leaders said. The three carriers the subcommittee referred to are China Telecom Americas (CTA), China Unicom Americas (CUA), and ComNet USA. The companies "operated in the US for nearly 20 Years with little to no oversight from the federal government," the senators' announcement said.


F&P Appliances Latest to Be Hit by Ransomware Attack

Permalink - Posted on 2020-06-10 17:00

Fisher & Paykel Appliances is the latest big brand name to be struck down by ransomware, shutting down its operations while it recovered following the attack.


Nintendo Confirms Over 300,000 Accounts Compromised After Cyber Attack

Permalink - Posted on 2020-06-10 17:00

It was back in April when Nintendo, a Japanese video game company, revealed a major data breach where about 160,000 accounts of Nintendo Switch users were compromised. Now, the video game giant has confirmed that more number of users were affected by the breach than previously known, bringing the total number of breached user accounts to 300,000.


U.S. Companies Lost Over $1.2 Trillion Due to Data Breaches in 2019

Permalink - Posted on 2020-06-10 17:00

Cybercriminals will continue to refine their attack vectors to execute a greater volume of attacks than ever before to pilfer consumer data. Therefore, enterprises need to critically evaluate their digital identity management strategies for weaknesses and work upon them accordingly.


Honda Confirms Its Network Has Been Hit by Cyber Attack

Permalink - Posted on 2020-06-09 17:00

Honda, the Japanese car manufacturer, has confirmed it has been hit with a cyber attack which has impacted some of its operations, including production systems outside of Japan.


Phishing Attack Hits German Coronavirus Task Force

Permalink - Posted on 2020-06-09 17:00

More than 100 executives at a multinational company that’s part of a German task force for creating coronavirus protective gear, were targeted in an ongoing phishing attack.


Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Permalink - Posted on 2020-06-09 17:00

In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet.


56% of Employees Use Personal Computers to WFH

Permalink - Posted on 2020-06-09 17:00

Using nonwork authorized tech at home places company data at risk, especially since 23% of employees are unsure what security protocols exist on their devices, Morphisec found.


University of Utah Health Suffers Further Phishing Attack

Permalink - Posted on 2020-06-09 17:00

This is the third phishing incident to be reported to the HHS’ Office for Civil Rights by the University of Utah this year. The previous incidents were reported on March 21 and April 3 and affected 3,670 and 5,000 patients respectively.


Cyber-Incidents Surge 366% at NASA

Permalink - Posted on 2020-06-09 17:00

New research published yesterday by virtual network provider AtlasVPN found NASA suffered 315 cyber-incidents in 2018. In 2019, that figure shot up to 1,469.


41% of U.K. Workers Haven't Received Adequate Cyber Security Training

Permalink - Posted on 2020-06-09 17:00

An average of 41% of UK employees across all sectors have not received adequate cybersecurity training, which is leaving businesses and individuals vulnerable to attacks, according to a new study by Specops Software. Travel and hospitality was the sector with the worst record, with 84% of staff stating they have not received sufficient training. The findings come just weeks after easyJet suffered a data breach in which details of nine million of its customers were accessed.


Cyber Crime Against Retail Brands Is Up 41% During Pandemic

Permalink - Posted on 2020-06-09 17:00

A dramatic uptick in scams, counterfeiting, and hacking plague retail and e-commerce industries during the coronavirus crisis, as businesses try to define their new normal.


Hackers Strike at Life Healthcare

Permalink - Posted on 2020-06-09 17:00

Admissions systems, business processing systems and e-mail servers have been taken offline by the Life Healthcare Group, which confirmed on Tuesday that its southern African operation has been the victim of a targeted criminal attack on its IT systems.


60% of Organizations Expect to Suffer from an Email-borne Attack

Permalink - Posted on 2020-06-09 17:00

Mimecast (MIME), a leading email and data security company, today unveiled its fourth-annual State of Email Security 2020 report. This report summarizes details from 1,025 global IT decision makers on the current state of cybersecurity. Providing year-over-year comparisons, along with Mimecast’s analysis from the first 100-day period of the coronavirus public health crisis, the report is designed to both offer valuable insights into recent attack trends organizations are challenged with and to serve as a guide to drive continuous improvement to any organization’s cyber resilience strategy.


Drinks Giant Lion Hit by Cyber Attack as Hackers Target Corporate Australia

Permalink - Posted on 2020-06-09 17:00

Lion employs approximately 7000 people across Australia and its dairy and drinks business, which employs 2300 workers, is currently the subject of a $600 million takeover bid by Chinese dairy giant Mengniu, part-owned by Chinese state-owned food processor COFCO.


Canada's Fitness Depot Alerts Customers to Data Breach

Permalink - Posted on 2020-06-08 16:00

The retailer reports cybercriminals infected its online store and used a fraudulent form to steal shoppers' information.


Singapore's Move to Introduce Wearable Devices for Contact Tracing Sparks Public Outcry

Permalink - Posted on 2020-06-08 16:00

Online petition urging the public to reject the use of wearable devices for COVID-19 contact tracing has garnered more than 17,500 signatures, as concerned Singapore residents highlight the potential deployment as too intrusive and a breach of their privacy.


Fears Patient Files at Hockley GP Surgery Hacked

Permalink - Posted on 2020-06-08 16:00

The surgery has 8,839 patients. A text message has been sent to all adults on its books.


San Beda Student Portal Hacked, Personal Data of Thousands Stolen

Permalink - Posted on 2020-06-08 16:00

A still unidentified hacker has infiltrated the online student portal of San Beda University (SBU), gaining access to personal information and social media passwords of thousands of students and apparently releasing them online.


Details of COVID-19 Patients Leaked in Tiruvarur

Permalink - Posted on 2020-06-08 16:00

In a shocking instance of breach of privacy, names, addresses and contact numbers of at least two COVID-19 patients who are currently being treated at the Thiruvarur Medical College and Hospital were circulated on social media apps. One of the patients has been receiving calls from strangers inquiring about his well-being, this breach of privacy has also led to his family being discriminated against by their neighbours.


Everett & Hurite Ophthalmic Association Discloses Breach Involving Protected Health Information

Permalink - Posted on 2020-06-08 16:00

EHOA became aware of unusual activity related to an employee email account. Aat the time of the incident the email account contained patient data.


$107,000 Stolen from Kentucky Employees' Health Plan Members in Two Recent Cyber Attacks

Permalink - Posted on 2020-06-08 16:00

The Commonwealth of Kentucky Personnel Cabinet has announced that two data breaches occurred between late April and Early May. The attacks resulted in the exposure of the protected health information of around 1,000 members of the Kentucky Employees’ Health Plan.


CPA Canada Breach Hits Over 300,000 Accountants

Permalink - Posted on 2020-06-08 16:00

The Chartered Professional Accountants of Canada (CPA Canada) revealed in a statement that an unauthorized third party had managed to access personal information after compromising the organization’s website.


80% of Hacking Attacks Linked to Bad Password Habits

Permalink - Posted on 2020-06-08 16:00

Nearly 80% of hacking attacks are password-related breaches, claims a latest report by Secure Link. As per the report, even in 2017, almost the same amount of hacking-related breaches were linked to passwords. And the trend has continued, says the report terming it a cause of concern.


VT San Antonio Aerospace Hit with Ransomware Attack

Permalink - Posted on 2020-06-08 16:00

A criminal group known as Maze “gained unauthorized access to our network and deployed a ransomware attack,” according to a Friday statement by Ed Onwe, vice president and general manager of the company, which is a subsidiary of the North American headquarters of Singapore’s ST Engineering Ltd.


Third of People Hold Chief Executive Personally Responsible for Cyber Attacks

Permalink - Posted on 2020-06-08 16:00

A survey by data protection firm Veritas Technologies found that more than a third (35%) of UK consumers would see a business leader as personally responsible if a cyber breach of that business occurs. It suggests that more than two-thirds (68%) believe they should be compensated when incidents such as ransomware attacks compromise their data, while 8% said they would like to see chief executives sent to prison if such a breach does take place.


FTC Slams Children's App Developer for COPPA Violations

Permalink - Posted on 2020-06-05 16:00

Children’s app developer HyperBeard has agreed to pay $150,000 after being accused by the Federal Trade Commission (FTC) of illegally collecting children’s data without parental consent.


CPA Canada Discloses Data Breach Affecting 329,000 Individuals

Permalink - Posted on 2020-06-05 16:00

CA Canada is a national organization with more than 217,000 Chartered Professional Accountants as members and one of the largest national accounting bodies in the world.


Enterprise Mobile Phishing Increased by 37% in Q1 2020

Permalink - Posted on 2020-06-05 16:00

Unmitigated mobile phishing threats could cost organizations with 10,000 mobile devices as much as $35 million per incident, and up to $150 million for organizations with 50,000 mobile devices.


Business Services Giant Conduent Hit by Maze Ransomware

Permalink - Posted on 2020-06-05 16:00

The Maze Ransomware operators are claiming to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network. Conduent is a New Jersey, USA based business services firm with 67,000 employees and a 2019 business revenue of $4.47 billion.


Aeries Software Breached and Over 150 School Districts Compromised

Permalink - Posted on 2020-06-04 16:00

There’s a sudden wave of notifications of a breach reaching the parents of students of about 150 School Districts in the United States. Examples from the California office of data protection come from the San Bernardino City, the Yucaipa-Calimesa, and Rocklin. The common denominator in all of the cases is the use of the “Aeries” online student information system and online portal. Apparently, Aeries discovered that someone gained unauthorized access to their systems back in November 2019, and accessed student and parent information stored there. Aeries clarified that the infiltrators exploited a bug in their systems that they have fixed now.


Denial of Service Attacks Against Advocacy Groups Skyrocket 1,120% During Protests

Permalink - Posted on 2020-06-04 16:00

In figures published Tuesday, the internet security firm Cloudflare said it blocked more than 135 billion malicious web requests against advocacy sites, compared to less than 30 million blocked requests against U.S. government websites, such as police and military organizations.


San Francisco Retirement Program SFERS Suffers Data Breach

Permalink - Posted on 2020-06-04 16:00

In a data breach notification filed today, SFERS stated that one of their vendors had set up a test environment that included a database containing the information for approximately 74,000 SFERS members.


Cyber Criminals Exposed 5 Billion Records in 2019, Costing U.S. Organizations Over $1.2 Trillion

Permalink - Posted on 2020-06-04 16:00

Cybercriminals exposed over 5 billion records in 2019, costing over $1.2 trillion to U.S. organizations, according to ForgeRock. Coupled with breaches in 2018 costing over $654 billion, breaches over the last two years have cost U.S. organizations over $1.8 trillion.


Google Faces $5B Lawsuit for Tracking Users in Incognito Mode

Permalink - Posted on 2020-06-04 16:00

A proposed class-action lawsuit filed earlier this week accuses Google of violating users' privacy by collecting their data while they searched the Web in "incognito mode," or private browsing.


Hackers Are Targeting Smartphones as Way into the Company Network at an Increasing Rate

Permalink - Posted on 2020-06-03 17:00

Analysis by cybersecurity company Lookout found that there's been a 37% increase in mobile phishing attacks worldwide between the last three months of 2019 and the first few months of 2020 alone.


Most Companies Suffered a Cloud Data Breach in the Past 18 Months

Permalink - Posted on 2020-06-03 17:00

Nearly 80% of the companies had experienced at least one cloud data breach in the past 18 months, and 43% reported 10 or more breaches, a new Ermetic survey reveals.


Data Breach Lawsuit Filed Against Aveanna Healthcare

Permalink - Posted on 2020-06-03 17:00

Marianne Kolbasuk McGee reports that Aveanna Healthcare has been sued over a July, 2019 breach that it discovered in August, 2019. The breach was disclosed in February of 2020 as potentially impacting more than 166,000 patients. The incident was one of all-too-many incidents where threat actors gained access to a number of employees’ email accounts, and then the covered entity needed to wade through all of the employee email accounts for information as to which patients had what kinds of protected health information in the email accounts or attachments to emails. And as in all-too-many cases I’ve covered over the past year or more, the process of investigating took much longer than the 60 days from initial discovery, and even then, Aveanna could not determine whether any emails were actually accessed or not.


Kaiser Permanente Discovers 8-Year Employee HIPAA Breach

Permalink - Posted on 2020-06-03 17:00

The privacy breach was discovered in late March and the employee was placed on administrative leave while an internal investigation was conducted. Kaiser Permanente was unable to find any legitimate work reason for the employee accessing the records and determined that the access fell outside of the scope of the employee’s job functions. The first instance of unauthorized access occurred in 2012 and the employee continued to access radiology records until her actions were discovered in March 2020.


Chicago Police Scanner Jammed by Hackers Amid Riots

Permalink - Posted on 2020-06-03 17:00

An investigation has been launched after hackers gained access to the emergency radio system used by the Chicago Police Department over the weekend.


Hackers Steal Secrets from U.S. Nuclear Missile Contractor

Permalink - Posted on 2020-06-03 17:00

Cyber extortionists have stolen sensitive data from a company which supports the US Minuteman III nuclear deterrent.


Over 100,000 National IDs of Indians Put on Dark Net for Sale

Permalink - Posted on 2020-06-03 17:00

Over 1 lakh scanned copies of Indians' national IDs, including Aadhaar, PAN card and passport, have been put on dark web for sale, cyber intelligence firm Cyble said on Wednesday. The leaked data seems to have originated from a third party and not from the government system, according to a report by Cyble.


Ransomware Gang says It Breached One of NASA's IT Contractors

Permalink - Posted on 2020-06-03 17:00

DopplePaymer ransomware gang claims to have breached DMI, a major US IT and cybersecurity provider, and one of NASA IT contractors.


Misconfigured Joomla Cloud Infrastructure Causes Yet Another Breach

Permalink - Posted on 2020-06-03 17:00

Misconfigured cloud configurations have often resulted in a leak of sensitive data, creating an embarrassing situation for the organization owning the data. In the latest incident, Joomla’s internal team made this blunder, exposing the details of their registered users.


Companies Fall Short on Mandatory Reporting of Cybercrimes

Permalink - Posted on 2020-06-02 19:00

In its "State of Cybersecurity 2020" report, education and certification organization ISACA found 62% of 2,051 surveyed cybersecurity professionals think their companies under-reported cybercrimes and, in two-thirds of cases, think the reporting of cybercrimes is mandated by regulation or law. Only 16% of companies accurately report cybercrimes, respondents said


Huge Rise in Enterprise Mobile Phishing During Q1 of 2020

Permalink - Posted on 2020-06-02 19:00

Enterprise mobile phishing encounters increased by 37% in the first quarter of 2020 compared with quarter four of 2019, according to the Lookout 2020 State of Mobile Phishing Spotlight Report. The rate of growth was especially high in North America, at 66.3%, exacerbated by the unprecedented rise in people working from home due to the COVID-19 crisis.


Breach Victims Rarely Change Passwords

Permalink - Posted on 2020-06-02 19:00

Even after being notified that their personal data has been compromised in a breach, only about a third of users change their passwords - and most of these are not strong or unique, according to a study by researchers at Carnegie Mellon University.


Hackers Leak Data Stolen from U.K. Electricity Market Administrator Elexon

Permalink - Posted on 2020-06-02 19:00

It turns out that the company was targeted by a group that launches attacks using a piece of ransomware known as Sodinokibi and REvil, and the hackers have made available some files stolen from Elexon.


Hackers Have Access to Data from Nigerian and Kenyan Universities

Permalink - Posted on 2020-06-02 19:00

Techpoint can confirm that the websites and databases of two Nigerian universities — Ahmadu Bello University (ABU), Zaria and the University of Benin (UNIBEN), Benin City — and Mount Kenya University, Thika, Kenya are porous, vulnerable and in urgent need of attention.


Agromart's Data Up for Auction While Threat Actors Publish Victim's Emails About the Attack

Permalink - Posted on 2020-06-02 19:00

Bidders need to register on their auction site, deposit $5,000.00, and then make an opening bid of at least $50,000.00 The “blitz” price is $100,000.00.


Over 460 Million Records Exposed in Breach Incidents Reported in May

Permalink - Posted on 2020-06-02 19:00

The figure is a very conservative estimate as it reflects only publicly reported events. In many cases, the amount of data exposed to unauthorized users was not provided, so the number is likely much higher.


8Belts Exposes Personal Data of 100,000 E-Learners Globally

Permalink - Posted on 2020-06-02 19:00

VpnMentor’s cybersecurity research team led by researchers Noam Rotem and Ran Locar discovered a data breach involving popular Spanish e-Learning platform 8Belts. Researchers claim that the data got exposed because it was stored on a misconfigured Amazon Web Services (AWS) S3 bucket. Thousands of e-learners from across the globe might be affected as a result of this breach.


Payment App Data Breach Exposes Millions of Indians' Data

Permalink - Posted on 2020-06-01 16:00

The breach occurred after BHIM failed to securely store vast swathes of data collected from users and businesses during a sign-up campaign.


41% of Organizations Have Not Taken Any Steps to Expand Secure Access for the Remote Workforce

Permalink - Posted on 2020-06-01 16:00

Currently, organizations are struggling to adjust to the new normal amidst the COVID-19 pandemic, a Bitglass survey reveals. 41% have not taken any steps to expand secure access for the remote workforce, and 50% are citing proper equipment as the biggest impediment to doing so. Consequently, 65% of organizations now enable personal devices to access managed applications.


Data From Joomla Resources Directory Exposed via Unprotected AWS Bucket

Permalink - Posted on 2020-06-01 16:00

An unprotected Amazon Web Services (AWS) S3 bucket exposed the details of 2,700 users who signed up for the Joomla Resources Directory (JRD), Joomla’s Incident Response Task Group reported last week.


Amtrak Discloses Security Incident Involving Guest Reward Accounts

Permalink - Posted on 2020-06-01 16:00

A data breach notice shared by Amtrak with authorities reveals that the incident was discovered on April 16. The company determined that hackers gained access to some customers’ Guest Reward accounts using compromised usernames and passwords, which likely means that the attackers relied on the fact that many users have set the same username and password combination for multiple online accounts and their credentials were stolen in a previous breach.


Haryana Govt's Data on Families Breached

Permalink - Posted on 2020-06-01 16:00

According to available information, the data gathered by the state government under these two schemes was allegedly accessed in Ukraine last week after the authorities 'experienced' a security issue linked to a breach or unauthorized access into the MMPSY/PPP portal and database. The 'compromised' data comprised vital information including names, family details, Aadhar number, bank account numbers and phone numbers of lakhs of residents of the state.


Archive with 20 Million Taiwanese' Ctizens Leaked in the Dark Web

Permalink - Posted on 2020-05-29 16:00

The database size is 3.5 GB, exposed data includes full name, full address, ID, gender, date of birth, and other info.


New Mexico County Government Falls Victim to Ransomware

Permalink - Posted on 2020-05-29 16:00

The ransomware attack against Rio Arriba County was first discovered earlier this week. The incident encrypted network servers, electronic files, and databases.


Minted Discloses Data Breach After 5 Million User Rexords Sold Online

Permalink - Posted on 2020-05-29 16:00

Minted is an online marketplace that allows independent artists to submit their art, which is then voted on by the Minted community. The winning submissions are then sold as art, home décor, and stationery to consumers.


Bigfooty.com Data Breach Exposed Private Details of 100,000 Users and 70 Million Records

Permalink - Posted on 2020-05-29 16:00

A large data leak from an AFL fan website has exposed about 70 million records online, including private conversations between users, according to cyber security researchers.


Minneapolis City Systems Brought Down by Cyber Attack During Riots

Permalink - Posted on 2020-05-29 16:00

A spokesperson for the city told The Hill that some of the city’s public websites and systems were temporarily shut down by a denial of service (DoS) attack, which involves malicious hackers flooding a server with traffic until it crashes.


Cisco Security Breach Hits Corporate Servers That Ran Unpatched Software

Permalink - Posted on 2020-05-29 16:00

Six servers Cisco uses to provide a virtual networking service were compromised by hackers who exploited critical flaws contained in unpatched versions the open source software service relies on, the company disclosed on Thursday.


Vermont Updates Its Data Breach Notification Law

Permalink - Posted on 2020-05-29 16:00

The Vermont legislature amended its data breach notification law, with significant overhauls including expansion of its definition of personal information, and the narrowing of permissible circumstances under which substitute notice may be applied.


Capital One Must Turn Over Mandiant's Forensics Report

Permalink - Posted on 2020-05-29 16:00

The report, if it becomes public, could provide further insight into what went wrong in one of the most significant breaches of a financial institution in history.


Kentucky Unemployment Website Experienced April Data Breach

Permalink - Posted on 2020-05-29 16:00

Kentucky officials reported Thursday what Gov. Andy Beshear described as a “data breach” in the state’s unemployment insurance web portal.


Ransomware Attack Targets Nipissing First Nation

Permalink - Posted on 2020-05-29 16:00

Nipissing First Nation (NFN) has confirmed it was the victim of a ransomware attack earlier this month that affected the administration’s computers and server.


Fortune 500 Company NTT Discloses Security Breach

Permalink - Posted on 2020-05-28 17:00

The company says hackers breached several layers of its IT infrastructure and reached an internal Active Directory to steal and upload data to a remote server.


Mat-Su Surgical Associates Suffers Ransomware Attack

Permalink - Posted on 2020-05-28 17:00

Palmer, AK-based Mat-Su Surgical Associates has announced it was attacked with ransomware in March. The attack was discovered on March 16 when staff were locked out of its computer systems as a result of the encryption of essential files.


Data Loss Spikes Under COVID-19 Lockdowns

Permalink - Posted on 2020-05-28 17:00

Financial services, manufacturing, healthcare, and other businesses, employees copied company data to USB drives 123% more than before the pandemic's onset, with 74% of that data marked as "classified." Data egress over email, USB, and cloud services leaped 80%, with more than 50% of that data marked as "classified." Accompanying the spike in data copying is a 62% increase in malicious activity on corporate networks and servers, with a 54% bump in incident-response investigations.


C-Suite Executives Often Pressure IT Teams to Make Security Exceptions for Them

Permalink - Posted on 2020-05-28 17:00

The C-suite is the most likely group within an organization to ask for relaxed mobile security protocols (74%) – despite also being highly targeted by malicious cyberattacks.


Michigan State University Hit by Ransomware

Permalink - Posted on 2020-05-28 16:00

The operators of the NetWalker ransomware gang have given MSU officials seven days to pay the ransom or they will leak stolen university files.


Indonesia: Hackers Breach Data of Education and Culture Ministry's 1.3 Million Civil Servants

Permalink - Posted on 2020-05-28 16:00

Among the leaked data are full names, citizenship identification numbers (NIK), Family Card numbers, home addresses, mother’s names, father’s names, marital status, birthplace and date and other personal information.


Half of Employees Admit Cutting Seucirty Corners When Working from Home

Permalink - Posted on 2020-05-28 16:00

Distractions while working from home, pressure to hit deadlines and using personal devices are all creating additional security risks for remote workers.


ASB Securities Hit with $80,000 Fine for 14-Year Privacy Breach

Permalink - Posted on 2020-05-27 17:00

The New Zealand Markets Disciplinary Tribunal censured the online share trading platform after 576 of its trading accounts were made vulnerable to unauthorised use over a 14-year period.


26 Million LiveJournal Credentials Leaked Online, Sold on Dark Web

Permalink - Posted on 2020-05-27 17:00

Blogging platform LiveJournal appears to have suffered a security breach in 2014, according to multiple hackers who are now selling and freely trading the company's user database on the dark web and on hacking forums.


Privacy Flaws in Security and Doorbell Cameras Discovered by Florida Tech Student

Permalink - Posted on 2020-05-27 17:00

Ring, Nest, SimpliSafe and eight other manufacturers of internet-connected doorbell and security cameras have been alerted to "systemic design flaws" discovered by Florida Tech computer science student Blake Janes that allows a shared account that appears to have been removed to actually remain in place with continued access to the video feed.


Arbonne MLM Data Breach Exposes User Passwords, Personal Info.

Permalink - Posted on 2020-05-27 17:00

Arbonne is a privately held California-based company acquired by Groupe Rocher in 2018, with annual revenues of over $500 million and a network of more than 200,000 independent consultants from the United States, the United Kingdom, Canada, Australia, Poland, and New Zealand.


23% of Leading Banks Had an Exposed Database with Potential Data Leakage

Permalink - Posted on 2020-05-27 17:00

The myriad of exposures such as RDP, unsecured FTP and misconfigured development tools can be leveraged by attackers to gain unauthorized access to banks’ internal networks and result in data breach attacks. The exposed databases which were discovered place customer and other sensitive data at direct and imminent risk of exposure.


Washington D.C. Significantly Overhauls Its Data Breach Notification Law

Permalink - Posted on 2020-05-27 17:00

In the midst of COVID-19 challenges, privacy and security matters continue to be at the forefront for federal and state legislature. In late March, the Washington D.C. (“D.C.”) legislature amended its data breach notification law, with significant overhauls including expansion of its definition of personal information, updates to notification requirements and new credit monitoring obligations. The Security Breach Protection Amendment Act of 2019, b23-0215, passed the 12-member D.C. Council unanimously and was signed by D.C. Mayor Muriel Bowser on March 26. The new law became effective on May 19, 2020.


Nearly One Fifth of Law Firms Show Signs of Compromise

Permalink - Posted on 2020-05-27 16:00

Cybersecurity experts are calling for the legal sector to be defined as critical to securing national infrastructure, after revealing that 100% of law firms were targeted by attackers in the first quarter of 2020.


8.3 Billion Records of Thai Citizens Revealed to Public Access Negligence

Permalink - Posted on 2020-05-26 17:00

The breach was uncovered on May 7 by security researcher Justin Paine, who discovered an open ElasticSearch database online which appeared to be controlled by AWN, a subsidiary of Thailand’s largest GSM mobile phone operator, Advanced Info Service (AIS). The database contained DNS queries and Netflow data, using which it would be all too easy to map a user’s internet activity.


States Plead for Cyber Security Funds as Hacking Threat Surges

Permalink - Posted on 2020-05-26 17:00

Cash-short state and local governments are pleading with Congress to send them funds to shore up their cybersecurity as hackers look to exploit the crisis by targeting overwhelmed government offices. Members of Congress have taken notice of cyber threats at the state and local level, both before and during the pandemic, and efforts are underway to address the challenges, though how much will be provided is uncertain amid a fight over the amount of additional coronavirus stimulus.


Cyber Criminal Put Truecaller Records of 47.5 Million Indians for Sale on Dark Web

Permalink - Posted on 2020-05-26 17:00

Last week, Cyble spotted personal data of 2.9 crore Indians being sold on the dark web which was sourced from job websites.


Data on 29 Million Indian Jobseekers Leaked

Permalink - Posted on 2020-05-26 17:00

Cybersecurity firm Cyble, which discovered the trove on an unnamed hacking forum, has in turn added the compromised information to its breach notification site AmIBreached. It claimed to have found the posting during a regular sweep of the dark and deep web. The 2.3GB file includes email, phone, home address, qualification, work experience, current salary, employer and other details on job-hunters from all over India.


FTC Settles With Canadian Smart Lock Maker Over Security Practices

Permalink - Posted on 2020-05-26 17:00

The Federal Trade Commission (FTC) has approved a settlement with Canadian smart lock maker Tapplock, which allegedly falsely claimed that its devices were designed to be “unbreakable.”


Class-Action Lawsuit Filed Against State Contractor Over Ohio Dept. of Job and Family Services Data Leak

Permalink - Posted on 2020-05-26 17:00

A class-action lawsuit has been filed in the Cuyahoga County Court of Common Pleas, alleging Deloitte—the contractor the Ohio Department of Job and Family Services (ODJFS) hired to create and manage the new Pandemic Unemployment Assistance system—acted “negligently and recklessly,” leading to last week’s data leak.


Lawsuit Filed Against WSU Over Hack of Decades-Old Student Data

Permalink - Posted on 2020-05-26 17:00

Lawsuit accuses the university of negligence in keeping and storing sensitive data, waiting too long to alert potential victims about the hack, and “knowingly and deliberately” enriching itself by not paying for security measures that would have guarded against the breach.


EasyJet Faces £18 Billion Class-Action Lawsuit Over Data Breach

Permalink - Posted on 2020-05-26 17:00

The lawsuit has been filed in the High Court of London on behalf of customers. According to the firm, easyJet's data breach took place in January 2020, and while the ICO was apparently notified at this time, customers were not informed until four months later.


Turla Hacker Group Steals Anti-Virus Logs to See If Its Malware Was Detected

Permalink - Posted on 2020-05-26 17:00

Turla, one of Russia's most advanced hacker groups, has created malware that gets its orders from email attachments sent to an arbitrary Gmail inbox.


Indonesia Probes Breach of Data on Millions of Voters

Permalink - Posted on 2020-05-22 15:00

Indonesia's election commission is investigating the release of 2.3 million voters' private information on a hacker website along with a threat to release of the data of about 200 million people, the agency said on Friday (May 22).


Milan Hospital Fell Victim to an Embarrassing Data-Stealing Cyber Attack

Permalink - Posted on 2020-05-22 15:00

The “San Raffaele” hospital in Milan, Italy, has suffered a catastrophic cyberattack that also involved the stealing of sensitive data belonging to patients, doctors, nurses, and various employees working there. The data breach went unnoticed for two days now. However, the Twitter user “LulzSecITA” disclosed the event on the social media platform, asking the hospital’s management if they had already informed the Italian data protection officer as they should. However, the hospital failed to respond to these tweets, forcing the anonymous activist to publish screenshots of the stolen data, and then the local media noticed.


25 Million User Records Leak Online from Popular Math App Mathway

Permalink - Posted on 2020-05-22 15:00

The Mathway user data has been previously on sale on the dark web, hacker forums, and Telegram channels for the past two weeks.


Ransomware Deploys Virtual Machines to Hide Itself from Anti-Virus Software

Permalink - Posted on 2020-05-22 15:00

The operators of the RagnarLocker ransomware are running Oracle VirtualBox to hide their presence on infected computers inside a Windows XP virtual machine.


Hacker Used £270 of TV Equipment to Eavesdrop on Sensitive Satellite Communications

Permalink - Posted on 2020-05-22 15:00

The news comes as the number of satellites in orbit is expected to increase from approximately 2,000 today to more than 15,000 by 2030. (Elon Musk’s SpaceX alone has permission to launch 12,000 satellites.)


Santander, One of the Biggest European Banks, Was Leaking Sensitive Data on Their Website

Permalink - Posted on 2020-05-22 15:00

New research recently discovered a security issue with Santander, the 5th largest bank in Europe and the 16th largest in the world. This Spanish multinational bank controls approximately $1.4 trillion in total assets globally, and has a $69.9 billion total market capitalization on the Euro Stoxx 50 stock market index.


Bank of America: COVID-19 Loan Data May Have Leaked

Permalink - Posted on 2020-05-22 15:00

Bank of America disclosed this week that some customers' data may have been exposed during the uploading of loan applications related to the Paycheck Protection Program - a U.S. government initiative created to provide business loans during the COVID-19 pandemic.


Hacker Leaks 40 Million User Records from Popular Wishbone App

Permalink - Posted on 2020-05-21 16:00

Twelve hours after this article went live, the Wishbone user database has leaked in full, being offered as a free download on one of the hacking forums it was being sold on.


Ohioans' and Coloradans' Personal Info. Exposed in Pandemic Unemployment Data Breaches

Permalink - Posted on 2020-05-21 16:00

Two more states have reported breaches or issues with state portals to apply for pandemic-related unemployment benefits.


Hackers Start Leaking Files Stolen from Shipping Giant Toll

Permalink - Posted on 2020-05-21 16:00

Hackers claim to have obtained more than 200 GB of archived data from Australian transportation and logistics giant Toll, and they have already started leaking it after the company refused to pay a ransom.


Israeli Websites Targeted in Major Cyber Attack

Permalink - Posted on 2020-05-21 16:00

Many Israeli websites were hit by a coordinated cyber attack Thursday, with the home pages replaced by images of the country's commercial capital Tel Aviv in flames.


Meal Kit Service Home Chef Confirms Data Breach

Permalink - Posted on 2020-05-21 16:00

According to the company, the hackers accessed user data such as email addresses, names, phone numbers, hashed passwords, and the last four digits of credit card numbers.


Web Application Attacks Double as Threat Actors Target Cloud Data

Permalink - Posted on 2020-05-21 16:00

The 2020 Verizon Data Breach Investigations Report shows malware attacks are falling as threat actors target data in the cloud. This is the 13th year that the report has been produced, which this year contains an analysis of 32,002 security incidents and 3,950 confirmed data breaches from 81 global contributors in 81 countries.


Cyber Security Makes World Economic Forum's Top 10 Covid-19 Global Fallout List

Permalink - Posted on 2020-05-21 16:00

The World Economic Forum mainly concerns itself with high-level macroeconomic issues such as global recessions and world economic development. That’s why it was significant this week when the WEF cited cybersecurity as one of its “Top 10 Fallout” issues from COVID-19 in its Global Risks report. Nearly 38 percent of those surveyed say changing work patterns will lead to increases in cybersecurity and fraud incidents.


Only 36% of Critical Infrastructures Have a High Level of Cyber Resilience

Permalink - Posted on 2020-05-21 16:00

The research investigated the cyber resilience of organizations operating in the energy, finance, health, telecommunications, transport and water industries, located in the world’s five largest economies: UK, US, Germany, France and Japan. Of the 370 companies surveyed, only 36 percent had achieved a high level of cyber resilience.


Offers to Sell Enterprise Network Access Surge on Dark Web

Permalink - Posted on 2020-05-20 16:00

The first quarter of 2020 saw a dramatic rise in Dark Web offers to sell access to enterprise networks, with the number of posts advertising access up 69% compared with the fourth quarter of 2019.


"Flight Risk" Employees Involved in 60% of Insider Cyber Security Incidents

Permalink - Posted on 2020-05-20 16:00

According to the Securonix 2020 Insider Threat Report, published on Wednesday, "flight risk" employees, generally deemed to be individuals on the verge of resigning or otherwise leaving a job, often change their behavioral patterns from two months to two weeks before conducting an insider attack.


Netfilm Ransomware Operators Leak Massive Data from a Global Logistic Group

Permalink - Posted on 2020-05-20 16:00

The Netflim ransomware operators have leaked the first installment of data from a massive 200 GB worth data of the global logistics company Toll Group. The operators have hacked the Toll network via its ransomware at the beginning of this month and breached a massive volume of data before encrypting the Toll network. The ransomware operators have leaked the data consolidated in compressed files along with a note.


Tusla Fned €75,000 for Three GDPR Violations

Permalink - Posted on 2020-05-20 16:00

It was found to have disclosed the personal information of children to unauthorised parties on three occasions.


Canada Fines Facebook Over Misleading Privacy Claims

Permalink - Posted on 2020-05-20 16:00

Facebook has agreed to pay a Can$9 million (US$6.5 million) fine for making false or misleading claims about its privacy settings, Canada's competition watchdog announced Tuesday.


Web App Attacks and Security Errors Surge

Permalink - Posted on 2020-05-20 16:00

Verizon analyzed 32,002 security incidents and 3,950 data breaches to sniff out the top causes of data breaches over the past year. While cyber-espionage attacks and malware decreased, other trends, such as security “errors” (cloud misconfigurations, etc.), denial-of-service (DoS) campaigns and web application attacks saw startling growth.


African Fraud Gang Files for Millions in COVID19 Payments

Permalink - Posted on 2020-05-20 16:00

A notorious West African BEC gang may have made millions defrauding the US government out of COVID-19 business compensation payments, according to Agari.


Brazil's Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

Permalink - Posted on 2020-05-20 16:00

Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication.


Japan Defense Ministry Investigating Hack of Missile System

Permalink - Posted on 2020-05-20 16:00

Japan’s defence ministry is investigating a possible leak of details of a new state-of-the-art missile in a large-scale cyber attack on Mitsubishi Electric Corp, the Asahi Shimbun newspaper reported on Wednesday.


SMBs See Cyber Attacks That Rhyme with Large Enterprises Due to Cloud Shift

Permalink - Posted on 2020-05-19 16:00

Small businesses are increasingly seeing the same cyberattacks and techniques as large enterprises in contrast with previous years, according to the 2020 Verizon Data Breach Investigations Report.


DevSecOps Report: Cloud IT Complexity Creates Immutable Security Issues

Permalink - Posted on 2020-05-19 16:00

A report on DevOps security has found that only 4% of issues found in production are dealt with because of the increased complexity of cloud based IT systems is creating new security gaps.The report found that the cloud-based IT stack has become very complex with the addition of technologies such as containers. Each additional layer of the IT stack adds new risks.


Legal Action Taken Against Lurie Children's Hospital of Chicago Over Two Recent Data Breaches

Permalink - Posted on 2020-05-19 16:00

The lawsuit seeks damages for all patients affected by the breach, the provision of ongoing credit monitoring services for breach victims and calls for measures to be implemented to prevent further privacy breaches in the future.


Over 190 Law Firms Affected by Advanced Data Leak That Exposed Over 10,000 Legal Documents

Permalink - Posted on 2020-05-19 16:00

A leading UK software company exposed personal information belonging to over 190 law firms through an unsecured online database. TurgenSec security firm discovered the breach but could not immediately identify the owner of the online database and therefore contacted the National Cyber Security Centre (NCSC). Following the Responsible Disclosure Policy, the firm contacted the affected law firms who confirmed the data leak came from legal documents hosted by Laserform Hub owned by Advanced Computer Software Group Limited. The database was accessible online to anybody with a browser and internet connection. Advanced claimed the details exposed were largely of public records and resorted not to report the leak.


Covve Revealed as Source of Data Breach Impacting 23 Million Individuals

Permalink - Posted on 2020-05-19 16:00

The compromised data, which was “left exposed on a major cloud provider via a publicly accessible Elasticsearch instance”, included names and job titles, email addresses, phone numbers, and physical addresses.


Verizon DBIR: Breaches Doubled in 2019

Permalink - Posted on 2020-05-19 16:00

The 2020 Verizon DBIR, released Tuesday, analyzed a record total of 157,525 incidents in 2019, of which 3,950 were confirmed data breaches. Now in its 13th year, the report included substantially more industry breakouts for a total of 16 verticals -- the most to date, according to Suzanne Widup, principal consultant for Verizon's RISK team and DBIR contributor.


EasyJet Hack Hits 9 Million Customers

Permalink - Posted on 2020-05-19 16:00

Outside of the customers who have had their credit card details exposed, the risk for most of the 9 million customers affected will be phishing attempts. Criminals will know if an individual has been an EasyJet customer, and could imitate the company’s emails as part of a scam. The company said it is advising customers to be cautious about any unsolicited emails claiming to be from EasyJet or EasyJet Holidays.


Developer in Cyprus Claims Breach of Contacts App

Permalink - Posted on 2020-05-19 16:00

A Cyprus-based app developer acknowledges that it owns a large batch of data that apparently was left exposed on an open Elasticsearch database. A portion of the data was posted on a forum for trading data leaks.


E.U. Parliament Data Breach Confirmed

Permalink - Posted on 2020-05-19 16:00

Data breaches in the European Union are subject to a law named the General Data Protection Regulation (GDPR). While usually, you have firms that would comply with them seeing the power of the regulatory authorities and hefty fines, what happens when those that are the lawmakers get caught under the grasp of the act in itself?


Data Breach in State's New PUA Unemployment System Exposes Some Claimants' Personal Info.

Permalink - Posted on 2020-05-18 16:00

The Illinois Department of Employment Security confirmed one person who has filed claim for benefits through the Pandemic Unemployment Assistance program was able to access personal information for other claimants.


Likely Breach Shuts Down Arkansas Unemployment Program

Permalink - Posted on 2020-05-18 16:00

A state program that was created to process unemployment applications in Arkansas for self-employed individuals or gig economy workers appears to have been illegally accessed and has been shut down.


Transportation Agency Hacked in 2nd Texas Government Attack

Permalink - Posted on 2020-05-18 16:00

The hack comes days after another ransomware attack took down the websites and case management systems of Texas’ appellate and high courts. The courts and transportation agency both said they are working with the FBI to investigate.


Capital One Judge Skeptical That Breach Report Is Privileged

Permalink - Posted on 2020-05-18 16:00

A Virginia federal magistrate judge tackling discovery issues in the sprawling litigation over Capital One’s massive 2019 data breach appeared unconvinced during a hearing Friday morning that consumers suing the bank are barred from seeing a cybersecurity firm’s report on the event. Consumers within the multidistrict litigation are pushing to get hold of an incident report compiled in the wake of the event by prominent cybersecurity consultant Mandiant.


Cyber Insurers Increase Scrutiny Amid Pandemic

Permalink - Posted on 2020-05-18 16:00

Heightened cybersecurity risks triggered by the outbreak of COVID-19 are causing insurers to grill policyholders more closely. Insurers have increased their scrutiny of policyholders' security arrangements as the rise in remote working drives up risk.


Businesses Vulnerable to Emerging Risks Have a Gap in Their Insurance Coverage

Permalink - Posted on 2020-05-15 16:00

The majority of business decision makers are insured against traditional cyber risks, such as breaches of personal information, but most were vulnerable to emerging risks, such as malware and ransomware, revealing a potential insurance coverage gap, according to the Hanover Insurance Group.


Bernards Township Victim of Ransomware Attack

Permalink - Posted on 2020-05-15 16:00

Certain systems, including the township website which was knocked out Monday night, were still "disrupted" as of Thursday afternoon, May 14. The matters is under investigation.


Australia's BlueScope Steel says Cyber "Incident" Has Disrupted Ooperations

Permalink - Posted on 2020-05-15 16:00

The Melbourne-based steelmaker said manufacturing and sales operations in Australia were impacted and some of its processes had to be paused. It said there were also minor disruptions in Asia, New Zealand and at its U.S.-based North Star plant.


Management and Network Services Notifies 30,132 Patients About PHI Breach

Permalink - Posted on 2020-05-15 16:00

Management and Network Services (MNS), LLC, a Dublin, OH-based provider of administrative support services to post-acute healthcare providers, has discovered the email accounts of some of its employees have been compromised.


'Ramsay' Espionage Framework Can Exfiltrate Data from Air-Gapped Networks

Permalink - Posted on 2020-05-15 16:00

Dubbed Ramsay, the framework appears to be in the development stage, with its operators still working on refining delivery vectors. Visibility of victims is low, either because the framework hasn’t enjoyed wide usage, or because of the targeting of air‑gapped networks.


Indiana Court of Appeals Reinstates Patient's Lawsuit Against a Parkview Health System Inc. for Breach

Permalink - Posted on 2020-05-15 16:00

A divided Indiana Court of Appeals has reinstated a patient’s claim that a hospital is vicariously liable for the actions of a medical assistant who accessed her medical records and then shared details with her husband after she noticed that the patient had “liked” a photo of her husband on Facebook.


Hackers Target the Air-Gapped Networks of the Taiwanese and Philippine Military

Permalink - Posted on 2020-05-15 16:00

Attacks involved the use of USBferry, a malware strain that contains a feature allowing it to self-replicate to removable USB devices, such as thumb drives and portable storage systems.


U.K. Electricity Middleman Hit by Cyber Attack

Permalink - Posted on 2020-05-15 16:00

Elexon said the incident only impacted its internal IT network, employee laptops, and company email server.


TikTok Violated Children's Privacy Law, FTC Complaint Says

Permalink - Posted on 2020-05-15 16:00

The popular video sharing app TikTok has landed in hot water again over privacy issues. On Thursday, a group of privacy advocates filed a complaint with the Federal Trade Commission (FTC) alleging the platform failed to adequately protect children’s privacy.


COVID-19 Blamed for 238% Surge in Cyber Attacks Against Banks

Permalink - Posted on 2020-05-14 15:00

The cybersecurity firm's research, which includes input from 25 CIOS at major financial institutions, adds that 80% of firms surveyed have experienced more cyberattacks over the past 12 months, an increase of 13% year-over-year.


Zerodium Stops Accepting Apple Flaws Since Too Many Are Being Submitted

Permalink - Posted on 2020-05-14 15:00

A company that pays hackers to submit serious security vulnerabilities says it’s made aware of so many flaws in various Apple operating systems that it will temporarily stop acquiring new attack techniques.


Ohio Has Stopped Kicking Workers Off Unemployment After a Hacker Targeted Its Website

Permalink - Posted on 2020-05-14 15:00

he state is reconsidering its policy after a hacker released a script that automatically submits junk data to its 'COVID-19 fraud' website, which allows employers to report workers who refuse to work during the pandemic.


Norway Government Investment Fund Conned Out of $10m in Cyber Attack

Permalink - Posted on 2020-05-14 15:00

Norfund – which is the Norwegian government's funding vehicle for developing countries – said a hacker was able to manipulate the organization into routing a loan intended for a Cambodian microfinance organization into an account controlled by the crooks. As a result, in March, 100m Kroner was lost.


Citizen Data Compromised as Service NSW Falls Victim to Phishing Attack

Permalink - Posted on 2020-05-14 15:00

The breach was first thought to have only affected individuals who visited a Service NSW shop front or called the state government service and that those transacting via the app or website channels were not compromised. But in a statement Thursday afternoon, Service NSW revealed the breach, which occurred on 22 April 2020, had seen customer information held in emails accessed.


Access to U.K. Supercomputer Suspended Following Cyber Attack

Permalink - Posted on 2020-05-14 15:00

Hosted by the University of Edinburgh and packing 118,080 processing cores running on a Cray XC30, the ARCHER (Advanced Research Computing High End Resource) supercomputer is the primary academic research supercomputer in the UK. The ARCHER Service was started in November 2013.


Identity Breaches at 79% of Organizations

Permalink - Posted on 2020-05-14 15:00

The worrisome finding emerged from a study titled “Identity Security: A Work in Progress,” which is based on an online survey of 502 IT security and identity decision makers conducted in April. The study was carried out to identify trends in identity-related security and to deduce how forward-thinking companies are trying to reduce the risk of a breach.


Remote Workers Often Not Provided Secure Tools

Permalink - Posted on 2020-05-14 15:00

The research, conducted by Cato Networks, found 68% of respondents said their organizations fail to deploy enough prevention or authentication technologies for remote users. In particular, 37% do not use multi-factor authentication (MFA) for remote users, while 55% of respondents fail to employ intrusion prevention software, or anti-malware technology, while 11% fail to inspect traffic altogether.


Latest N.S. Privacy Breach Reveals Names, Medical Conditions, Sexual Abuse Details

Permalink - Posted on 2020-05-13 16:00

The Nova Scotia government is saying very little about another privacy breach, this one involving an unknown number of Workers' Compensation Board appeal decisions that include the names of workers and some intimate personal information about them. The government removed the documents after being informed by CBC that the decisions were unredacted and contained workers' names and their personal information, as well as the names of their employers.


Education Technology Company Chegg Hit with 15,000 Data Breach Claims

Permalink - Posted on 2020-05-13 16:00

The arbitration demands follow an April 27 ruling from U.S. District Judge Richard Bennett of Baltimore that customers must arbitrate their claims against Chegg instead of suing in a class action. Chegg’s lawyers at Orrick Herrington & Sutcliffe did not respond to a request for comment on the 15,107 arbitration demands, which were filed by Z Law.


Diabetes Device Supplier Faces Refined Claims in Breach Suit

Permalink - Posted on 2020-05-13 16:00

A diabetes device supplier hit by a data breach in mid-2019 is facing refined fraud claims in a potential class action in California after a court took issue with the basis of some original claims.


The Palm Beach County School District Suffers Massive Breach After Second Grader Hacks Systems

Permalink - Posted on 2020-05-13 16:00

You are reading that correctly, the second grader’s — hacking resulted in an emergency login change for “live” morning meetings in several elementary schools last week. It did not result — yet — in a district-wide reassignment of student passwords for the School District’s “Portal” which provides access to Google Classroom.


Magellan Health Suffers Ransomware Attack

Permalink - Posted on 2020-05-13 16:00

The ransomware attack was detected by Magellan Health on April 11, 2020 when files were encrypted on its systems. The investigation into the attack revealed the attacker had gained access to its systems following a response to a spear phishing email sent on April 6. The attacker had fooled the employee by impersonating a client of Magellan Health.


Hackers Target WA's Major Daily Newspaper, Putting Data of Subscribers at Risk

Permalink - Posted on 2020-05-13 16:00

The hack occurred on March 23 but it wasn't brought to the attention of the masthead until April 21, when an investigation was launched. The hackers impersonated the administrator of the mailbox, sent out phishing emails to several people and accessed historic conversations.


9,100 Coronavirus-Themed Cyber Attacks Witnessed in India Between Feb 2 and May 2

Permalink - Posted on 2020-05-13 16:00

19 million such attacks were noted in Asia overall.


E-commerce Platform Bhinneka.com Reported to Be Latest Target of Data Theft

Permalink - Posted on 2020-05-13 16:00

he data of up to 1.2 million Bhinneka.com users is reportedly being sold on the dark web for US$1,200 by a hacker group called ShinyHunters. The group is believed to be the same cybercrime organization responsible for the reported Tokopedia and Bukalapak data breaches.


Outsourcing Giant Interserve Targeted by Cyber Security Attack

Permalink - Posted on 2020-05-13 16:00

A construction and support services group has fallen victim to a cyber security attack. Outsourcing giant Interserve, which recently supported the NHS in building Birmingham’s Nightingale Hospital, said “some” of its services may be affected.


Coronavirus-Related Cyber Attacks Surge to 192,000 in One Week

Permalink - Posted on 2020-05-12 16:00

Over the past three weeks, Check Point found 192,000 coronavirus-related cyberattacks per week, a 30% surge compared with the previous weeks. These cyberattacks encompass malicious websites with the word "corona" or "covid" in the domain name, files with "corona" in their name, and files attached to coronavirus-related phishing emails.


Paying the Ransom Doubles Cost of Recovering from a Ransomware Attack

Permalink - Posted on 2020-05-12 16:00

Sophos, a global leader in next-generation cybersecurity, today announced the findings of its global survey, The State of Ransomware 2020, which reveals that paying cybercriminals to restore data encrypted during a ransomware attack is not an easy and inexpensive path to recovery. In fact, the total cost of recovery almost doubles when organizations pay a ransom. The survey polled 5,000 IT decision makers in organizations in 26 countries across six continents, including Europe, the Americas, Asia-Pacific and central Asia, the Middle East, and Africa.


Ransomware Forces Shutdown of Texas Judiciary Network

Permalink - Posted on 2020-05-12 16:00

Texas revealed on Monday that a ransomware attack has forced the shutdown of its judicial branch network, including websites and servers.


Zoom Reaches Settlement with NY Attorney General Over Privacy and Security Issues

Permalink - Posted on 2020-05-12 16:00

Zoom reached an agreement with the New York Attorney General’s office and has committed to implementing better privacy and security controls for its teleconferencing platform. New York Attorney General Letitia James launched an investigation into Zoom after researchers uncovered a number of privacy and security issues with the platform earlier this year.


Law Firm to the Stars Confirms Ransomware Attack

Permalink - Posted on 2020-05-12 16:00

The website for Grubman Shire Meiselas & Sacks is currently down while digital forensic experts work to recover the firm's encrypted files.


Toll Attacker Made Off with Past and Present Employee Data and Commercial Agreements

Permalink - Posted on 2020-05-12 16:00

Toll said some of the accessed data was exfiltrated and that it is currently determining which data that was. The company said it has not paid the ransom and shut down its IT systems to prevent further infection.


Three Years After WannaCry, Ransomware Accelerating While Patching Still Problematic

Permalink - Posted on 2020-05-12 16:00

If there is a lesson from the WannaCry incident, it's this: Companies that use outdated systems and do not rigorously patch those systems are at risk, not just for data breaches — which firms have historically shrugged off — but for attacks by operations-disrupting ransomware. Unfortunately, many companies continue to ignore those lessons and are still using out-of-date software that is vulnerable to destructive attacks.


Only 19% of Lockdown "Work from Homers" Update Anti-Virus Solution

Permalink - Posted on 2020-05-11 16:00

Only 19% of employees working from home as a result of COVID-19 lockdown measures have checked if their anti-virus solution is up to date, according to new research shared today by Avast Business.


ATM Maker Diebold Nixdorf Hit by Ransomware

Permalink - Posted on 2020-05-11 16:00

Canton, Ohio-based Diebold is currently the largest ATM provider in the United States, with an estimated 35 percent of the cash machine market worldwide. The 35,000-employee company also produces point-of-sale systems and software used by many retailers.


Texas Says Court System Was Subject to Ransomware Attack

Permalink - Posted on 2020-05-11 16:00

The state said the attack was discovered Friday and that it’s not going to paying ransom.


Citizen Lab Says Non-China Registered Accounts Used to Beef Up WeChat Censorship

Permalink - Posted on 2020-05-11 16:00

The research group has found non-China registered accounts are subject to the same content surveillance as China-registered accounts and are used to build up the database WeChat for censorship.


73% of Workers Have Received No Cyber Security Guidance

Permalink - Posted on 2020-05-11 16:00

Millions of people across the world were forced to begin working from home in early March as countries put quarantine measures in place. Yet in the report, 73% of the 6,000 employees who spoke with Kaspersky researchers said they have "have not yet received any specific cybersecurity awareness guidance or training from their employer."


DigitalOcean Inadvertently Exposed Customer Data

Permalink - Posted on 2020-05-11 16:00

Cloud infrastructure provider DigitalOcean is informing customers that it inadvertently exposed some of their data to the Internet.


Attacks on Cloud Storage Double While Phishing Website Blockages Soar by 230%

Permalink - Posted on 2020-05-11 16:00

The top three of web phishers’ targets were online services (namely client software, online streaming services, e-commerce, delivery services and etc.) (29.3 percent), cloud storages (25.4 percent), and financial organisations (17.6 percent).


Pitney Bowes Hit by Maze Ransomware

Permalink - Posted on 2020-05-11 16:00

Global technology provider Pitney Bowes has been hit by the Maze ransomware and the attackers have released a number of screenshots of the company's systems to prove their claims. Maze only attacks Windows systems.


India: Hacking Attacks on Educational Portal Tripled in Q1 Amid Online Learning

Permalink - Posted on 2020-05-11 16:00

The overall number of Distributed Denial of Service (DDoS) attacks during the first three months of this year have seen a significant spike in attacks on educational websites as millions joined online classes during the pandemic, a new report claimed on Saturday.


Worldwide Malware Infections Rise to 404 Million with Daily 10 Million Infections in April 2020

Permalink - Posted on 2020-05-11 16:00

According to Atlas VPN, in the past 30 days, about 404 million malware worldwide infections have been identified. This suggests cybercriminals carried out at least 10 million infections per day. Surprisingly, over 64% of the attacks were targeted against educational institutions.


Swiss Rail Vehicle Manufacturer Stadler Hit by a Malware-Based Attack

Permalink - Posted on 2020-05-11 16:00

International rail vehicle manufacturer, Stadler, disclosed a security breach that might have also allowed the attackers to steal company data. Attackers confirmed that attackers compromised the IT network of the company and deployed some of its machines with malware that was used to exfiltrate data from the infected devices.


ChatBooks Discloses Data Breach After Data Sold on Dark Web

Permalink - Posted on 2020-05-11 16:00

ChatBooks photo print service has informed its customers that user information was stolen from their systems following a cyber attack. Data consisting of 15 million user records is now being offered for sale on the dark web.


Email Breach Impacts 35,529 Patients of Saint Francis Healthcare Partners

Permalink - Posted on 2020-05-08 16:00

The attack occurred on December 30, 2019 but it took until March 20, 2020 for the forensic investigation to determine that patients’ protected health information was potentially compromised. The types of information stored in the email system that could have been accessed included names, medical histories, medical record numbers, clinical and treatment information, dates of service, diagnoses, health insurance provider names, account numbers, prescription information and/or types of procedures performed. No financial information or Social Security numbers were compromised.


Zoom Agrees to Step Up Security After New York Probe

Permalink - Posted on 2020-05-08 16:00

The agreement wraps an investigation launched in March by New York Attorney General Letitia James into vulnerabilities in the California-based company's software.


Cognizant Expects to Lose Between $50m and $70m Following Ransomware Attack

Permalink - Posted on 2020-05-08 16:00

IT services provider Cognizant said in an earnings call this week that a ransomware incident that took place last month in April 2020 will negatively impact its Q2 revenue.


Celebrity Data Stolen in Ransomware Attack on NYC Law Firm

Permalink - Posted on 2020-05-08 16:00

Perpetrators of the attack are threatening to expose nearly 1TB of celebrities' private data unless Grubman Shire Meiselas & Sacks pays a ransom in Bitcoin.


Dating App MobiFriends Silent on Security Breach Impacting 3.6 Million Users

Permalink - Posted on 2020-05-08 16:00

Details about how the MobiFriends hack and how the app's user data was obtained are currently unknown. It is unclear if the data was obtained after the hacker exploited a vulnerability in a server or API, or if MobiFriends left a database exposed online without a password.


Nearly 1 Million WordPress Sites Targeted via Old Vulnerabilities

Permalink - Posted on 2020-05-08 16:00

The attacks were initially discovered on April 28, but showed a massive spike on May 3, when more than half a million websites were hit. Likely the work of a single threat actor, the campaign is aimed at injecting the target websites with malicious JavaScript designed to redirect visitors to malvertising sites.


Tech by VICE Hackers Turned Virginia Government Websites into Elaborate eBooks Scam Pages

Permalink - Posted on 2020-05-08 16:00

The two subdomains, vwn.virginia.gov and crc.virginia.gov had the same content, a list of eBook titles and genres, which redirect to a messy page filled with links to download PDFs. After we contacted the state of Virginia for this article, it took down the pages entirely. It’s unclear what hackers are doing with these domains, but it’s possible that these pages just have placeholder content while they’re used to host malicious content on the server. A security researcher who reviewed the pages said that perhaps the hackers were running some sort of SEO-scam scheme.


Ruhr University Bochum Shuts Down Main Servers After Cyber Attack

Permalink - Posted on 2020-05-08 16:00

The Ruhr University Bochum (RUB), Ruhr-Universität Bochum in German, announced today that it was forced to shut down large parts of its central IT infrastructure, also including the backup systems, due to a cyberattack that took place overnight, between May 6 and May 7.


Jump in Vulnerable RDP Ports Is Leaving Networks Open to Hacking and Cyber Attacks

Permalink - Posted on 2020-05-07 17:00

According to analysis by cybersecurity researchers at McAfee, there's been a spike in RDP ports facing the open internet, growing from around three million in January to more than four and a half million in March.


Search Company Algolia Hacked via Recent Salt Vulnerabilities

Permalink - Posted on 2020-05-07 17:00

A couple of Salt vulnerabilities addressed last week were abused over the weekend to hack Algolia’s infrastructure, the search-as-a-service startup revealed.


A Fifth of U.K. Consumers Hit by Fraud Over Past Year

Permalink - Posted on 2020-05-07 17:00

The card issuing platform polled over 4000 US and UK consumers to compile its 2020 Fraud Report. Over half (52%) of UK respondents admitted they could be better at protecting personal financial information, and just 34% check online to see if their card details have been exposed following a major data breach, versus 60% in the US.


Remote Workers Failing on Password Security During #COVID19 Crisis

Permalink - Posted on 2020-05-07 17:00

Gobal OneLogin study of 5000 remote employees from Germany, France, the UK, Ireland and the US found that nearly a fifth (17%) share their work device password with a spouse or child. Over a third (36%) admitted not having changed their home Wi-Fi password in over a year.


StorEnvy Database Has Been Dumped on a Hacker Forum for Free Download

Permalink - Posted on 2020-05-07 16:00

The popular e-commerce website StorEnvy known for its online store building and social marketplace has been hacked. As a result, personal details of over 1.5 million customers and merchants have been leaked online on a hacker forum for free download, Hackread.com has learned.


GitHub Account Allegedly Hacked; 500 GB Stolen

Permalink - Posted on 2020-05-07 16:00

A hacker claims that they have stolen 500 GB of data from GitHub, a subsidiary of Microsoft. The hacker goes by the name of Shiny Hunters, who claims to have full access to the private repositories.


Hacker Sells 22 Million Unacademy User Records After Data Breach

Permalink - Posted on 2020-05-07 16:00

Unacademy is one of India's largest online learning platforms boasting 14K teachers, over a million video lessons, and over 20 million registered users (learners).


Half of Companies Have Suffered a Cyber Security Issue Amid COVID-19 Crisis

Permalink - Posted on 2020-05-07 16:00

The study, conducted by Barracuda, found that the increase in perceived risk has not been accompanied by an increase in security spending. Some 40% of companies surveyed said that their response to COVID-19 has included cutting their cybersecurity budget and 50% said that they would consider cutting staff if cybersecurity could be maintained.


Global Firms Cut IT Security Budgets Due to #COVID19

Permalink - Posted on 2020-05-06 15:00

The survey of over 1000 business decision-makers illustrates the potentially serious impact the pandemic could have on organizations’ ability to combat threats, as hackers ramp up attacks on remote workers and infrastructure. Around half (51%) of those surveyed said they’ve seen an increase in email phishing attacks since moving to a remote working model, and around the same number (49%) expect to see a data breach or security incident in the next month.


Ransomware Attack on Europe's Largest Private Hospital Operator

Permalink - Posted on 2020-05-06 15:00

Based in Germany, the Fresenius Group includes four independent businesses: Fresenius Medical Care, a leading provider of care to those suffering from kidney failure; Fresenius Helios, Europe’s largest private hospital operator (according to the company’s Web site); Fresenius Kabi, which supplies pharmaceutical drugs and medical devices; and Fresenius Vamed, which manages healthcare facilities.


Attackers Claim Identity of Financial NGO to Steal Sharepoint, Office Credentials

Permalink - Posted on 2020-05-06 15:00

A new phishing campaign is targeting investment brokers with fraudulent emails aimed at stealing their Microsoft SharePoint and Office credentials, by invoking the identity of a credible financial regulatory organization.


Seventy Percent of Firms Sacrifice Security for Faster Innovation

Permalink - Posted on 2020-05-06 15:00

SaltStack's 'State of XOps Report, Q2 2020' queried 130 verified infosec and IT leaders during January 2020. This is against the background of Gartner's 2017 prediction that through to the end of 2020, 99% of vulnerabilities exploited will be ones already known by security and IT professionals. "A number of recent breaches indicate system misconfiguration and unpatched, known vulnerabilities, particularly of public cloud and on-premises server infrastructure and databases, are the most common cause of data exposure and successful exploits," adds Alex Peay, SVP of product and marketing at SaltStack.


Hackers Hide Web Skimmer Behind a Website's Favicon

Permalink - Posted on 2020-05-06 15:00

In one of the most complex and innovative hacking campaigns detected to date, a hacker group created a fake icons hosting website in order to disguise malicious code meant to steal payment card data from hacked websites.


Details of 44m Pakistani Mobile Users Leaked Online, Part of Bigger 115m Cache

Permalink - Posted on 2020-05-06 15:00

The leak comes after a hacker tried to sell a package containing 115 million Pakistani mobile user records last month for a price of $2.1 million in bitcoin.


Cyber Crimnals Timed Attacks to Spike During Peak Uncertainty About the Coronavirus

Permalink - Posted on 2020-05-05 17:00

The "100 Days of Coronavirus" report analyzed malicious activity during the first three months of 2020 and found that the monthly volume in every category of attack increased 33% as governments around the world responded to the epidemic. Criminals used the fear and uncertainty around the virus to craft specific attacks to take advantage of the new working and living conditions caused by lockdowns around the world.


Bad Password Habits Continue with 53% Admitting to Using the Same Password

Permalink - Posted on 2020-05-05 16:00

Among respondents using the same password, most are using it across three to seven accounts (62%), and 10% said they are using over 10 accounts with the same password, the SecureAuth report said.


Maze Team Attacks a Plastic Surgeon

Permalink - Posted on 2020-05-05 16:00

As part of its proof, Maze dumped a number of files with protected health information. One spread sheet for patient appointments contained approximately 39000 entries. A small number of entries were test data, but the rest appeared to be real data, where there might be multiple entries/rows for any one patient.


Virtual Graduation Ceremony Delayed by Cyber Attack

Permalink - Posted on 2020-05-05 16:00

Florida Gulf Coast University's Class of 2020 was due to take part in a digital spring commencement ceremony managed by StageClip at 10am on May 3. The celebratory occasion was relegated to an online-only event to comply with social distancing and lockdown measures implemented to slow the spread of COVID-19.


Student Accesses SMMUSD's Gmail Friday Night

Permalink - Posted on 2020-05-05 16:00

Drati reported that the student was able to send messages to the student body for 16 minutes before the district's technology team discovered the mass emails and disabled the system. During the weekend, the Gmail application was been temporarily disabled, but teachers were able to use private comments within Google Docs Assignments or use the Stream within Google Classroom for public comments. As of Monday morning Gmail is back in use and distance learning was not disrupted.


Hacker Bribed 'Roblox' Insider to Access User Data

Permalink - Posted on 2020-05-05 16:00

The hacker was able to lookup information on high profile Roblox users as well as reset passwords and take other actions on accounts.


Taiwan's Formosa Petrochemical Gas Stations Hit by Malware Attack

Permalink - Posted on 2020-05-05 16:00

A day after top oil refiner CPC Corp., Taiwan became the target of a malware attack, its privately held competitor, Formosa Petrochemical Corp., suffered a similar ordeal, reports said Tuesday (May 5).


Nearly 2,000 Malicious COVID-19-Themed Domains Created Every Day

Permalink - Posted on 2020-05-05 16:00

A new report from researchers with Palo Alto Networks' Unit 42 found that more than 86,600 domains of the 1.2 million newly registered domain (NRDs) names containing keywords related to the COVID-19 pandemic from March 9, 2020 to April 26, 2020 are classified as "risky" or "malicious."


Students, Experts Call for Explanation After York University Suffers Cyber Attack

Permalink - Posted on 2020-05-05 16:00

While York has not provided detailed information about the type of attack it suffered, security analyst Claudiu Popa said the language used by the university suggests students and faculty should be concerned.


CAM4 Adult Cam Site Exposes 11 Million Emails, Private Chats

Permalink - Posted on 2020-05-05 16:00

Adult live streaming website CAM4 exposed over 7TB of personally identifiable information (PII) of members and users, stored within more than 10.88 billion database records.


Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems

Permalink - Posted on 2020-05-05 16:00

The aircraft safety system known as the Traffic Alert and Collision Avoidance System (TCAS) can be coerced into sending an airplane on a mid-air rollercoaster ride – much to the horror of those onboard. Researchers were able to cobble together an effective method for spoofing the TCAS using a $10 USB-based Digital Video Broadcasting dongle and a rogue transponder, for communicating with aircraft.


Ransomware Attack on Colorado Hospital Highlights Fears of More Healthcare Hostage Situations

Permalink - Posted on 2020-05-05 16:00

Ransomware attacks on hospitals are causing increased worry in the cybersecurity industry as hackers and groups go after healthcare organizations with increasing frequency. On April 21, Parkview Medical Center in Pueblo, CO, was hit with a devastating ransomware assault that reportedly "rendered inoperable" the hospital's system for storing patient information.


Increase in Ransomware Demand Amounts Driven by Ryuk, Sodinokibi

Permalink - Posted on 2020-05-04 15:00

Coveware found that the average ransom amount demanded by ransomware attacks in Q1 2020 was $111,605. This amount was a third higher than what it had been in the final quarter of the previous year. It was also nearly triple the amount of the quarter’s median ransomware payment of $44,021, a value which had not changed drastically from the median payment of $41,179 in Q4 2019.


New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers

Permalink - Posted on 2020-05-04 15:00

Cybersecurity researcher Mordechai Guri from Israel's Ben Gurion University of the Negev recently demonstrated a new kind of malware that could be used to covertly steal highly sensitive data from air-gapped and audio-gapped systems using a novel acoustic quirk in power supply units that come with modern computing devices.


Data Security Flaw Exposes Details of Thousands of Legal Documents

Permalink - Posted on 2020-05-04 15:00

A data security flaw has left more than 10,000 legal documents containing sensitive details of commercial property owners unsecured for years in an online database, potentially affecting the clients of about 190 law firms.


French Company Tarkett Hit by Cyber Attack, Shares Fall

Permalink - Posted on 2020-05-04 15:00

French floor surfaces company Tarkett said on Monday that it had been the victim of a cyberattack, which had resulted in an ongoing disruption to its operations, causing its shares to fall.


Indonesia's Tokopedia Probes Alleged Data Leak of 91 Million Users

Permalink - Posted on 2020-05-04 15:00

Data breach monitoring firm Under the Breach published a Twitter post on Saturday showing screenshots from an unnamed individual who claimed he had acquired the personal details of 15 million Tokopedia users during a March 2020 hack on the e-commerce site.


Consumers Will Opt for Competitors After a Single Ransomware-Related Service Disruption

Permalink - Posted on 2020-05-04 15:00

While most consumers are taking necessary security precautions to protect their online accounts, businesses may not be doing enough to protect their information – inadvertently driving sales to competitors that can, an Arcserve research reveals.


Singapore to Require Smartphone Check-Ins at All Businesses and Will Log Visitors' National Identity Numbers

Permalink - Posted on 2020-05-04 15:00

Singapore will from May 12th require all businesses to adopt a system that checks visitors into and out of their premises using their smartphones, and has already made using the system compulsory before entering some venues.


India Orders Mandatory Use of COVID-19 Contact Tracing App for All Workers

Permalink - Posted on 2020-05-04 15:00

Likewise, it is also mandatory for residents living in "containment zones" to download the app and they cannot leave these zones except for medical emergencies, and for maintaining supply of essential goods and services.


Breach Exposes Data of 774,000 Australian Migrants

Permalink - Posted on 2020-05-04 15:00

Partial names, ADUserIDs, and the outcome of applications made by people wishing to migrate to Australia were discovered online by Guardian Australia via a publicly available app hosted on the employment department's domain. Other information uncovered by the newspaper included the age, country of birth, and marital status of applicants.


Tesla Has Been Getting Rid of Computers Without Wiping Them — Compromising Customer Accounts

Permalink - Posted on 2020-05-04 15:00

Tesla has been throwing away computers without wiping them, leaving some customer accounts compromised. Be aware if Tesla ever had to replace your onboard computer.


Suspicious Business Emails Increase, Imposters Pretend to Be Executives

Permalink - Posted on 2020-04-30 19:00

U.S. small businesses report an increase in suspicious business emails over the past year, a cyber survey by HSB shows, and employees are taking the bait as they fall for phishing schemes and transfer tens of thousands of dollars in company funds into fraudulent accounts.


Data Breach Settlement Calls for Enhanced Security Measures

Permalink - Posted on 2020-04-30 19:00

The amount that Banner Health has agreed to spend in improving its security practices is redacted in court documents. A separate court document that outlines the other steps that Banner Health has agreed to take to improve its information security program is sealed.


Personal Data of Thousands of 'Figaro' Readers Exposed on a Server

Permalink - Posted on 2020-04-30 19:00

A large volume of data, including personal data of subscribers and subscribers to the Figaro site , remained accessible for several months online without protection, reveals a report by the computer security company Safety Detective , published Thursday, April 30.


Alabama Dept. of Labor Fixes App After Personal Information Revealed

Permalink - Posted on 2020-04-30 19:00

WPMI reports that an app developed to help Alabamians apply for unemployment benefits and check on their status was exposing personal information.


GCHQ Granted Access to NHS Data as Privacy Concerns Increase

Permalink - Posted on 2020-04-30 19:00

A statement claimed that Hancock has permitted GCHQ access to “any information relating to the security of any network and information system held by or on behalf of the NHS or a public health body during the period ending on December 31 2020.”


Investors Sue LabCorp Over Security Failures in Light of Data Breach, Ransomware Attack

Permalink - Posted on 2020-04-30 19:00

Investors have filed a lawsuit against LabCorp, claiming that the company's board failed to address security problems that led to financial losses. According to the lawsuit, failing to address these problems has impacted investors and resulted in financial losses due to share price changes, and therefore, damages are sought.


Chegg Confirmed Data Breach of Employee Records

Permalink - Posted on 2020-04-30 19:00

Digital attackers succeeded in stealing 700 records associated with current and former Chegg employees. Those records contained individuals’ personally identifiable information (PII) including their names and Social Security Numbers.


Numerous Sites Leak User Emails to Advertising, Analytics Services

Permalink - Posted on 2020-04-30 19:00

Multiple online services and products are leaking email data belonging to their users to third-party advertising and analytics companies, shows a research published today. Websites mentioned in the report include Quibi.com, JetBlue.com, KongHQ.com, NGPVan.com, Mailchimp’s Mandrill.com, WashingtonPost.com, Wish.com. Between them, there are hundreds of millions of emails.


Average Ransomware Payments Soared in the First Quarter

Permalink - Posted on 2020-04-30 19:00

New data from Coveware on ransomware attacks in the first quarter of this year showed that compared with the fourth quarter of 2019, median ransomware payments held relatively steady at around $44,000, but average payments soared 33% to $111,605.


445 Million Attacks Detected Since the Beginning of 2020, COVID-19 Wreaks Havoc

Permalink - Posted on 2020-04-29 17:00

In the first quarter of 2020, the Arkose Labs network recorded the highest attack rate ever seen. 26.5% of all transactions were fraud and abuse attempts, which is a 20% increase over the previous quarter.


Chegg Data Breach Lawsuit Heads to Arbitration

Permalink - Posted on 2020-04-29 17:00

A federal judge has ruled that a lawsuit against education technology company Chegg Inc over its 2018 data breach that may have exposed the personal information of about 40 million users must proceed to arbitration.


California Tops States with Highest Number of Data Breaches and Records Lost

Permalink - Posted on 2020-04-29 17:00

Using data on the total number of records lost per breach from 2005 to 2019, email marketing company Omnisend compiled a study ranking US states and companies. It found that California topped the list with 18,921,723 records lost, followed by 10,402,035 in New York, and both Texas and Georgia came in at over five million.


Consumers Have Little Patience for Businesses Hit by Cyber Attack

Permalink - Posted on 2020-04-29 17:00

With cyberattacks occurring so frequently, many people are naturally worried about their own personal data being leaked or compromised. Almost 40% of those surveyed said that security concerns about their personally identifiable information (PII) was the sole reason they opted not to open an account or do business with a particular company.


PrimoHoagies Sued Over Data Breach

Permalink - Posted on 2020-04-29 17:00

Earlier this month, PrimoHoagies revealed that cyber-attackers had broken into its online payment platform and accessed the payment card information of customers who made online purchases between July 15, 2019, and February 18, 2020. Customers who made purchase in-store were not impacted.


Two Usenet Providers Blame Data Breaches on Partner Company

Permalink - Posted on 2020-04-29 17:00

According to a near-identical message posted on both sites [1, 2], the two companies say the intruder gained access to information such as names, billing addresses, payment details (IBAN and account number), and other information users provided during the process of creating an account on the two websites.


WHO Confirms Fivefold Increase in Cyber Attacks on Its Staff

Permalink - Posted on 2020-04-28 17:00

The World Health Organization is one of the leading agencies combating COVID-19 and has proven to be an attractive target for hackers and hacktivists, who have stepped up attacks on the organization during the COVID-19 pandemic. Cyberattacks on WHO are at five times the level they were at this time last year.


233,000 Patients Notified About PHI Breach at Genetic Testing Lab

Permalink - Posted on 2020-04-28 17:00

Ambry Genetics, an Aliso Viejo, CA-based genetic testing laboratory, is notifying 232,772 individuals that some of their protected health information was exposed as a result of a recent email security breach. At almost 233,000 records, this is the second largest healthcare data breach to be reported in 2020.


China Mandates Cyber Security Reviews for Tech Product Acquisitions

Permalink - Posted on 2020-04-28 17:00

New rules that will take effect on June 1 require critical information infrastructure operators in China to conduct cybersecurity reviews when acquiring network products and services.


Former Prime Communications Employee Sent Personal Info. of Thousands of Employees

Permalink - Posted on 2020-04-28 17:00

Thousands of employees’ personal information was sent right to a former Prime Communications employee’s email. “I’ve never experienced anything like this before,” said Tonya Smith. Smith said nothing but nervousness filled her mind after the human resources department sent her 105 pages of personal information of thousands of Prime Communications employees across the nation.


Massive & Unprecedented Security Breach Takes Usenet Providers Offline

Permalink - Posted on 2020-04-28 17:00

A massive security breach has taken at least one major Usenet provider offline. UseNext says that a "security hole in a partner company" could have revealed names and bank account information, exposing customers to fraud and identity theft. The precise nature of the breach isn't clear but reports that a Usenet client has been stealing login credentials is being linked to the security disaster.


'Smart' Parking Meter Vendor Had Data Stolen in Ransomware Attack

Permalink - Posted on 2020-04-28 17:00

CivicSmart, a Milwaukee firm that sells parking meters capable of processing mobile payments, hardware and software used in enforcing parking rules and mobile apps used by motorists and government employees alike, was hit last month with a form of ransomware known alternatively as Sodinokibi or REvil. Messages posted to a website on which the hackers name their victims and leak stolen files in an attempt to elicit ransom payments suggest that CivicSmart paid an unspecified amount to have its files decrypted.


Nine Mil Logs of Brits' Road Journeys Exposed from Password-Less Number-Plate Camera Dashboard

Permalink - Posted on 2020-04-28 17:00

Exclusive In a blunder described as "astonishing and worrying," Sheffield City Council's automatic number-plate recognition (ANPR) system exposed to the internet 8.6 million records of road journeys made by thousands of people, The Register can reveal. The ANPR camera system's internal management dashboard could be accessed by simply entering its IP address into a web browser. No login details or authentication of any sort was needed to view and search the live system – which logs where and when vehicles, identified by their number plates, travel through Sheffield's road network.


100k+ WordPress Sites Exposed to Hack Due to a Bug in Real-Time Find and Replace Plugin

Permalink - Posted on 2020-04-28 17:00

The vulnerability was discovered by Wordfence researchers, it is a Cross-Site Request Forgery flaw that could lead to Stored Cross-Site Scripting (Stored XSS) attacks. Attackers can trigger the issue to trick WordPress admins into injecting malicious JavaScript into the pages of their websites by clicking a malicious link within a comment or email.


GDPR Compliance Site Leaks Git Data, Passwords

Permalink - Posted on 2020-04-28 17:00

Researchers discovered a .git folder exposing passwords and more for a website that gives advice to organizations about complying with the General Data Protection Regulation (GDPR) rules.


Biopharmaceutical Firm Suffers Ransomware Attack, Data Dump

Permalink - Posted on 2020-04-28 17:00

Pharmaceutical clinical research organization ExecuPharm last week reported a March 13 ransomware attack that exposed employee personal data including Social Security numbers, taxpayer and bank account information, passport, and credit card information. And according to a report on Tech Crunch, the attackers also later dumped the stolen data onto a Dark Web site.


'Florentine Banker' Group Steals Approximately £600K in Successful BEC Scam

Permalink - Posted on 2020-04-28 17:00

@ 12:40 PM | By David Bisson | 2 min read A threat group known as “The Florentine Banker” stole approximately £600K in a successful business email compromise (BEC) scam. Check Point Research reported that the Florentine Banker group had targeted three large organizations in the British and Israeli financial sectors. Those attacks began when the threat group set up a phishing campaign that targeted the CEO, CFO and/or other individuals in the organization who had the authority to authorize money transfers. After gaining access to a victim’s account, the attackers read the emails stored therein to learn about the channels used to process money transfers and to glean more about who might be involved in completing such a transaction.


Cyber Attack Strikes Down Colorado's Parkview Medical Center

Permalink - Posted on 2020-04-28 17:00

The Pueblo, Colo. medical facility has given no details on the attack other than a post on its homepage saying its network is out. Local news reports say a statement from the hospital was received from a private Gmail account, indicating the 370-bed facility’s email system is affected.


Experts Detect 30,000% Increase in #COVID19 Threats

Permalink - Posted on 2020-04-27 16:00

Zscaler VP of security research, Deepen Desai, revealed in a blog post that the firm’s cloud security platform had stopped 380,000 attacks targeting home workers in March, up from just 1200 at the start of the year.


Nintendo Breach Affects 160,000 User Accounts

Permalink - Posted on 2020-04-27 16:00

The Japanese gaming giant said it was disabling access to accounts via the legacy Nintendo Network ID (NNID), which was associated with its now-defunct Nintendo 3DS handsets and Wii U consoles. That’s because, since the beginning of April, hackers have been using NNIDs “obtained illegally by some means other than our service” to access user accounts and buy digital items using stored cards.


U.S. Universities Hit With "Adult Dating" Spear-Phishing Attack

Permalink - Posted on 2020-04-27 16:00

More than 150,000 emails spreading the Hupigon RAT that use adult dating as a lure have been uncovered, with almost half being sent to U.S. university and college email addresses.


$8.9 Million Banner Health Data Breach Settlement Gets Final Approval

Permalink - Posted on 2020-04-27 16:00

A settlement proposed by Banner Health to resolve a class action lawsuit filed on behalf of victims of its 3.7 million-record data breach in 2016 has received final approval from a Federal judge.


Israel Says Hackers Targeted SCADA Systems at Water Facilities

Permalink - Posted on 2020-04-27 16:00

According to an alert published by Israel’s National Cyber Directorate, the attacks targeted supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stations and sewage facilities.


Zaha Hadid Architects Held to Ransom by Cyber Attack

Permalink - Posted on 2020-04-27 16:00

A computer hacker has attempted to extort money from Zaha Hadid Architects (ZHA) after breaking into its servers and stealing confidential information


Warwick University Was Hacked and Kept Breach Secret from Students and Staff

Permalink - Posted on 2020-04-27 16:00

Hackers accessed the University of Warwick's administrative network last year in an attack which has been kept secret from the affected individuals and organisations, Sky News has learnt. The security incident occurred when a staff member installed remote-viewing software enabling hackers to steal sensitive personal information on students, staff and even volunteers taking part in research studies.


Optus Facing Class Action Over Alleged Customer Privacy Breaches

Permalink - Posted on 2020-04-27 16:00

Optus has been hit with a class action complaint after it mistakenly published the names, addresses and phone numbers of tens of thousands of customers. The details of about 50,000 of the telco's customers were published in the White Pages, run by Sensis, last year.


Insider Threats Jump 47 Percent, as Incident Costs Reach $11.45 Million, New Study Shows

Permalink - Posted on 2020-04-27 16:00

While careless or negligent employees make for 62% of incidents, costing organizations an average of $307,111 per incident, malicious insiders or credential thieves bare a higher price tag of $871,686 per incident. The cost per incident is also influenced by organization size and operating industry.


Chinese "Frontline" COVID-19 Research Firm Reported Hacked: Data Now on Dark Web

Permalink - Posted on 2020-04-27 16:00

Cyber researchers at Cyble now report that a threat actor they describe as “credible,” has gained access to the medical company’s “COVID-19 detection technology source code and COVID-19 experimental data.” Huiying Medical has not yet responded to a request for comment from the day before publishing. According to Cyble, the threat actor “THE0TIME” is selling the data for 4 BTC, around $30,000. That data is said to include user information, technology source code, and reports on experiments.


Survey Reveals Lax Attitudes to Password Security

Permalink - Posted on 2020-04-23 16:00

Around 38% of people never update their passwords, according to a survey by Specops Software which has revealed some concerning trends regarding password safety.


Most Remote Workers Have Received No Security Training for a Year

Permalink - Posted on 2020-04-23 16:00

Two-thirds of remote workers in the UK haven’t received cybersecurity training over the past year, raising fears that they may be more susceptible to attacks as hackers adapt their tactics during the current crisis.


Small Businesses Admit Secure Data Storage Issues

Permalink - Posted on 2020-04-23 16:00

Researchers found that the data most commonly collected by companies is contact information (61%), customer name (52%), customer location (39%), physical address of customer (36%), and payment details (31%). For almost a quarter of respondents, lack of funding for cybersecurity was an issue. Researchers observed that 23% of survey respondents admitted that more resources needed to be injected into their company's cybersecurity.


Danish Agro's Computer Systems Hacked

Permalink - Posted on 2020-04-23 16:00

A section of the group's IT environment was affected by the incident, said the company. The Danish Agro Group is owned by 9,000 Danish farmers.


Nagaland Gov't Investigating Data Leak of Stranded Persons

Permalink - Posted on 2020-04-23 16:00

A major data breach in the government of Nagaland website to help citizens stranded outside the state has led to personal details of these individuals being exposed. Personal information including bank account details, AADHAAR number, phone numbers, address etc have been leaked into the public domain.


New York Payments Startup Exposed Millions of Credit Card Numbers

Permalink - Posted on 2020-04-23 16:00

A massive database storing millions of credit card transactions has been secured after spending close to three weeks exposed publicly to the internet. The database belongs to Paay, a card payments processor based in New York. Like other payment processors, the company verifies payments on behalf of selling merchants, like online stores and other businesses, to prevent fraudulent transactions.


Online Leak Undermines Torrance's Claim That No Personal Data Was Affected by Cyber Attack

Permalink - Posted on 2020-04-23 16:00

Brett Callow, threat analyst at Emsisoft, shared several examples of sensitive data published on DoppelPaymer’s doxxing site, where the threat actors post documents stolen from victims as part of an extortion scheme. Examples included a probation violation form from the Torrance City Attorney’s Office; a declaration in support of access to juvenile records filed with the Superior Court of California, County of Los Angeles; and a budget import audit listing.


Email Addresses, Passwords from WHO, NIH, Wuhan Lab, and Gates Foundation Dumped on 4chan

Permalink - Posted on 2020-04-22 16:00

A cache of nearly 25,000 email addresses and passwords allegedly belonging to the World Health Organization (WHO), National Institutes of Health (NIH), Wuhan Institute of Virology, Bill Gates Foundation and several other groups involved with the coronavirus pandemic response were dumped on 4chan before appearing on several other websites, according to the SITE Intelligence Group.


Hackers Have Breached 60 Ad Servers to Load Their Own Malicious Ads

Permalink - Posted on 2020-04-22 16:00

A mysterious hacker group has been taking over ad servers for the past nine months in order to insert malicious ads into their ad inventory, ads that redirect users to malware download sites. This clever hacking campaign was discovered last month by cyber-security firm Confiant and appears to have been running for at least nine months, since August 2019.


Hackers Can Exfiltrate Data From Air-Gapped Computers Via Fan Vibrations

Permalink - Posted on 2020-04-22 16:00

A researcher was able to exfiltrate data from air-gapped computers using vibrations produced by controlling the rotation speed of the machines’ internal fans. Previously, researchers demonstrated that it was possible to exfiltrate data from air-gapped systems via heat emissions, HDD LEDs, infrared cameras, magnetic fields, power lines, router LEDs, scanners, screen brightness, USB devices, and noise from hard drives and fans.


Report Shows Attacks on Cloud Services More Than Doubled in 2019

Permalink - Posted on 2020-04-22 16:00

The volume of attacks on cloud services more than doubled in 2019, in line with the trend of organizations increasingly moving operations to the cloud, according to the 2020 Trustwave Global Security Report. Amongst a range of cybersecurity trends from 2019 that were highlighted, cloud services are now the third most targeted environment by cyber-criminals. In total, this amounts to 20% of investigated incidents, representing an increase of 7% from the previous year.


Government-Aided Grants and Relief Packages Turning Out to be Easy Targets for Hackers

Permalink - Posted on 2020-04-22 16:00

A large number of hackers are specifically targeting financial aids and subsidies given by governments across the world to fight against the COVID-19 epidemic.


Los Angeles County Hit with DoppelPaymer Ransomware Attack

Permalink - Posted on 2020-04-22 16:00

Impacted is the city of Torrance, a coastal U.S. city in the South Bay region of LA, which has a population of nearly 150,000. According to a Tuesday report by Bleeping Computer, the attackers behind the DoppelPaymer ransomware are demanding 100 Bitcoin ($689,147) in ransom from the city. The attackers told the news outlet that they encrypted 150 servers and 500 workstations, to steal over 200GB of files, in a cyberattack on March 1.


Personal Data of Nearly 8,000 Small Business Owners Seeking Relief Loans May Have Been Exposed to Other Applicants

Permalink - Posted on 2020-04-22 16:00

The SBA notified nearly 8,000 business owners of the potential inadvertent disclosure of information, which included names, Social Security numbers, tax identification numbers, addresses, dates of birth, email, phone numbers, marital and citizenship status, household size, income, disclosure inquiry and financial and insurance information, according to a letter sent to business owners, which CNBC obtained.


46% of SMBs Have Been Targeted by Ransomware, 73% Have Paid the Ransom

Permalink - Posted on 2020-04-21 17:00

Almost a third (32%) of the SMBs said they simply have limited time to research ransomware mitigation solutions. The same share said their IT teams are so stretched that they feel their organizations don’t have the adequate resources to address the ransomware threat.


New iOS Exploit Discovered Being Used to Spy on China's Uyghur Minority

Permalink - Posted on 2020-04-21 17:00

The exploit, which Volexity named Insomnia, works against iOS versions 12.3, 12.3.1, and 12.3.2. Apple patched the iOS vulnerability behind this exploit in July 2019, with the release of iOS version 12.4. Volexity said the Insomnia exploit was used in the wild between January and March 2020.


UniCredit Hackers Try to Sell Employee Data on Cyber Crime Forums

Permalink - Posted on 2020-04-21 17:00

The data went on sale on April 19 and contained what the hacker said was information on UniCredit workers, including emails, phone numbers, encrypted passwords and names, Telsy, a unit of Telecom Italia SpA, wrote on its website Monday.


PHI of 41,000 Patients Exposed in Aurora Medical Center and UPMC Altoona Phishing Attacks

Permalink - Posted on 2020-04-21 17:00

Several employees responded to the messages and disclosed their email account credentials, which gave the attackers access to their email accounts. The breach was discovered by the medical center on January 9, 2020. A password reset was immediately performed to prevent any further account access and the security breach was reported to law enforcement.


A Quarter of Website Traffic Is Bad Bots

Permalink - Posted on 2020-04-21 17:00

According to the 2020 edition of Imperva's annual "Bad Bot" report, in 2019, bad bot traffic rose to its highest ever percentage of 24.1 percent of all traffic. Eerily, 37.2% of all traffic on the internet last year wasn't human.


Work-from-Home Exposes Already-Infected Machines in 50K U.S. Organizations

Permalink - Posted on 2020-04-21 17:00

New findings from security firms Arctic Security and Team Cymru show that some 50,000 US organizations had infected devices that have been moved from the relative safety of the corporate network to home networks in the rush to empty offices amid the pandemic.


Proposed Government Coronavirus Tracking App Falls at the First Hurdle Due to Data Breach

Permalink - Posted on 2020-04-21 17:00

The shortlisted mobile app's source code was published online over the weekend for scrutiny as the government decides which solution to back. It was not long before developers realized that the source files contained user data -- originating from another application.


Personal Data of 23 Million Players of Webkinz Children's Game Hacked

Permalink - Posted on 2020-04-20 15:00

A hacker has compromised personal data of 23 million players of online children game Webkinz World by Canadian toy company Ganz, dumping the usernames and passwords on the Dark Web.


Hackers Selling 267 Million Facebook Records on Hacker Forum

Permalink - Posted on 2020-04-20 15:00

In December 2019, Hackread.com reported that a misconfigured Elasticsearch server exposed the personal information of 267 million (267,140,436) users. These records mostly belonged to users in the United States and included Facebook profiles, full names, a unique ID for each account and timestamp, etc. Don’t be surprised, 70% of the US citizens are active on Facebook which means that out of the country’s total population of 327.2 million, roughly 232.6 million people are on Facebook. Now, it seems like the same database is being sold on a hacker forum, Hackread.com has learned.


Students, University Clash Over Forced Installation of Remote Exam Monitoring Software on Home PCs

Permalink - Posted on 2020-04-20 15:00

Proctorio is at the heart of the controversy. The platform is touted as a "comprehensive learning integrity platform" and a means to "secure remote exams." This includes the verification of exam takers prior to an assessment through the upload of biometric data and IDs; a remote "lockdown" to prevent outside information from reaching a test taker during the exam period; and the recording of a user's environment -- potentially achieved by taking control of a machine's microphone and camera.


Beaumont Health Notifies 112,000 Patients About May 2019 Data Breach

Permalink - Posted on 2020-04-20 15:00

Michigan’s largest healthcare system, Beaumont Health, has announced that unauthorized individuals have gained access to the email accounts of some of its employees and potentially viewed or obtained patient information stored in emails and email attachments.


Equifax Settles With Massachusetts, Indiana Over 2017 Breach

Permalink - Posted on 2020-04-20 15:00

Massachusetts will receive $18 million to settle its claims, says Attorney General Maura Healey, while Indiana will receive $19.5 million as part of its settlement with the company, according to Attorney General Curtis Hill.


LED Light Control Console Abused to Spew Malware

Permalink - Posted on 2020-04-20 15:00

Proof of that comes from an incident uncovered in Taiwan, where such a device was used to spew malware as part of an operation that leveraged a botnet of IoT products to distribute malware and ransomware, send phishing emails, and launch distributed denial-of-service (DDoS) attacks.


Twitter Fails to Obtain Permission to Disclose Surveillance Requests

Permalink - Posted on 2020-04-20 15:00

Twitter will not be allowed to disclose more information on national security requests after the U.S. government convinced a judge that the disclosure of such information could harm national security.


CISI Payment Breach Leaves Members Vulnerable to Fraud

Permalink - Posted on 2020-04-20 15:00

The Chartered Institute for Securities and Investments (CISI) has confirmed that some of its members may have had their financial information stolen after “malicious code” was inserted on its website. It comes after the professional body was made aware that members were noticing fraudulent activity on their credit/debit cards after a payment transaction on its website.


Hackers Steal $25 Million Worth of Cryptocurrency from Uniswap and Lendf.me

Permalink - Posted on 2020-04-20 15:00

The attacks took place over the weekend, on Saturday and Sunday, respectively. Although an investigation is currently underway, the two attacks are believed to be related, and most likely carried out by the same group or individual. According to investigators, hackers appear to have chained together bugs and legitimate features from different blockchain technologies to orchestrate a sophisticated "reentrancy attack."


U.S. Facing Four Times as Many DDoS Attacks as China

Permalink - Posted on 2020-04-16 15:00

New research from Atlas VPN has shown that the United States experienced more than 175,000 DDoS attacks in the month of March, more than double the number faced by the next highest country and four times as many as China. According to data gathered and analyzed by Atlas VPN researchers, South Korea and Brazil both suffered from more than 50,000 DDoS attacks while China came in just ahead of the United Kingdom with about 45,000 attacks.


AST LLC Announces Data Breach and Circulates Notices to Employees

Permalink - Posted on 2020-04-16 15:00

AST LLC has announced a data breach and is now sending notices to its employees to inform them that they have been compromised. The incident occurred on March 9, 2020, when someone managed to access employee payroll information by using a previously compromised email employee address. In fact, the infiltrator set up rules that diverted the messages received by the employee to the hacker’s address, so the realization of the breach wasn’t immediate. The information that was accessed by the unknown party involves the employees’ 2019 W-2 wage and tax statements.


Wappalyzer Discloses Security Breach After Hacker Starts Emailing Users

Permalink - Posted on 2020-04-16 15:00

Tech company Wappalyzer has disclosed a security incident this week after a hacker began emailing its customers and offering to sell Wappalyzer's database for $2,000.


Malware Found on 45 Percent of Home Office Networks

Permalink - Posted on 2020-04-16 15:00

New research by BitSight compared malware infections on home office networks versus corporate networks, and the results were unsettling for remote enterprise users.


Over 700 Malicious Typosquatted Libraries Found on RubyGems Repository

Permalink - Posted on 2020-04-16 15:00

The malicious campaign leveraged the typosquatting technique where attackers uploaded intentionally misspelled legitimate packages in hopes that unwitting developers will mistype the name and unintentionally install the malicious library instead.


Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000

Permalink - Posted on 2020-04-15 16:00

The two flaws are so-called zero-days, and are currently present in Zoom’s Windows and MacOS clients, according to three sources who are knowledgeable about the market for these kinds of hacks. The sources have not seen the actual code for these vulnerabilities, but have been contacted by brokers offering them for sale.


Spanish Hospital Faces Netwalker Ransomware Attack in the Midst of Pandemic

Permalink - Posted on 2020-04-15 16:00

Sent under the guise of a COVID-19 email related to restroom use, this simple attack utilized a .VBS file as the attachment. What makes Netwalker so dangerous is its ability to evade antivirus engines and spread throughout a network.


REvil Ransomware Rocks Town of Jupiter in Florida

Permalink - Posted on 2020-04-15 16:00

A malware attack on the Florida town of Jupiter has caused problems that are out of this world. The Palm Beach County conurbation was struck with REvil ransomware, also known as Sodinokibi, on March 21 in an attack that took down the town's computer system for three weeks. Kate Moretto, Jupiter's public information officer, confirmed that multiple files had been encrypted as a result of the incident.


Washington University School of Medicine Breach Impacts 14,795 Oncology Patients

Permalink - Posted on 2020-04-15 16:00

An unauthorized individual gained access to the email account of a research supervisor in the Division of Oncology between January 12, 2020 and January 13, 2020 as a result of a response to a phishing email. Upon discovery of the breach, immediate action was taken to secure the account and prevent further unauthorized access and a third-party computer forensics firm was engaged to assist with the investigation.


New York State Confirms Breach of Government Network

Permalink - Posted on 2020-04-15 16:00

The breach was not previously reported but was confirmed by the state when the WSJ inquired. Officials say New York hired security firm CrowdStrike in mid-February "to assess the scope of the situation." ITS hired a third party when, a few weeks into its internal investigation, it discovered a previously unknown backdoor. New York is working with the FBI to learn the hackers' identities; sources familiar with the case think a foreign attacker is responsible.


The Pentagon Hasn't Fixed Basic Cyber Security Blind Spots

Permalink - Posted on 2020-04-15 16:00

Five years ago, the Department of Defense set dozens of security hygiene goals. A new report finds that it has abandoned or lost track of most of them.


A Worrisome Increase in Call Traffic from Fraudsters Exploiting the Pandemic

Permalink - Posted on 2020-04-14 19:00

After just 3 weeks, high-risk calls are up 28% on average, outpacing the growth rate of overall call traffic – suggesting that as concerned customers call in waves, hundreds of thousands of potentially fraudulent attacks pummel contact centers in their wake.


MSC Data Center Closes Following Suspected Cyber Attack

Permalink - Posted on 2020-04-14 19:00

The incident, which is thought to have occurred on Thursday, April 9, also brought down the shipping company's myMSC portal.


Four Million Quidd User Credentials Found on Dark Web

Permalink - Posted on 2020-04-14 19:00

It apparently features the email addresses, usernames and bcrypt hashed passwords of 3,954,416 users.


PHI of 16,600 Patients Potentially Compromised in Ransomware Attack on Andrews Braces

Permalink - Posted on 2020-04-14 19:00

The Sparks, NV orthodontics practice, Andrews Braces, has experienced a ransomware attack that resulted in the encryption of patient data. The attack was discovered on February 14, 2020, with the subsequent investigation determining the ransomware was downloaded the previous day.


Phishing Attacks Reported by Hartford Healthcare and Saint Francis Ministries

Permalink - Posted on 2020-04-14 19:00

The breach was identified on December 19, 2019 when suspicious activity was detected in an employee’s email account. A third-party computer forensics firm was engaged to investigate the breach and determined on February 12, 2020 that the account was subjected to unauthorized access between December 13, 2020 and December 20, 2019.


SCUF Gaming Exposes Data on 1.1 Million Customers

Permalink - Posted on 2020-04-14 19:00

The company says customer orders, returns and repairs, and other “non-sensitive customer information” were stored in the database. The peripherals maker also admitted that names, email/shipping/billing addresses, SCUF order history, and returns and repairs history details were included.


Ransomware Attacks Lock 2 Manitoba Law Firms Out of Computer Systems

Permalink - Posted on 2020-04-14 19:00

The Law Society of Manitoba said entire computer systems at the two firms were infected with ransomware, a type of virus that blocks access to computers or files until a ransom is paid, in the last two weeks. It left lawyers and staff at the firms without access to client lists, emails, accounting and financial information, photos and other digital files. Cloud backups were also locked.


RagnarLocker Ransomware Hits EDP Energy Giant, Asks for €10 Million

Permalink - Posted on 2020-04-14 19:00

EDP Group is one of the largest European operators in the energy sector (gas and electricity) and the world's 4th largest producer of wind energy.


Equifax Settles Indiana Case Over Massive Data Breach for $19.5 Million

Permalink - Posted on 2020-04-14 19:00

The credit-reporting company has also agreed to settle similar claims by Massachusetts, the only other state that had chosen to proceed with a lawsuit against Equifax when it announced $700 million in federal, state and class action settlements in July.


Canadian Passengers from Virus-Stricken Zaandam Cruise Ship Hit by Federal Gov't Privacy Breach

Permalink - Posted on 2020-04-14 19:00

In a detailed email Global Affairs Canada sent Canadian passengers during the Easter holiday weekend, it explained that, "due to an administrative error," it had mistakenly sent them an email on April 1 with an attachment containing personal information on each passenger — including their address, date of birth, email, phone number and passport number.


Cyber Crime May Be the World's Third-Largest Economy by 2021

Permalink - Posted on 2020-04-13 18:00

The World Economic Forum's (WEF) "Global Risks Report 2020" states that cybercrime will be the second most-concerning risk for global commerce over the next decade until 2030. It's also the seventh most-likely risk to occur, and eighth most impactful. And the stakes have never been higher. Revenue, profits, and the brand reputations of enterprises are on the line; mission-critical infrastructure is being exposed to threats; and nation-states are engaging in cyber warfare and cyber espionage with each other. The WEF report concludes that, by 2021, global cybercrime costs may hit $6 trillion — as much as the GDP of the world's third-largest economy.


San Francisco International Airport Discloses Data Breach

Permalink - Posted on 2020-04-13 18:00

Hackers managed to breach two websites pertaining to the San Francisco International Airport (SFO) in March 2020, the airport has revealed.


Personal Touch and Crossroads Technologies Sued After Maze Team Attack

Permalink - Posted on 2020-04-13 18:00

The hospital ransomware class action lawsuit was filed by plaintiff Lugenia Booker, who says that her personal information was included in the computer records of Personal Touch Holding Corp. Personal Touch runs a group of subsidiaries nationwide that provide home health care services in a range of states. Co-defendant Crossroads Technologies manages Personal Touch’s sensitive information in cloud-based computer storage, the complaint says.


Small Businesses Unprepared for Remote Working, Most Don't Provide Cyber Security Training

Permalink - Posted on 2020-04-13 18:00

Conducted from March 25-27, the survey of 412 small business owners found that half of all business owners are concerned that remote working will lead to more cyberattacks. Yet, nearly 40% feel that economic uncertainty will prevent them from making necessary cybersecurity investments. This is particularly concerning for companies with fewer than 20 employees as the survey showed they were distinctly unprepared for remote working. Only 22% provided additional cybersecurity training prior to enabling remote working and just 33% provided “any cybersecurity training.”


Spike in Cyber Attacks as Cyber Criminals Exploit Covid-19 Lockdown

Permalink - Posted on 2020-04-13 18:00

Unprecedented digital dependency has created unprecedented vulnerability, and an increase in malicious attempts to exploit the mass shift to online platforms for remote working, with South Africa experiencing a ten-fold spike in network attacks in mid-March when much of the country moved to working from home.


Danish Pump Maker DESMI Reveals Cyber Attack

Permalink - Posted on 2020-04-13 18:00

DESMI is a global company specialised in the development and manufacture of pump solutions for marine, industry, oil spill combating, defence & fuel and utility (District Heating, District Cooling, Water & Waste Water a.o.).


Data of 115 Million of Pakistan's Mobile Users Up for Sale on Dark Web

Permalink - Posted on 2020-04-13 18:00

Rewterz Threat Intelligence, a cybersecurity firm, found the data dump and said that the cybercriminal behind this data breach was demanding USD 2.1 million for the data. “This indicates that financially motivated threat actors are active in Pakistan and organizations are becoming a victim of these cyberattacks," stated the firm.


Gambling Firm Anticipates Spending up to $100 Million in Recovery from Cyber Incident

Permalink - Posted on 2020-04-13 18:00

In a filing with the U.S. Securities and Exchange Commission (SEC), SBTech mentions a “cybersecurity incident” that took place on March 27, shortly after Diamond Eagle Acquisition Corporation (DEAC) agreed to acquire the firm and rival platform DraftKings with plans to merge the two later this year, according to ZDNet.


Food Delivery Service in Germany Under DDoS Attack

Permalink - Posted on 2020-03-19 17:00

Under these conditions, many Germans order in through food delivery services like Takeaway.com (Lieferando.de). Yet cybercriminals have launched a distributed denial-of-service attack on the website demanding 2 bitcoins (around $11,000) to stop the siege.


Blizzard Hit by Massive DDoS Attack; EA Sports Facing Lagging Issue

Permalink - Posted on 2020-03-19 17:00

It is a fact that hackers carry out DDoS attacks especially during the holiday season but due to Coronavirus or COVID-19; companies are encouraging their employees to work from home. And while at home, there is no way one can stay away from gaming.


Rogers Notifies Customers Their Personal Information May Have Been Compromised

Permalink - Posted on 2020-03-19 17:00

This means that information required to access a database with customer details appeared online. If someone gained access to the database, they would get customers’ names, addresses, account numbers, email addresses and phone numbers.


Cost of Cyber-Events Worsening for Large Businesses

Permalink - Posted on 2020-03-19 17:00

According to a new research paper by the Cyentia Institute, it is estimated that one in four Fortune 1000 businesses will suffer a cyber-related loss event, whilst there is a 6% chance that a Fortune 1000 firm will lose $100m or more in a 12 month period due to cyber-events.


500,000 Documents Exposed in Open S3 Bucket Incident

Permalink - Posted on 2020-03-18 16:00

An unprotected AWS S3 bucket exposed some 425 GB of data, representing approximately 500,000 documents related to MCA Wizard, an iOS and Android app developed by Advantage Capital Funding and Argus Capital Funding. According to vpnMentor researcher Noam Rotem, who led the team of researchers who found the open database, the app appears to be a tool for a Merchant Cash Advance (MCA), which provides relatively small, high-interest business loans typically made to small companies.


Montenegrin Coronavirus Patients' Identities Exposed Online

Permalink - Posted on 2020-03-18 16:00

After Montenegrin Prime Minister Dusko Markovic announced on Tuesday evening that the country had its first two coronavirus cases, the patients’ identities were published by social media users. Photos of one of the patients and her family were also posted online.


Thousands of COVID-19 Scam and Malware Sites Are Being Created on a Daily Basis

Permalink - Posted on 2020-03-18 16:00

A security researcher who goes online by the name of DustyFresh began tracking some of these domains last week. According to a list the researcher shared online, crooks have created more than 3,600 new domains that contain the "coronavirus" term between March 14 and March 18.


NutriBullet Experiences Multiple Magecart Skimmer Infections

Permalink - Posted on 2020-03-18 16:00

According to RiskIQ, the group is identified as Magecart Group 8, and RiskIQ was able to catch the attack as it happened. “Group 8 operators were using this domain to receive stolen credit card information, and its takedown prevented there being new victims,” said Yonathan Klijnsma, head of threat research at RiskIQ.


Most Ransomware Attacks Take Place During the Night or Over the Weekend

Permalink - Posted on 2020-03-17 17:00

FireEye: 27% of all ransomware attacks take place during the weekend, 49% after working hours during weekdays.


WordPress and Apache Struts Account for 55% of All Weaponized Vulnerabilities

Permalink - Posted on 2020-03-17 17:00

A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails and Laravel, according to a report published this week by risk analysis firm RiskSense.


Student Loans Company Hit by 5.4 Million Email Attacks in 2019

Permalink - Posted on 2020-03-17 17:00

A Freedom of Information (FOI) request issued by law firm Griffin Law revealed the scale and nature of the email threat to the government-owned public body, which provides funding for over 1.3 million UK students.


Guitar Tuition Website Suffers Six-Month Data Breach

Permalink - Posted on 2020-03-17 17:00

A Florida company that offers guitar lessons online to millions of students around the world has suffered a data breach. Unauthorized access of TrueFire's computer system went on for six months before the breach was detected on January 10, 2020.


8 Million E.U. Retail Sales Records Exposed on AWS MongoDB

Permalink - Posted on 2020-03-17 17:00

The open MongoDB database had no password or other authentication set. It was operated by a third-party vendor who pulled sales data from a range of retailers, including Amazon UK, Ebay, Shopify, PayPal and Stripe in order to calculate value-added taxes for different countries. The information left unprotected included customer names, email addresses, shipping addresses, purchases and the last four digits of credit card numbers.


Online Printing Site Doxzoo Exposed Thousands of Customer Files

Permalink - Posted on 2020-03-17 17:00

The U.K. printing company left its customer files on a cloud storage bucket, hosted on Amazon Web Services, without a password. Anyone who knew the easy-to-guess bucket name could access the massive trove of customer files. By the time the company secured the bucket, it contained more than 250,000 customer-uploaded files.


Financial Companies Leak 425GB in Company, Client Data Through Open Database

Permalink - Posted on 2020-03-17 17:00

On Tuesday, vpnMentor researchers led by Noam Rotem said the database appears to be connected to MCA Wizard, a now-defunct app that appears to have been developed by Advantage Capital Funding and Argus Capital Funding.


2,500 Attacks in Less Than a Day: Coronavirus Scammers Just Went into Overdrive

Permalink - Posted on 2020-03-16 17:00

Cybercriminals have been increasingly capitalizing on the coronavirus scare in the weeks prior to today’s jump. As Forbes reported last week, a massive number of new websites had been registered using the coronavirus or COVID-19 names, some of which were already trying to infect visitors. Government hackers have been taking advantage too, with a Pakistan-linked group allegedly caught doing so on Monday too.


88% of IT Pros say World Is in Permanent State of Cyber War

Permalink - Posted on 2020-03-16 17:00

A recent survey of 485 IT experts and cybersecurity officials attending the 2020 RSA Conference in San Francisco last month found that nearly 90% believe the world is now in a permanent state of cyberwar. Security company Venafi conducted the survey as a followup to its findings in 2018, when 86% of 515 IT security professionals at the Black Hat conference in Las Vegas expressed the same belief.


Half of UK Firms Suffer Basic Cyber-Skills Gaps

Permalink - Posted on 2020-03-16 17:00

The number of UK companies with a basic cybersecurity skills gap has dropped from 2018 but still stands at around half of all businesses, according to a new government study.


Suspicious Cyber Activity Targeting HHS Tied to Coronavirus Response

Permalink - Posted on 2020-03-16 17:00

The Department of Health and Human Services experienced suspicious cyberactivity Sunday night related to its coronavirus response, administration sources confirmed to ABC News Monday. The suspicious activity HHS was not a hack but it may have been a distributed denial of service -- or DDOS -- attack, according to multiple sources.


90,000 Staff, Students, Suppliers Impacted at Melbourne Polytechnic

Permalink - Posted on 2020-03-13 17:00

In a security alert issued yesterday (March 11), Melbourne Polytechnic said Victoria Police had notified them that an individual who attended the campus in late 2018 had “obtained unauthorised access to Melbourne Polytechnic’s computer systems by hard logging onto the network; overcoming security measures”.


Google Hit with Nearly $8 Million GDPR Penalty

Permalink - Posted on 2020-03-13 17:00

Google has been hit with a 75 million kroner ($7.8 million) GDPR fine by the Swedish Data Protection Authority (DPA) over the failure to comply with ‘right-to-be-forgotten’ requests from EU citizens to have web pages removed from its search engine listings.


Oklahoma Accused of Negligence in Massive Data Breach

Permalink - Posted on 2020-03-13 17:00

A December 2018 data breach in the Oklahoma Department of Securities allegedly released names, Social Security numbers and other information of more than 300,000 people. A class-action lawsuit has been filed in response.


Coronavirus-Linked Hacks Likely as Czech Hospital Comes Under Attack

Permalink - Posted on 2020-03-13 17:00

As countries around Europe enact drastic measures to try to contain the spread of the Covid-19 coronavirus, a hospital in Brno, Czechia, has been forced to cancel all planned operations and farm out acute patients to other hospitals after falling victim to a major cyber attack.


Card Data from Breached Volusion Platform Shows Up on Dark Web

Permalink - Posted on 2020-03-12 17:00

Payment card data stolen from an e-commerce platform last year has already netted criminals $1.6 million in card data sales on the dark web. And according to a new report out today, that’s just from the initial card data offering.


European Electricity Association Warns of Office Network Breach

Permalink - Posted on 2020-03-12 17:00

ENTSO-E, or the European Network of Transmission System Operators for Electricity, represents 42 electricity transmission system operators (TSOs) from 35 countries across Europe.


90% of Healthcare Organizations Have Experienced an Email-Based Attack in the Past Year

Permalink - Posted on 2020-03-12 17:00

A recently published study conducted by HIMSS Media on behalf of Mimecast has revealed 90% of healthcare organizations have experienced at least one email-based threat in the past 12 months. 72% have experienced downtime as a result and one in four said the attack was very or extremely disruptive.


Misconfiguration Accounts for 82% of Security Vulnerabilities

Permalink - Posted on 2020-03-12 17:00

Organizations in the UK and Netherlands are more exposed to high-risk vulnerabilities than any others in Europe, with misconfiguration a major challenge, according to new data from Outpost24.


Beware of 'Coronavirus Maps' – It's a Malware Infecting PCs to Steal Passwords

Permalink - Posted on 2020-03-12 17:00

Reason Cybersecurity recently released a threat analysis report detailing a new attack that takes advantage of internet users' increased craving for information about the novel coronavirus that is wreaking havoc worldwide.


Car Auction House Hit with $30 Million Ransom Demand After Crippling Cyber Attack

Permalink - Posted on 2020-03-12 17:00

The Australian branch of Manheim Auctions has previously confirmed it was the target of a ransomware attack on February 14 but in a statement released on Tuesday, WA's Consumer Protection agency revealed the extent of the attack and how much the cyber criminals were asking for.


New CoronaVirus Ransomware Acts as Cover for Kpot Infostealer

Permalink - Posted on 2020-03-12 17:00

A new ransomware called CoronaVirus is has been distributed through a fake web site pretending to promote the system optimization software and utilities from WiseCleaner.


Comcast "Accidentally" Published 200,000 "Unlisted" Phone Numbers

Permalink - Posted on 2020-03-11 18:00

Comcast made the same mistake once before and had to pay $33 million.


European Electricity Association Warns of Office Network Breach

Permalink - Posted on 2020-03-11 18:00

An association of European electricity companies has confirmed that hackers have breached its office network. "ENTSO-E has recently found evidence of a successful cyber intrusion into its office network," the association said in a statement.


February Sees Huge Jump in Exploits Designed to Spread Mirai Botnet

Permalink - Posted on 2020-03-11 18:00

In its Global Threat Index for February 2020, Check Point discovered a significant increase in malware designed to exploit certain vulnerabilities to spread the Mirai botnet. Infamous for a huge cyberattack in 2016 that took down several major websites, Mirai has a nasty habit of infecting Internet of Things devices and launching large Distributed denial of service (DDoS) attacks.


Brazil: Millions of Records Leaked, Including Biometric Data

Permalink - Posted on 2020-03-11 18:00

The security research team at Safety Detectives has discovered a significant data leak in addition to other security flaws (such as lack of password protection) relating to fingerprint data on an Antheus log server in Brazil. The team, led by Anurag Sen, discovered almost 2.3 million data points in total and estimates that 76,000 unique fingerprints were found on the database.


Eight Million Shopper Records Leaked Online

Permalink - Posted on 2020-03-11 18:00

Noted researcher Bob Diachenko discovered the unsecured MongoDB database residing on an Amazon Web Services (AWS) server on February 3. It was secured five days later, after Diachenko identified and notified the owner, a third-party company that helps merchants to aggregate sales data from multiple online marketplaces and VAT for cross-border sales.


Fetishes Exposed by Secret-Sharing App Whisper

Permalink - Posted on 2020-03-11 18:00

Whisper users' data found to be free ranging on the net included intimate confessions, fetishes, ages, ethnicities, genders, and location information. Among the viewable data were 1.3 million records involving users who had listed their age as 15.


First 100,000 Victims of Western Union Fraud Scheme Receive $153m

Permalink - Posted on 2020-03-11 18:00

A remission fund set up by Western Union to compensate the victims of money transfer scams that the business "turned a blind eye to" has made its first distribution payment.


Raspberry Pi-Powered LEGO Robot Brute-Force Attacked an iPhone

Permalink - Posted on 2020-03-11 18:00

iOS has a built-in blacklist of certain four-digit and six-digit PIN codes. But which combination of numbers are blacklisted, and does this improve security? These security researchers built a LEGO robot with a Raspberry Pi brain to help find out.


Blacklists Miss 21% of Phishing Attacks, Internet Traffic Reveals

Permalink - Posted on 2020-03-11 18:00

Visibility into phishing attacks by content delivery networks and security firms shows many domains fail to be classified as malicious.


More Than Half of IoT Devices Vulnerable to Severe Attacks

Permalink - Posted on 2020-03-11 18:00

A full 98 percent of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.


All Bets Off as Children's Data Is Leaked

Permalink - Posted on 2020-03-10 17:00

The way that the Department for Education (DfE) handles sensitive data on children and students needs a thorough independent investigation, experts argue, following revelations that one of its datasets had been used to help betting companies target new customers.


Attacks Targeting Recent Microsoft Exchange Flaw Ramping Up

Permalink - Posted on 2020-03-10 17:00

Multiple threat actors are already targeting Microsoft Exchange servers in an attempt to exploit a vulnerability fixed by Microsoft with its February 2020 Patch Tuesday updates.


Q3, 2019 Saw a 350% Increase in Ransomware Attacks on Healthcare Providers

Permalink - Posted on 2020-03-10 17:00

Ransomware attacks on healthcare providers increased by 350% in Q4, 2019, according to a recently published report from Corvus. The attacks show no sign of letting up in 2020. Already in 2020 attacks have been reported by NRC Health, Jordan Health, Pediatric Physician’s Organization at Children’s, and the accounting firm BST & Co., which affected the medical group Community Care Physicians.


March 2020 Deadline for Compliance with New York SHIELD Act Data Security Requirements

Permalink - Posted on 2020-03-10 17:00

n July 2019, the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act was signed into law. The New York SHIELD Act expanded the breach notification requirements for businesses that collect the personal information of New York residents. On March 21, 2020, the data security provisions of the New York SHIELD Act come into effect.


Los Angeles Utility Accused of Cyber Security Coverup

Permalink - Posted on 2020-03-10 17:00

The Los Angeles Department of Water and Power has been accused of deliberately keeping widespread gaps in its cybersecurity a secret from regulators in a large-scale coverup involving the city's mayor.


Human Error Linked to 60% of Security Breaches

Permalink - Posted on 2020-03-10 17:00

Three-fifths (60%) of UK businesses have experienced a cyber-attack and/or data breach caused by human error, knocking them out of action for days, according to new research from Gallagher.


Fort Worth ISD Hacked, Joining Other Texas Schools, Towns Hit by Ransomware Attacks

Permalink - Posted on 2020-03-10 17:00

The Fort Worth Independent School District is recovering from a ransomware attack last week. The district hopes everything will be back to normal by next Monday, when students and teachers return from spring break — but that may not be the case.


Bogus HIV Test Results Are the Latest Lures Used by Cyber Crooks

Permalink - Posted on 2020-03-10 17:00

As phishing attempts related to the novel coronavirus surged in late January, another health-related scam was kicking off. Crooks were sending people fake HIV test results that were laced with malicious code. To make the ruse more believable, the emails purported to come from Vanderbilt University’s prestigious medical center.


Most Medical Imaging Devices Run Outdated Operating Systems

Permalink - Posted on 2020-03-10 17:00

You'd think that mammography machines, radiology systems, and ultrasounds would maintain the strictest possible security hygiene. But new research shows that a whopping 83 percent of medical imaging devices run on operating systems that are so old they no longer receive any software updates at all.


Entercom Radio Giant Says Data Breach Exposed User Credentials

Permalink - Posted on 2020-03-10 17:00

US radio giant Entercom reported a data breach that took place in August 2019 after an unauthorized party was able to access database backup files stored third-party cloud hosting services and containing Radio.com user credentials.


9 Years of AMD Processors Vulnerable to 2 New Side-Channel Attacks

Permalink - Posted on 2020-03-09 18:00

AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research.


Kentucky University System Network Reboots After Cyberattack

Permalink - Posted on 2020-03-09 18:00

A monthlong attack on the computer networks at Kentucky's largest university system has prompted officials to conduct a major reboot of the networks.


Ryuk Ransomware Behind Durham, North Carolina Cyber Attack

Permalink - Posted on 2020-03-09 18:00

The City of Durham, North Carolina has shut down its network after suffering a cyberattack by the Ryuk Ransomware this weekend. Local media reports that the city fell victim to a phishing attack that ultimately led to the deployment of the Ryuk Ransomware on their systems.


Coronavirus-Themed Scams and Attacks Intensify

Permalink - Posted on 2020-03-09 18:00

According to Reuters, victims in the United Kingdom have lost more than 800,000 pounds ($1 million) to coronavirus-linked scams since last month.


Virgin Media Accused of Downplaying Security Incident

Permalink - Posted on 2020-03-09 18:00

The cybersecurity company that discovered the database, TurgenSec, has provided more details about its findings. TurgenSec described the telecom firm’s response to the breach as “strong” and commended the company for quickly removing access to the database. However, TurgenSec is not pleased with Virgin Media’s disclosure of the incident.


53% of Healthcare Organizations Have Experienced a PHI Breach in the Past 12 Months

Permalink - Posted on 2020-03-09 18:00

The 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses Report from Keeper Security shows approximately two thirds of healthcare organizations have experienced a data breach in the past and 53% have experienced a breach of protected health information in the past 12 months.


Only 11% of All Enterprise Accounts Use a MFA Solution

Permalink - Posted on 2020-03-06 18:00

Microsoft said that, on average, around 0.5% of all accounts get compromised each month, a number that in January 2020 was about 1.2 million.


266,000 Passwords Stolen in Trident Crypto Fund Data Breach

Permalink - Posted on 2020-03-06 18:00

Data stolen in the attack against the fund is said to have included email addresses, cell phone numbers, encrypted passwords, and IP addresses.


Fake Tech Support Company Dupes 40K Victims Out of $8m

Permalink - Posted on 2020-03-06 18:00

Former engineering student Amit Chauhan set up a bogus technical support call-center company called Tech Support in January 2019. Together with his accomplice and Jind resident Sumit Kumar, Chauhan ran the center from the upscale Udyog Vihar area of Gurugram, a city just southwest of New Delhi in northern India.


Brazilian Security Firm Leaks More Than 25 GB of Client and Staff Data

Permalink - Posted on 2020-03-06 18:00

A home and business security business with several subsidiaries has exposed hundreds of thousands of client and employee files, an investigation by ZDNet in partnership with The Hack has found.


Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys

Permalink - Posted on 2020-03-06 18:00

Over the past few years, owners of cars with keyless start systems have learned to worry about so-called relay attacks, in which hackers exploit radio-enabled keys to steal vehicles without leaving a trace. Now it turns out that many millions of other cars that use chip-enabled mechanical keys are also vulnerable to high-tech theft. A few cryptographic flaws combined with a little old-fashioned hot-wiring—or even a well-placed screwdriver—lets hackers clone those keys and drive away in seconds.


Virgin Media Reports Database Breach

Permalink - Posted on 2020-03-06 18:00

Virgin Media, owned by Liberty Global (LBTYA.O), on Thursday reported a breach that allowed unauthorized access to the cable company’s database that contained personal information of about 900,000 customers.


EVRAZ N. America Got Hit by Ransomware

Permalink - Posted on 2020-03-06 18:00

Steel maker EVRAZ's North American operations are down after an infection with the Ryuk ransomware.


J.Crew Customer Accounts Breached a Year Ago

Permalink - Posted on 2020-03-05 17:00

The popular US clothing retailer claimed the hacker obtained customer usernames and logins and used them to access the accounts in around April 2019.


T-Mobile Notifying Customers of Data Breach

Permalink - Posted on 2020-03-05 17:00

The incident, the company says, was a sophisticated, malicious attack that targeted its email vendor. As part of the assault, unknown adversaries gained unauthorized access to the email accounts of some T-Mobile employees.


U.S. Property and Demographic Database of 200 Million Records Leaked on the Web

Permalink - Posted on 2020-03-05 17:00

An exposed online database consisting of some 200 million records included a wide range of sensitive personal and demographic data about residents and their properties. Homeowners were identified as well as info about their credit ratings, net worth, and income, among other details. At this time we have not been able to determine who owns the database, which was hosted on an exposed Google Cloud server.


Malta-Based Crypto-Fund Suffers Data Breach

Permalink - Posted on 2020-03-05 17:00

According to the Technical Director of cybersecurity firm, DeviceLock, Ashot Oganesyan, the breach resulted in the leak of 10,000 users’ records and took advantage of vulnerabilities found on the foundation’s website.


Ryuk Ransomware Hits Fortune 500 Company EMCOR

Permalink - Posted on 2020-03-05 17:00

Company expects the incident to have an impact on its 2020 earnings, according to its 2019 Q4 financial report.


Boots Advantage Card Hit by Cyber Attack

Permalink - Posted on 2020-03-05 17:00

Hackers used passwords taken from other websites in an attempt to break into Advantage Card accounts in a bid to steal customers’ reward points to spend on themselves.


Vulnerability Allows Attackers to Register Malicious Lookalikes of Legitimate Web Domains

Permalink - Posted on 2020-03-05 17:00

Cybercriminals were able to register malicious generic top-level domains (gTLDs) and subdomains imitating legitimate, prominent sites due to Verisign and several IaaS services allowing the use of specific characters that look very much like Latin letters, according to Matt Hamilton, principal security researcher at Soluble.


Email Domains Without DMARC Enforcement Spoofed Nearly Four Times as Often

Permalink - Posted on 2020-03-05 17:00

As of January 2020, nearly 1 million (933,973) domains have published DMARC records — an increase of 70% compared to last year, and more than 180% growth in the last two years. In addition, 80% of all inboxes worldwide do DMARC checks and enforce domain owners’ policies — if domain owners have configured DMARC, a new Valimail report reveals.


Huge Ransomware Attack Laid Bare French Lingerie Firm and Cost It Millions

Permalink - Posted on 2020-03-05 17:00

High-end French lingerie firm Lise Charmel has gone into receivership after being floored by a ransomware attack that encrypted its entire computer system and paralysed the company for a month.


EternalBlue Longevity Underscores Patching Problem

Permalink - Posted on 2020-03-05 17:00

Three years after the Shadow Brokers published zero-day exploits stolen from the National Security Agency, the SMB compromise continues to be a popular Internet attack.


Zynga Facing Lawsuit Over Data Breach

Permalink - Posted on 2020-03-04 17:00

A class-action lawsuit has been filed against gaming company Zynga Inc. over a data breach that exposed the personal information of 173 million users.


Data Breach Affects Princess Cruises, Holland America Line Guests

Permalink - Posted on 2020-03-04 17:00

According to a statement from both cruise lines, in late May 2019 Princess and Holland America identified a series of deceptive emails sent to employees that resulted in unauthorized third-party access to some employee email accounts.


Casinos in Las Vegas Hit by Suspected Ransomware Attack

Permalink - Posted on 2020-03-04 17:00

Slot machines in two Las Vegas casinos were out of action for almost a week in an incident that bears all the hallmarks of a ransomware attack.


Cathay Pacific Airways Limited Fined £500,000 for Failing to Secure Its Customers' Personal Data

Permalink - Posted on 2020-03-04 17:00

Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed, 111,578 of whom were from the UK, and approximately 9.4 million more worldwide.


Singapore to Introduce Security Label for Smart Home Devices

Permalink - Posted on 2020-03-04 17:00

The proposed Cybersecurity Labelling Scheme for home routers and smart home hubs are part of efforts to increase consumer awareness around secured products and push manufacturers to deploy additional cybersecurity measures.


Online Payment Fraud Attempts See 73% Increase

Permalink - Posted on 2020-03-04 17:00

And while, unsurprisingly, the number one most targeted industry vertical in 2019 was physical e-commerce, business services, digital e-commerce, education, and on-demand services all fell within the top ten fraudiest verticals.


The Cyber Crime Pandemic Keeps Spreading

Permalink - Posted on 2020-03-04 17:00

When asked to describe the "short-term risk outlook"("short-term" being the next 12 months) 76.1% of the respondents to the WEF's survey expected cyberattacks to increase in 2020 and named them as one of top five global threats — outpacing even terrorism, which did not make it into the top five. The others were economic confrontations (78.5%), domestic political polarization (78.4%), extreme heatwaves (77.1%), and destruction of natural ecosystems (76.2%).


Ransomware Attackers Cloud Backups Against Victims

Permalink - Posted on 2020-03-04 17:00

Recently the DoppelPaymer Ransomware operators published on their leak site the Admin user name and password for a non-paying victim's Veeam backup software. This was not meant to expose the information to others for further attacks but was used as a warning to the victim that the ransomware operators had full access to their network, including the backups.


FDA Informs Patients, Providers and Manufacturers About Potential Vulnerabilities in Certain Medical Devices

Permalink - Posted on 2020-03-04 17:00

Today, the U.S. Food and Drug Administration is informing patients, health care providers and manufacturers about a set of cybersecurity vulnerabilities, referred to as “SweynTooth,” that – if exploited - may introduce risks for certain medical devices.


AU: Fears Private Details of Defence Force Members Compromised in Database Hack

Permalink - Posted on 2020-03-04 17:00

A highly sensitive military database containing the personal details of tens of thousands of Australian Defence Force (ADF) members was shut down for 10 days due to fears it had been hacked.


Cyber Attackers Hack Wellington School's Computer System

Permalink - Posted on 2020-03-03 17:00

The school informed the students’ parents about the cyberattack on February 25 – warning that personal data such as family contact details, names, addresses, and students’ records may have been compromised.


148% Increase in Cyber Attacks on the Pensions Regulator in 2019

Permalink - Posted on 2020-03-03 17:00

The pensions sector came under increased attack by cyber-criminals in 2019 with The Pensions Regulator (TPR) hit by 343,867 incidents of email phishing, malware and spam, according to official data released by think tank Parliament Street.


DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla

Permalink - Posted on 2020-03-03 17:00

Colorado-based Visser Precision said it was targeted by a “cyber incident” that involved the attacker accessing and stealing company data after a security researcher found some of the company’s stolen files leaked online.


IT Weaknesses at the National Institutes of Health Placed EHR Data at Risk

Permalink - Posted on 2020-03-03 17:00

An audit of the National Institutes of Health (NIH) conducted by the Department of Health and Human Services’ Office of Inspector General (OIG) has revealed technology control weaknesses in the NIH electronic medical records system and IT systems that placed the protected health information of patients at risk.


OCR Settles Complaint Against Doctor for Failure to Have Appropriate Risk Assessment and Security Controls

Permalink - Posted on 2020-03-03 17:00

OCR has settled a complaint against a covered entity for violations that first occurred prior to November, 2013, but continued thereafter.


Smart Camera and Baby Monitor Warning Given by U.K.'s Cyber Defender

Permalink - Posted on 2020-03-03 17:00

The National Cyber Security Centre (NCSC) is advising people to tweak the settings after buying them. Easy-to-guess default passwords might let a hacker secretly observe a home through connected devices, it said.


Cyber Criminals and Drug Cartels Are Spreading Malware via Increasing Partnerships

Permalink - Posted on 2020-03-03 17:00

Cybercriminals are now partnering with drug cartels across Latin America to attack financial institutions and governments, leveraging a wide variety of scams and malware to make millions, according to a new report from cybersecurity firm IntSights. The company did a deep dive into attack campaigns throughout 2019 after multiple customers in Colombia and Brazil were hit with financially devastating breaches, and people reported widespread scams aimed at siphoning funds from their bank accounts.


Quest Data Breach Class Action Settlement

Permalink - Posted on 2020-03-03 17:00

A $195,000 Quest class action settlement will resolve claims that a 2016 data breach compromised the information of thousands of patients.


Nemty Ransomware Punishes Victims by Posting Their Stolen Data

Permalink - Posted on 2020-03-03 17:00

In a new site shared with BleepingComputer by Damien, the Nemty Ransomware operators have started to punish their non-paying victims by releasing files that were stolen before devices were encrypted.


Carnival Corp Units say Were Hit by Cyber Attack Last Year

Permalink - Posted on 2020-03-03 17:00

The units, Holland America Line and Princess Cruises, said their investigation revealed unauthorized third-party had access to personal information, including mail accounts, names, Social Security numbers, and credit card information of some guests and employees.


Walgreens Discloses Data Breach Related to Mobile App

Permalink - Posted on 2020-03-02 18:00

Pharmacy store chain Walgreens has started informing some users of its mobile application that their personal and health-related information may have been seen by other customers.


Regulators Move to Fine Telecoms for Selling Location Data

Permalink - Posted on 2020-03-02 18:00

US regulators moved to impose fines Friday against the nation's four major wireless carriers for selling location data of customers without their consent.


Ransomware Victims Are Paying Out Millions a Month

Permalink - Posted on 2020-03-02 18:00

Over six-and-a-half years, ransomware victims have handed over vast amounts of bitcoin to crooks. Some variants of the malware have generated more ransom than others.


Hit with Ransomware, Prince Edward Island Notifies Residents

Permalink - Posted on 2020-03-02 18:00

Earlier today, Maze Team added Prince Edward Island (PEI) to their website where they list victims who have refused to pay their ransom demands. As they have done in other cases, the attackers also provided some files that they exfiltrated as proof.


Orgs That Sacrifice Mobile Security Are Twice as Likely to Suffer a Compromise

Permalink - Posted on 2020-03-02 18:00

Between March 30 and August 31 2019 the government department admitted a catalog of errors including misplaced passports, documents sent to the wrong recipient’s address and unauthorized disclosure, according to the Independent Chief Inspectorate of Borders and Immigration (ICIBI).


Home Office Admits 100 GDPR Breaches in E.U. Scheme

Permalink - Posted on 2020-03-02 18:00

The Home Office breached the GDPR 100 times in its handling of EU citizens’ data in the space of just five months, an inspector’s report has revealed.


Rail Station Wi-Fi Provider Exposed Traveller Data

Permalink - Posted on 2020-03-02 18:00

The email addresses and travel details of about 10,000 people who used free wi-fi at UK railway stations have been exposed online.


HMRC Scam Calls Surge 234% in a Year

Permalink - Posted on 2020-03-02 18:00

The volume of HMRC phishing emails reported by the public has fallen sharply over the past two years, as those related to SMS- and phone-based scams increased, according to a new Freedom of Information (FOI) request.


U.K.'s Travelex Expects 25 Million Sterling Hit Due to Cyber Attack

Permalink - Posted on 2020-03-02 18:00

Currency service provider Travelex on Monday estimated a 25- million-pound ($32 million) hit to its first-quarter underlying core earnings from a ransomware attack in late December, and said it had restored all its customer-facing systems.


Credit Rating Builder Loqbox Lets Customer Details and Card Numbers Slip After "Sophisticated Attack"

Permalink - Posted on 2020-03-02 18:00

Fintech startup Loqbox has fessed up to suffering an "attack" which potentially revealed its customers' names, postal addresses, dates of birth, email addresses and phone numbers.


City of Cartersville Admits Paying Ryuk Ransomware Operators $380,000

Permalink - Posted on 2020-03-02 18:00

Cartersville reportedly got infected in early May last year when it saw “3 terabytes worth of data” vanish from city computers and servers. The city recovered within a week, but only after paying their cyber-aggressors to the tune of $380,000 in non-tradable Bitcoins, “with an additional $7,755.65 paid for transaction fees and negotiators,” according to the documents obtained by The Daily Tribune News.


Tesco Sends Security Warning to 600,000 Clubcard Holders

Permalink - Posted on 2020-03-02 18:00

The supermarket giant said it believed a database of stolen usernames and passwords from other platforms had been tried out on its websites, and may have worked in some cases.


Israeli Marketing Company Exposes Contacts Database

Permalink - Posted on 2020-02-28 17:00

An Israeli marketing company left authentication credentials for an Elasticsearch database online, exposing more than 140 GB worth of contact details for individuals in the U.S. and Europe.


Smart Vacuum Flaws Could Give Hackers Access to Camera Feed

Permalink - Posted on 2020-02-28 17:00

Researchers at cybersecurity Checkmarx said they have discovered the potential flaws in the Trifo Ironpie M6 smart vacuum cleaner and said they have contacted the manufacturer multiple times but have yet to receive a reply.


One in Four Americans Won't Do Business with Data-Breached Companies

Permalink - Posted on 2020-02-28 17:00

Most people were only loosely familiar with the total number of corporate breaches that occurred in 2018. Though the majority of people admitted to losing trust in corporations that experienced data breaches, most were unwilling to cut ties with these companies.


Ransomware Attack Leaves Council Facing Huge Bill to Restore Services

Permalink - Posted on 2020-02-28 17:00

A council in the north-east of England has admitted that it has suffered a cyber-attack that has disabled its IT servers for the past three weeks, leaving it with a steep bill and concerns among residents that their local government infrastructure is "in danger of collapse."


Sodinokibi Ransomware Posts Alleged Data of Kenneth Cole Fashion Giant

Permalink - Posted on 2020-02-28 17:00

The operators behind Sodinokibi Ransomware published download links to files containing what they claim is financial and work documents, as well as customers' personal data stolen from giant U.S. fashion house Kenneth Cole Productions.


Michigan Healthcare Group Hack Went Undetected for Six Months

Permalink - Posted on 2020-02-28 17:00

Hackers gained access to patient data placed in the safekeeping of Munson Healthcare Group by compromising the email accounts of at least two employees. Patient records were accessed from July 31, 2019, to October 22, 2019, but the breach went undetected until January 16, 2020.


49 Million Unique Emails Exposed Due to Mishandled Credentials

Permalink - Posted on 2020-02-28 17:00

An Israeli marketing firm exposed 49 million unique email addresses after mishandling authentication credentials for an Elasticsearch database, that were sitting in plain text on an unprotected web server.


'Shark Tank' Star Barbara Corcoran Loses $388,700 in Phishing Scam

Permalink - Posted on 2020-02-27 18:00

Barbara Corcoran of ABC's "Shark Tank" has lost nearly $400,000 in a phishing scam this week. Corcoran, who has an estimated net worth of $80 million, according to Investopedia, told "People" that she was tricked as a result of an email scheme.


One in Five SMBs Use No Endpoint Security at All

Permalink - Posted on 2020-02-27 18:00

An alarming number of SMBs (small to medium businesses) in the US and UK are not prepared for a potential cyber attack or breach, BullGuard warns


Severe Vulnerability in iBaby Monitor M6S Camera Leads to Remote Access to Video Storage Bucket

Permalink - Posted on 2020-02-27 18:00

While investigating the iBaby Monitor M6S camera, Bitdefender researchers have identified vulnerabilities that can allow an attacker to access files in the AWS bucket, leak information through the MQTT service which leads to remote access of the camera (CVE-2019-12268), and leak personal information of users through an Indirect Object Reference (IDOR) vulnerability.


Gov't Fails to Train Employees on Ransomware Detection, Prevention

Permalink - Posted on 2020-02-27 18:00

The majority of state and local government agencies are failing to prepare their employees to spot cyberattacks or teach them how to handle ransomware incidents in the workplace, new research suggests.


Desjardins Group Breach Cost $38m Higher Than Expected

Permalink - Posted on 2020-02-27 18:00

Original estimates by the Quebec-based financial institution set the cost of recovering from the breach at $70m. The co-operative has now said that the final breach bill is likely to be $108m.


Munson Healthcare Data Breach Exposes PHI

Permalink - Posted on 2020-02-27 18:00

The northern-Michigan based Munson Healthcare group reported several employee email accounts were hacked and being accessed for two and a half months last year exposing PHI.


New York State Expected to Increase Enforcement of Cyber Security Practices

Permalink - Posted on 2020-02-27 18:00

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act). The Regulation and the Act both contain prescriptive cybersecurity requirements and new breach notification obligations for regulated organizations. The Act has a particularly broad reach, impacting any company that owns or licenses private information of New York residents.


Kr00k Wi-Fi Vulnerability Affected a Billion Devices

Permalink - Posted on 2020-02-26 17:00

Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung.


Medical Records of 156,400 Personal Touch Home Care Patients Compromised

Permalink - Posted on 2020-02-26 17:00

The Lake Success, NY-based home health company, Personal Touch Home Care (PTHC), has started notifying patients that a recent ransomware attack on its Wyomissing, PA-based IT vendor, Crossroads Technologies Inc., has potentially seen some of their protected health information compromised.


Samsung Website Error Exposes U.K. Customer Data

Permalink - Posted on 2020-02-26 17:00

The UK's data watchdog, the Information Commissioner's Office, has said that it has yet to receive a data breach report from Samsung, in an email to IT Pro. Companies are required by law to notify the ICO if a data breach is considered serious enough, and likely to infringe on the rights of data subjects.


Advocate Aurora's HR System Breached in Email Phishing Campaign

Permalink - Posted on 2020-02-26 17:00

The personal information of some current and former Advocate Aurora Health employees, including their Social Security numbers and bank accounts, might have been compromised in an email phishing campaign.


Rady's Children's Hospital Notifies Patients Whose Data Were Accessed via an Open Port

Permalink - Posted on 2020-02-26 17:00

According to their notification, the unauthorized access first occurred on June 20, 2019, and was discovered on January 3, 2020. They do not explain how they first became aware of the breach or how/why the port was open.


Facial-Recognition Company That Works with Law Enforcement says Entire Client List Was Stolen

Permalink - Posted on 2020-02-26 17:00

Clearview AI, which contracts with law enforcement after reportedly scraping 3 billion images from the web, now says someone got “unauthorized access” to its list of customers.


Transmit Security, Authentication Company Used by Banks, Hacked

Permalink - Posted on 2020-02-26 17:00

The breach impacted email addresses, passwords, phone numbers, and other sensitive information, according to a researcher mentioned in a breach notification obtained by Motherboard.


Tennessee Orthopaedic Alliance Notifies More Than 81,000 Patients of Data Breach

Permalink - Posted on 2020-02-26 17:00

TOA first detected unusual activity in the account on October 18, 2019. A forensic investigation determined that data containing former and current patients’ personal or protected health information contained within two email accounts may have been affected.


Ordnance Survey Breach Hits Employee Data

Permalink - Posted on 2020-02-26 17:00

The government body is said to have discovered the incursion and immediately remediated the problem back in January. However, while staff and privacy watchdog the Information Commissioner’s Office (ICO) were informed, it has taken until now for the incident to go public.


18 Sniffers Steal Payment Card Data from Print Store Customers

Permalink - Posted on 2020-02-26 17:00

For the past 30 months, an online printing platform with a cover store for well-known magazines has been constantly infected with malicious scripts that steal customer payment card data.


Maze Ransomware Attack on Accounting Firm Impacts Patients of New York Medical Group

Permalink - Posted on 2020-02-25 17:00

The Albany, NY-based accounting, tax, and advisory firm, BST & Co. CPAs LLC, has experienced a Maze ransomware attack that has affected patients of the New York medical group, Community Care Physicians P.C.


Pacific Specialty Insurance Company Notifies Plan Members of Breach That Occurred in March, 2019

Permalink - Posted on 2020-02-25 17:00

Once again, we see a timeline where it took a loooong time before an entity actually discloses a breach, but the entity’s explanation involves how long it took to determine who was impacted. In this case, it tood from June 14, when they first became suspicious of activity that had occurred in March until November 7 to figure out who was impacted. After that, it reportedly took another two months to get contact information for those impacted.


PayPal Users Hit With Fraudulent 'Target' Charges via Google Pay

Permalink - Posted on 2020-02-25 17:00

Hackers are using an unknown method to make fraudulent charges on PayPal accounts linked via GooglePay. These transactions are being charged through Target stores or Starbucks in the United States even though the account holders are in Germany.


Stalkerware Infections Grew by 60% in 2019

Permalink - Posted on 2020-02-25 17:00

The number of users infected with stalkerware went up by almost 60% in 2019, from 40,386 in 2018, to 67,500 this year, Russian antivirus maker Kaspersky said today in its yearly mobile malware threats report.


Britain's Financial Watchdog Flags Data Breach on Website

Permalink - Posted on 2020-02-25 17:00

Britain’s Financial Conduct Authority (FCA) has admitted an accidental leak of confidential information, including the names and some contact details of people who had made complaints against the watchdog in 2018 and 2019, on its website.


Ransomware Attack at U.S. Power Station

Permalink - Posted on 2020-02-25 17:00

The Reading Municipal Light Department (RMLD) was targeted on Friday by cyber-criminals hoping to extort money by encrypting data in the station's computer system. Unfortunately for them, station bosses opted to hire an outside IT consultant to help them deal with the ransomware infection instead of paying for the return of their files.


Mobile Security Compromise Hits 40% of Firms

Permalink - Posted on 2020-02-25 17:00

Two-fifths (39%) of global companies have suffered a major mobile security compromise over the past year, many of them via IoT devices, according to a new report from Verizon.


Sports Giant Decathlon Leaks 123 Million Records

Permalink - Posted on 2020-02-25 17:00

French sporting retail giant Decathlon has become the latest big brand to expose user data via a misconfigured database, leaking over 123 million records including customer and employee information, according to researchers.


DoppelPaymer Ransomware Launches Site to Post Victim's Data

Permalink - Posted on 2020-02-25 17:00

The operators of the DoppelPaymer Ransomware have launched a site that they will use to shame victims who do not pay a ransom and to publish any files that were stolen before computers were encrypted.


360,000 Quebec Teachers PII Possibly Compromised

Permalink - Posted on 2020-02-24 17:00

The PII of at least 51400, and possibly as many as 360000 educators, in Quebec Province was exposed when a malicious actor obtained login credentials.


Google Docs Forms Abused by Phishers to Harvest Microsoft Credentials

Permalink - Posted on 2020-02-24 17:00

Cofense observed that the phishing emails originated from a compromised email account with privileged access to financial services provider CIM Finance. By using CIM Finance’s website to host their phishing emails, the malicious actors ensured that their messages could bypass popular email security checks including DKIM and SPF.


Rallyhood Exposed a Decade of Users' Private Data

Permalink - Posted on 2020-02-24 16:00

The social network designed to help groups communicate and coordinate left one of its cloud storage buckets containing user data open and exposed. The bucket, hosted on Amazon Web Services (AWS), was not protected with a password, allowing anyone who knew the easily-guessable web address access to a decade’s worth of user files.


Transavia Data Leak Could Affect 80,000 Passengers

Permalink - Posted on 2020-02-24 16:00

The data of 80 thousand Transavia passengers leaked out after an e-mail inbox containing the data was breached, the Dutch low-cost flyer said on Monday. The data that was released includes passengers’ full names, date of birth, flight information, booking number, luggage purchase, and additionally requested services like wheelchair assistance.


97% of IT Leaders Worried About Insider Data Breaches

Permalink - Posted on 2020-02-24 16:00

A staggering 97% of IT leaders say insider breach risk is a significant concern, according to a survey by Egress.


iPhone and iPad Apps Can Snoop on Everything You Copy to the Clipboard

Permalink - Posted on 2020-02-24 16:00

Did you know that all the apps on your iPhone and iPad can snoop on whatever you copy to the system clipboard (called pasteboard on iOS)? A new security demo by researchers at Mysk shows how this could be used by apps to get detailed information about the user.


UW Medicine Faces Class Action Lawsuit Over 974,000-Record Data Breach

Permalink - Posted on 2020-02-24 16:00

Several lawsuits filed against healthcare organizations over data breaches in recent weeks, with University of Washington Medicine the latest to face legal action for exposing the protected health information of patients.


Over 120 Million U.S. Consumers Exposed in Privacy SNAFU

Permalink - Posted on 2020-02-24 16:00

Security company UpGuard found the misconfigured Amazon S3 bucket on February 3 this year, eventually tracing it back to market analysis company Tetrad.


High-Risk Vulnerabilities and Public Cloud-Based Attacks on the Rise

Permalink - Posted on 2020-02-21 17:00

A sharp increase (57%) in high-risk vulnerabilities drove the threat index score up 8% from December 2019 to January 2020, according to the Imperva Cyber Threat Index.


Major Japanese Defense Contractors Admit to Data Breach Incidents Dating Back to Over Four Years Ago

Permalink - Posted on 2020-02-21 17:00

Two more major Japanese defense contractors admitted to experiencing a data breach in recent years, bringing to a close a story that began in January when Japanese defense minister Taro Kono revealed that several partner organizations had been attacked. But though the full outline of the damage is now visible, many questions about how (and when) it was reported remain.


Slickwraps Suffered a Massive Data Breach

Permalink - Posted on 2020-02-21 17:00

Ummm, if you are a Slickwraps customer, you might see an email arrive this morning that claims the company has been hacked. The email might not be lying to you either, as this does not appear to be a promotion or some sort of fun exercise. This may be related to a massive security breach.


70% of IT Leaders say Security Concerns Restrict Adoption of Public Cloud

Permalink - Posted on 2020-02-21 17:00

Along with security, network integration was also mentioned as a frequent concern. Public cloud platforms not integrating well with legacy technology, users being forced to make multiple logins to accomplish one task, and similar concerns are also mentioned as factors.


New Mexico Sues Google Over Collection of Children's Data

Permalink - Posted on 2020-02-21 17:00

New Mexico’s attorney general sued Google Thursday over allegations the tech company is illegally collecting personal data generated by children in violation of federal and state laws.


New Jersey Hospital Network Faces Lawsuit Over Ransomware Attack

Permalink - Posted on 2020-02-21 17:00

A proposed class-action lawsuit has been filed against New Jersey's largest hospital health network over a ransomware attack that happened in December.


WhatsApp Phishing URLs Skyrocket with Over 13,000% Surge

Permalink - Posted on 2020-02-21 17:00

The number of WhatsApp phishing URLs has skyrocketed in Q4 2019 after a 13,467.6% huge QoQ surge in the number of unique phishing URLs targeting its users being discovered by email security company Vade Secure since Q3 2019.


Ransomware Damage Hit $11.5B in 2019

Permalink - Posted on 2020-02-21 17:00

A new report shows the scale of ransomware's harm and the growth of that damage year-over-year -- an average of $141,000 per incident.


Celeb Shout-Out App Cameo Exposes Private Videos and User Data

Permalink - Posted on 2020-02-21 17:00

Cameo, the increasingly popular app for paying celebrities to record short personal videos, exposed a wealth of user data including email addresses, hashed and salted passwords and phone numbers, and messages via a misconfiguration in its app. The site also has an issue where videos that are supposed to be private are actually available for anyone to find and download. Using the design flaw, Motherboard wrote basic code to build lists of ostensibly private videos filmed for users by celebrities such as Snoop Dogg, Ice T, and Michael Rapaport.


A 'Stalkerware' App Leaked Phone Data from Thousands of Victims

Permalink - Posted on 2020-02-20 17:00

A spyware app designed to “monitor everything” on a victim’s phone has been secretly installed on thousands of phones. But a misconfigured server meant the app was also spilling out the secretly uploaded contents of victims’ devices to the internet.


UW Medicine Patients Fearful After Health Information Leaked

Permalink - Posted on 2020-02-20 17:00

The huge data breach -- one of the largest in state history – occurred because of human error and was first reported by KIRO 7 in February of 2019. Because of the breach, private medical files were available online – in Excel spreadsheets -- for nearly three weeks. The breach has now led to a class-action lawsuit that could eventually represent all 974,000 patients whose names and personal health information were compromised.


Defense Information Systems Agency Discloses Breach

Permalink - Posted on 2020-02-20 17:00

The notification, dated February 11 and signed by Roger S. Greenwell, Risk Management Executive, Chief Information Officer, explains that the recipient’s personally identifiable information may have been compromised between May to July 2019. The letter does not explain why it took until February of 2020 to make the notifications.


Alarming Number of Medical Devices Vulnerable to Exploits Such as BlueKeep

Permalink - Posted on 2020-02-20 17:00

The healthcare industry is digitizing business management and data management processes and is adopting new technology to improve efficiency and cut costs, but that technology, in many cases, has been added to infrastructure, processes, and software from a different era and as a result, many vulnerabilities are introduced.


Details of 10.6 Million MGM Hotel Guests Posted on a Hacking Forum

Permalink - Posted on 2020-02-20 17:00

Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world's largest tech companies.


Number of Records Exposed in Healthcare Breaches Doubled from 2018 to 2019

Permalink - Posted on 2020-02-20 17:00

Corresponding with this, the average number of individuals affected per breach reached 71,311 in 2019, nearly twice that of 2018 (39,739). Additionally, this was the first time since 2016 that the number of breaches reached over 300 – the 386 incidents in 2019 represented a 33% increase over 2018.


ISS World Hack Leaves Thousands of Employees Offline

Permalink - Posted on 2020-02-20 17:00

A cyber-attack has hit the major facilities company ISS World, which has half a million employees worldwide.


Croatia's Largest Petrol Station Chain Impacted by Cyber Attack

Permalink - Posted on 2020-02-20 17:00

A security incident described as "a cyber-attack" has crippled some business operations at INA Group, Croatia's biggest oil company, and its largest petrol station chain.


Hackensack Meridian Health Faces Class Action Lawsuit Over December Ransomware Attack

Permalink - Posted on 2020-02-19 17:00

A lawsuit has been filed against the New Jersey Healthcare provider, Hackensack Meridian Health, over a December 2, 2019 ransomware attack that affected all 17 of its hospitals.


U.S. Gas Pipeline Shut After Ransomware Attack

Permalink - Posted on 2020-02-19 17:00

A US natural gas facility was forced to shut down operations for two days after becoming infected with commodity ransomware, the Department of Homeland Security (DHS) has revealed.


Cyber-Flashing on U.K. Trains Doubles

Permalink - Posted on 2020-02-19 17:00

British Transport Police have reported an alarming increase in the number of women being sent sexually explicit images by strangers while traveling via train.


Maroof International Hospital Hit with Severe Ransomware Attack

Permalink - Posted on 2020-02-19 17:00

Maroof International Hospital Islamabad’s entire computer network has been compromised in the wake of a massive ransomware attack. Maroof is one of the most expensive private hospitals in Islamabad.


Swiss Govt Says Ransomware Victims Ignored Warnings, Had Poor Security

Permalink - Posted on 2020-02-19 17:00

As MELANI and GovCERT discovered while investigating these ransomware incidents, recommended best practices such as MELANI's information security checklist for SMEs were not implemented by the victims and previous warnings of such attacks were not taken into consideration.


44% of Security Threats Start in the Cloud

Permalink - Posted on 2020-02-19 17:00

Amazon Web Services is a top source of cyberattacks, responsible for 94% of all Web attacks originating in the public cloud.


Researchers Observed a 125% Increase in Malware Targeting Windows 7

Permalink - Posted on 2020-02-19 17:00

For the 2020 Webroot Threat Report, researchers analyzed samples from more than 37 billion URLs, 842 million domains, 4 billion IP addresses, 31 million active mobile apps, and 36 billion file behavior records.


Over 20,000 WordPress Sites Run Trojanized Premium Themes

Permalink - Posted on 2020-02-19 17:00

A threat actor that has infected more than 20,000 WordPress sites by running the same trick for at least three years: distributing trojanized versions of premium WordPress themes and plugins.


Hackers Were Inside Citrix for Five Months

Permalink - Posted on 2020-02-19 17:00

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.


SoPo Nonprofit says Data Breach May Have Affected Unknown Number of Clients

Permalink - Posted on 2020-02-19 17:00

South Portland nonprofit that provides services for people with intellectual disabilities said Monday there may have been a public breach in its confidential data. But two months after discovering the potential risk, the organization isn’t saying much else.


Hackers Exploit Critical Vulnerability Found in ~100,000 WordPress Sites

Permalink - Posted on 2020-02-18 17:00

The flaw is in the ThemeGrill Demo Importer installed on some 100,000 sites, and it was disclosed over the weekend by Website security company WebARX. By Tuesday, WebArx reported that the flaw was under active exploit with almost 17,000 attacks blocked so far. Hanno Böck, a journalist who works for Golem.de, had spotted active attacks several hours before and reported them on Twitter.


Two-Thirds of CISOs Struggling with Skills Shortages

Permalink - Posted on 2020-02-18 17:00

Two-thirds (66%) of global CISOs say they are struggling to recruit the right talent and a similar number believe shortages will only get worse, according to a new study from Marlin Hawk.


Wise Health System Notifies 66,934 Patients of Phishing Attack

Permalink - Posted on 2020-02-18 17:00

Wise Health System in Decatur, TX, is notifying 66,934 patients that some of their protected health information was potentially compromised in a phishing attack that occurred on March 14, 2019.


NCH Healthcare Sends Breach Notification Letters After 8 Months

Permalink - Posted on 2020-02-18 17:00

On or around June 14, 2019, NCH became aware of suspicious activity related to our human resources, timekeeping, and payroll system. NCH did determine that the email accounts affected by this incident may include some combination of the following information: patient name, date of birth, driver’s license number, tribal identification number, financial account information, payment card information, medical history, treatment information, medication or prescription information, beneficiary information, provider information, patient identification number, health insurance information, and/or username/email and password information.


Information About 69,000 Phoenix Pay System Victims Sent in Error

Permalink - Posted on 2020-02-18 17:00

More than 69,000 public servants caught up in the Phoenix pay system debacle are now victims of a privacy breach after their personal information was accidentally emailed to the wrong people, says Public Services and Procurement Canada.


Data Breach Leads to Unauthorized Access to Information for 7,500 Patients in Iowa

Permalink - Posted on 2020-02-18 17:00

Monroe County Hospital & Clinics said in a news release Monday that approximately 7,500 people were notified that the breach may have led to unauthorized access of their individual health information. These people were also given instructions about how to monitor their credit scores in the event their information was stolen.


16 DDoS Attacks Take Place Every 60 Seconds, Rates Reach 622 Gbps

Permalink - Posted on 2020-02-18 17:00

Two-thirds of customer-facing enterprise systems are bearing the majority of Distributed Denial-of-Service (DDoS) attacks, of which 8.4 million were recorded in 2019 alone.


Almost Half of Connected Medical Devices Are Vulnerable to Hackers Exploiting BlueKeep

Permalink - Posted on 2020-02-18 17:00

Connected medical devices are twice as likely to be vulnerable to the BlueKeep exploit than other devices on hospital networks, putting patients and staff at additional risk from cyber attacks. This is especially concerning when healthcare is already such a popular target for hacking campaigns.


Toll Admits Some Customers Still Suffering Delays on Day 18 of Ransomware Attack

Permalink - Posted on 2020-02-17 17:00

Toll admits some of its customers are still suffering delays 18 days after it was hit by a ransomware attack. Not all systems are back online, and the company is also chewing through a backlog.


New Scam: Pay Up, Or We'll Make Google Ban Your Ads

Permalink - Posted on 2020-02-17 17:00

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic.


PhotoSquared: App Leaks Data on Thousands of Users

Permalink - Posted on 2020-02-17 17:00

A popular photo app has leaked the personal data and images of thousands of customers via an unsecured Amazon Web Services (AWS) storage bucket, it has emerged.


Plastic Surgery Patient Photos, Info. Exposed by Leaky Database

Permalink - Posted on 2020-02-14 16:00

Hundreds of thousands of documents with plastic surgery patients' personal information and highly sensitive photos were exposed online by an improperly secured Amazon Web Services (AWS) S3 bucket.


Personal Information of 144,000 Canadians Mishandled by Federal Bureaucracies

Permalink - Posted on 2020-02-14 16:00

The new figures were included in the federal government's answer to an order paper question filed by Conservative MP Dean Allison late last month. The nearly 800-page response didn't offer an explanation for the errors, which range in seriousness from minor hiccups to serious breaches involving sensitive personal information.


Rutter's Store Chain Discloses Security Breach Involving POS Malware

Permalink - Posted on 2020-02-14 16:00

US store chain Rutter's disclosed a security breach today. The company says hackers gained access to its stores' network system and planted malware that collected payment card details as they were being processed.


Ransomware Attacks Predicted to Occur Every 11 Seconds in 2021 with a Cost of $20 Billion

Permalink - Posted on 2020-02-14 16:00

Confirming what we are seeing in the field, cybersecurity firm Cybersecurity Ventures has predicted that, globally, businesses in 2021 will fall victim to a ransomware attack every 11 seconds, down from every 14 seconds in 2019. That figure is based on historical cybercrime figures. It is estimated that the cost of ransomware to businesses will top $20 billion in 2021 and that global damages related to cybercrime will reach $6 trillion. Yes, that is with a “T.”


U.S. Bank Slammed for "Vague and Deceptive" Breach Disclosure

Permalink - Posted on 2020-02-13 17:00

American bank Fifth Third has come under fire for sending customers a cryptic breach disclosure letter judged to be "vague and deceptive" by a consumer group.


Puerto Rico Govt Loses $2.6M in Phishing Scam

Permalink - Posted on 2020-02-13 17:00

Puerto Rico's government has lost more than $2.6 million after falling for an email phishing scam, according to a senior official.


Florida County Election Office Hit by Ransomware Before 2016 Presidential Election

Permalink - Posted on 2020-02-13 17:00

Ransomware incident was kept secret and never reported, current county election supervisor says.


Nedbank Warns Clients After Data Breach – 1.7 Million Clients Potentially Affected

Permalink - Posted on 2020-02-13 17:00

Nedbank says it has investigated a data security issue that occurred at the premises of a third-party service provider, namely Computer Facilities – a direct marketing company that issues SMS and email marketing information on behalf of Nedbank and a number of other companies.


Hackers Compromise Financial Information for Carson City Residents Who Pay Water Bill Online

Permalink - Posted on 2020-02-13 17:00

According to a letter sent out to a group of residents who pay their water bill online in Carson City, their financial information was compromised due to a data breach, according to City Manager Nancy Paulson.


Class Action Lawsuit Filed Against Puerto Rican Hospitals That Sufffered Ransomware Attacks

Permalink - Posted on 2020-02-13 17:00

According to the complaint, filed on February 11 in District Court for Puerto Rico, notification letters were first sent to patients on June 18, 2019. DataBreaches.net has yet to find a copy of that notification to see what it says about protected health information — was there evidence that it was actually accessed? The exhibits to the complaint do not include a copy of the notification letter.


Threat frm Spoofed Emails Grows, While DMARC Implementation Lags

Permalink - Posted on 2020-02-13 17:00

Email remains the biggest single cyber threat to business. Phishing can introduce malware either directly or later via stolen credentials, while BEC scam emails can lead to direct financial loss.


Ransomware Attacks Have Cost the Healthcare Industry at Least $157 Million Since 2016

Permalink - Posted on 2020-02-13 17:00

A new study by Comparitech has shed light on the extent to which ransomware is used to attack healthcare organizations and the true cost of ransomware attacks on the healthcare industry.


Poor Password Habits Still Pose a Serious Threat

Permalink - Posted on 2020-02-12 17:00

9,050,064,764 credentials have been recovered throughout 2019 which came from a total of 640 unique data breaches and include email addresses connected to plaintext passwords.


Amex, Chase Fraud Protection Emails Used as Clever Phishing Lure

Permalink - Posted on 2020-02-12 17:00

A very clever phishing campaign is underway that pretends to be fraud protection emails from American Express and Chase that ask you to confirm if the listed credit card transactions are legitimate.


Healthcare Ransomware Damage Passes $157M Since 2016

Permalink - Posted on 2020-02-12 17:00

The researchers looked at 172 ransomware attacks that hit a total of 1,446 healthcare organizations. They found that the downtime, which ranged from hours to months, had an impact on 6,649,713 patients. And the total impact of roughly $157 million was far in excess of the approximately $640,000 paid to attackers in the time period studied.


Deadline for Reporting 2019 Healthcare Data Breaches of Fewer Than 500 Records

Permalink - Posted on 2020-02-12 17:00

The HIPAA Breach Notification Rule requires data breaches of 500 or more records to be reported to the Secretary of the Department of Health and Human Services no later than 60 days after the discovery of a breach. Breaches of fewer than 500 records can be reported to the Secretary at any time, but no later than 60 days from the end of the calendar year in which the data breach was experienced – 45 C.F.R. § 164.408.


BEC Losses Surpassed $1.7 Billion in 2019

Permalink - Posted on 2020-02-12 17:00

Both the frequency and costs associated with Internet crime have increased in 2019, with email compromise scams generating half of the incurred financial loss, according to the FBI.


Data Breach Exposes Altice Employee, Optimum Customer Information

Permalink - Posted on 2020-02-12 17:00

A data breach at Altice USA Inc. has exposed the Social Security numbers, birth dates and other personal information of all 12,000 current employees as well as some former employees and a small number of customers, the company said.


Malware Attack Disables Medical Records at Children's Hospital Affiliates

Permalink - Posted on 2020-02-12 17:00

A malware attack has disabled a computer system with Children’s Hospital affiliates, according to a spokesperson.


Mac Malware Threats Are Now Outpacing Attacks on Windows PCs

Permalink - Posted on 2020-02-12 17:00

Macs have often been presented as the safer computing option but now cyber criminals are increasingly switching their attention towards those who use Apple computers.


More Phishing Campaigns Tied to Coronavirus Fears

Permalink - Posted on 2020-02-11 18:00

As fears about the coronavirus continue to spread, cybercriminals are using the health crisis to send phishing emails using a variety of tactics to a broader range of targets.


Organizations Struggling to Find Skilled Security Staff, Leaving 82% of Teams Understaffed

Permalink - Posted on 2020-02-11 18:00

The strain on cybersecurity teams is exacerbated by the inability to find experienced staff, and 85% acknowledged it has become more difficult over the past few years to hire skilled security professionals.


Ransomware Attacks Are Causing Cyber Insurance Rates to Go Through the Roof

Permalink - Posted on 2020-02-11 18:00

After a brief lull, ransomware attacks have roared back as a major and persistent security problem in the past year. These attacks have become so frequent and so widespread that cyber insurance rates are spiking, with Reuters reporting some premiums increasing as much as 25% in price.


Estée Lauder Exposes 440 Million Records in Unprotected Database

Permalink - Posted on 2020-02-11 18:00

In total, 440,336,852 records were inadvertently exposed to the Internet, including audit logs containing a large number of email addresses in each document.


27% of Dating Site Users Scamme

Permalink - Posted on 2020-02-11 18:00

The UK banking industry is warning consumers not to fall victim to romance fraud, after revealing that over a quarter (27%) of dating website users have been scammed by fake personas over the past year.


Jail Software Left Inmate Data Exposed Online

Permalink - Posted on 2020-02-11 18:00

An unsecured cloud storage bucket appears to contain records of inmate check-ins, including information on prescriptions given to inmates.


New Crypto Exchange Altsbit says It Will Close Following Hack

Permalink - Posted on 2020-02-10 18:00

Altsbit – a platform reported to be based in Italy, though it doesn't make this clear on its website or social media – announced the breach last Thursday, stating on Twitter: "Unfortunately we have to notify you with the fact that our exchange was hacked during the night and almost all funds from BTC, ETH, ARRR and VRSC were stolen. A small part of the funds are safe on cold wallets."


1.2 Million CPR Numbers for Danish Citizen Leaked Through Tax Service

Permalink - Posted on 2020-02-10 18:00

The Danish Agency for Development and Simplification has discovered the data leak that involved the TastSelv Borger service, which is managed by the US company DXC Technology.


Ransomware Cripples Havre Public Schools Computer System

Permalink - Posted on 2020-02-10 18:00

The Havre Public Schools superintendent learned via a phone call early Tuesday that ransomeware had hacked and “crippled” the school district’s computer system.


Chinese Military Personnel Charged with Equifax Data Breach

Permalink - Posted on 2020-02-10 18:00

A federal grand jury in Atlanta returned an indictment last week charging four members of the Chinese People’s Liberation Army (PLA) with hacking into the computer systems of the credit reporting agency Equifax and stealing Americans’ personal data and Equifax’s valuable trade secrets.


Israel's Likud Party Exposed Details of Over 6 Million Voters

Permalink - Posted on 2020-02-10 18:00

Developer and journalist Ran Bar-Zik discovered that the source code of the Elector website, which could easily be accessed by anyone from a browser using the “view page source” option, included administrator credentials. Using those credentials, anyone could have easily gained full access to the Elector application and all the data it stored.


Netherlands University Pays $240,000 After Targeted Ransomware Attack

Permalink - Posted on 2020-02-10 18:00

The encryption process started on December 23, 2019. By December 29, 2019, UM had concluded that its only realistic way forward was to pay the ransom and buy the decryption key. Rebuilding the infrastructure would take months -- even if it were possible -- while research material would be irretrievable. In the meantime, its students would not be able to work effectively and may not be able to take their exams.


Docker Registry SNAFUs Expose Firms to Cloud Compromise

Permalink - Posted on 2020-02-10 18:00

Security experts are warning that widespread Docker registry misconfigurations could be exposing countless organizations to critical data theft and malicious attacks.


National Portrait Gallery Faced Almost 350,000 Email Attacks in Q4 2019

Permalink - Posted on 2020-02-10 18:00

The National Portrait Gallery is one of London’s most prestigious art galleries, welcoming between 1.1-2 million visitors every year, many of which have private information such as payment details and email addresses stored on its servers. The research highlights the threats posed to the capital’s museums by malicious hackers who seek to steal membership data from popular tourist attractions.


40 Million Americans Affected by Health Data Breaches in 2019

Permalink - Posted on 2020-02-07 16:00

The Fortified Health Security 2020 report, titled The State of Cybersecurity in Healthcare, compiled annual data from 2009 through 2019 and found last year was the highest number recorded since 2015 when 113.27 million records were exposed — an increase of 84 percent from 17.4 million in 2014.


Fresh Database of Half a Million Indian Payment Card Records on Sale in the Dark Web

Permalink - Posted on 2020-02-07 16:00

Group-IB, a Singapore based cybersecurity company specialising in preventing cyber attacks which detected the database, says that over 98% of this database on sale were cards issued by Indian banks.


Crypto Exchange Loses "Almost All Funds" in Hack

Permalink - Posted on 2020-02-07 16:00

The Italian exchange announced it had become the target of a devastating hack yesterday on Twitter. According to their posts, criminals made off with 1,066 Komodo (KMD) tokens and 283,375 Verus (VRSC) "coins" with a combined value of $27,000.


Lawyers Could Net $30m in Yahoo Data Breach Settlement

Permalink - Posted on 2020-02-07 16:00

Class counsel who secured the breach settlement are currently waiting for US District Judge Lucy Koh to give her final stamp of approval and to award them the fees, according to new documents filed in California federal court.


100K IU Student GPAs Accidentally Made Available to All Students, Staff

Permalink - Posted on 2020-02-07 16:00

The data breach could be a violation of the Family Educational Rights and Privacy Act, which requires consent before an educational institution can disclose personal information from educational records.


Dutch Court Rules AI Benefits Fraud Detection System Violates E.U. Human Rights

Permalink - Posted on 2020-02-06 17:00

A Dutch court has demanded that an algorithm-based system used by the government to identify and track down potential housing and benefit cheats is dropped with immediate effect.


Louisiana Governor Urges Officials to Ready for Cyber Attacks

Permalink - Posted on 2020-02-06 17:00

Gov. John Bel Edwards called on Louisiana’s local government leaders Wednesday to protect their data, reminding them of recent cyberattacks across the state and saying they’re likely to face such a strike in the future.


Kobe Steel, Pasco Hit in Latest Cyber Attack Cases

Permalink - Posted on 2020-02-06 17:00

Kobe Steel Ltd. and satellite data provider Pasco Corp. have come under cyberattacks, the latest in a series of confirmed cases of attacks on Japanese defense-related companies, the Defense Ministry said Thursday.


90% of U.K. Data Breaches Due to Human Error in 2019

Permalink - Posted on 2020-02-06 17:00

According to the cybersecurity awareness and data analysis firm, nine out of 10 of the 2376 cyber-breaches reported to the ICO last year were caused by mistakes made by end-users. This marked an increase from the previous two years, when respectively, 61% and 87% of cyber-breaches were ascribed to user error.


University of Maastricht says It Paid Hackers 200,000 Euro Ransom

Permalink - Posted on 2020-02-06 17:00

The University of Maastricht on Wednesday disclosed that it had paid hackers a ransom of 30 bitcoin -- at the time worth 200,000 euros ($220,000) -- to unblock its computer systems, including email and computers, after an attack that unfolded on Dec. 24.


Health Share of Oregon Transportation Vendor, GridWorks, Confirms Data Breach

Permalink - Posted on 2020-02-06 17:00

On January 2, 2020, Health Share of Oregon learned that the personal information of its members was located on a laptop stolen from GridWorks IC, Health Share's contracted non-emergent medical transportation vendor. The break-in and theft occurred at GridWorks' office on November 18, 2019.


Deliveries Stranded Across Australia as Toll Confirms Ransomware Attack

Permalink - Posted on 2020-02-05 17:00

The targeted attack has forced the company to disable its systems and revert to manual processes, causing delays across the country.


30,000 Medical Records Damaged in Malware Attack at Texas Provider

Permalink - Posted on 2020-02-05 17:00

Houston-based Fondren Orthopedic Group is notifying 30,049 patients that their medical records may have been damaged in a malware attack.


Brazilian Firm Exposes Personal Details of Thousands of Soccer Fans

Permalink - Posted on 2020-02-05 17:00

Tens of thousands of Brazilian soccer fans have been exposed as a publicly-accessible cloud storage bucket leaked several gigabytes of data with sensitive information stretching back several years.


Smart Lightbulbs Used to Compromise Home and Business Networks

Permalink - Posted on 2020-02-05 17:00

Researchers have demonstrated an ability to compromise an IoT smart bulb, and then use malware from the internet-connected bulb to infiltrate the rest of a network -- regardless of whether that is a home or office.


Hackers Can Steal Data from Air-Gapped Computers via Screen Brightness

Permalink - Posted on 2020-02-05 17:00

Researchers have shown how hackers could silently exfiltrate sensitive information from air-gapped computers by manipulating the brightness of their screen.


Golden Entertainment Addresses Data Breach

Permalink - Posted on 2020-02-05 17:00

The investigation undertaken by Golden Entertainment led to the finding that access was obtained to the email accounts multiple times between 30 May 2019 and 6 October 2019.


Salesforce Data Breach Suit Cites California Privacy Law

Permalink - Posted on 2020-02-05 17:00

Salesforce.com Inc. and a children’s clothing company face data-breach allegations in a federal court lawsuit that is among the first to cite California’s landmark privacy law since it took effect Jan. 1.


Data Breach Exposes 17,000 Yachting Industry Professionals

Permalink - Posted on 2020-02-05 17:00

A data breach at UK-based Crew and Concierge Limited has exposed the personal data of 17,379 people of 50 different nationalities working in the yachting industry.


The Iowa Caucus Tech Meltdown Is a Warning

Permalink - Posted on 2020-02-04 18:00

The Iowa results will come in eventually, thanks to a paper trail. But it underscores just how much can go wrong when you lean on unnecessary, untested tech.


Ransomware Knocks City of Racine Offline

Permalink - Posted on 2020-02-04 18:00

The city of Racine, Wis., was hit with a ransomware attack January 31 that knocked most of its non-emergency computer services offline.


Data Breach Potentially Exposes EVMS Employees' Bank Accounts

Permalink - Posted on 2020-02-04 18:00

Eastern Virginia Medical School is trying to beef up its email security following a phishing scam that could have exposed employees’ personal information, including bank accounts and Social Security numbers.


New Ransomware Doesn't Just Encrypt Data. It Also Meddles with Critical Infrastructure

Permalink - Posted on 2020-02-04 18:00

Over the past five years, ransomware has emerged as a vexing menace that has shut down factories, hospitals, and local municipalities and school districts around the world. In recent months, researchers have caught ransomware doing something that's potentially more sinister: intentionally tampering with industrial control systems that dams, electric grids, and gas refineries rely on to keep equipment running safely.


Pabbly Email Marketing Exposes 51.2 Million Records Online

Permalink - Posted on 2020-02-04 18:00

Email marketing is big business and many companies rely on emails to keep in contact with their customers or potential customers. In the modern world of over priced pay per click ads targeted email marketing lists are the holy grail of an organization’s marketing strategy. This customer data is equally as valuable as the products or services the company provides.


New York Nursing Center and Phoenix Children's Hospital Affected by Phishing Attacks

Permalink - Posted on 2020-02-04 18:00

Village Center for Care dba VillageCare Rehabilitative and Nursing Center (VRNC) and Village Senior Services Corporation dba VillageCareMAX (VCMAX) have fallen victim to a business email compromise (BEC) attack. BEC attacks involve the impersonation of an executive, either using the executive’s genuine email account compromised in a previous attack or by spoofing the executive’s email address.


Cyber Criminals Are Using Cleaners to Hack Your Business

Permalink - Posted on 2020-02-03 17:00

Criminal gangs are planting “sleepers” in cleaning companies so that they can physically access IT infrastructure, a senior police officer with responsibility for cyber crime has warned, urging businesses to bolster their physical security processes in the face of the growing threat.


Maze Ransomware Hits Law Firms and French Giant Bouygues

Permalink - Posted on 2020-02-03 17:00

Cyber-criminals behind the Maze ransomware attacks have claimed several more scalps over the past few days, including five law firms and a French industrial giant, all of which are thought to have had sensitive internal data stolen.


British Charity Loses Over $1m in Domain Spoofing Scam

Permalink - Posted on 2020-02-03 17:00

Red Kite Community Housing announced that it had fallen victim to a cyber-scam in which criminals posed as genuine service providers to steal a staggering £932,000.


Phishing Tournament Finds Employees Falling Prey to Malicious Emails

Permalink - Posted on 2020-02-03 17:00

According to the results of the tournament, five major industries had click rates that were higher than the averages. Energy, construction, manufacturing and retail all had higher than normal click rates in addition to enterprises in the public sector.


GDPR Enforcement Accelerating

Permalink - Posted on 2020-02-03 17:00

With 43 enforcement decisions made so far, Spain leads the pack as Europe's most active regulator, followed by Romania (21) and Germany (18). The UK has imposed the highest total amount of fines -- more than €315 million -- if both British Airways' and Marriott's fines are upheld after appeal. Following are France's Commission Nationale de l'Informatique et des Libertés, with just over €51 million in fines, and Germany's DPA, at nearly €25 million.


Malware Attack Results in Corruption of Medical Records: 30,000 Patients Affected

Permalink - Posted on 2020-02-03 17:00

On November 21, 2019, Fondren Orthopedic Group, an association of private orthopedic surgery practitioners in Houston and the surrounding areas, experienced a cyberattack that affected certain parts of its IT system.


Yarra Trams Suffers Data Breach

Permalink - Posted on 2020-02-03 17:00

Public Transport Users Association spokesman Daniel Bowen said transport operators must "take the utmost care with private data such as email addresses". It comes months after Public Transport Victoria and the Department of Premier and Cabinet gave a hacking and data science conference unfettered access to travel data stored on about 15 million myki cards used in the three years to June 2018.


DOJ Sues U.S. Telecom Providers for Connecting Indian Robocall Scammers

Permalink - Posted on 2020-01-31 16:00

The US Department of Justice has filed lawsuits against two small telecommunications providers that have allegedly connected hundreds of millions of fraudulent robocalls from Indian call centers to US residents. The feds want a New York federal judge to cut off the companies' access to the US telephone network. The government says a judge has already issued a restraining order against one of the defendants.


Japanese Electronics Giant NEC Discloses Old Data Breach

Permalink - Posted on 2020-01-31 16:00

Japanese IT and electronics company NEC Corporation has revealed that hackers had access to its network for a long time, but the incident occurred several years ago.


Ransomware Hits TV & Radio News Monitoring Service TVEyes

Permalink - Posted on 2020-01-31 16:00

A ransomware infection has brought down TVEyes, a company that manages a popular platform for monitoring TV and radio news broadcasts, broadly used by newsrooms and PR agencies across the globe.


Hacker Snoops on Art Sale and Walks Away with $3.1m

Permalink - Posted on 2020-01-31 16:00

Hackers intercepted talks between an art dealer and a Dutch museum to scam the museum out of millions, and while they walked away with their ill-begotten proceeds, the victims are now fighting over who is responsible.


Sprint Exposed Customer Support Site to Web

Permalink - Posted on 2020-01-31 16:00

resh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web.


Judge Rules Insurer Must Pay for Ransomware Damage

Permalink - Posted on 2020-01-31 16:00

A federal judge has ruled that an insurer providing a "business owner's insurance policy" to National Ink & Stitch, which sustained a ransomware attack in 2016 and was forced to replace most of its IT infrastructure, must pay for the damages the security incident caused.


Ashley Madison: 5 Years Later After Data Breach, Users Are Being Targeted with 'Sextortion' Scams

Permalink - Posted on 2020-01-31 16:00

Scammers have managed to find a new way to wring money out of unsuspecting victims of the 2015 breach of the Ashley Madison affair-dating website, according to researchers at email security company Vade Secure.


Perth Mint Visitor Data Stolen After Feedback Survey Company Hacked

Permalink - Posted on 2020-01-31 16:00

Perth Mint has been targeted by hackers for the second time in two years, this time resulting in a data breach that has compromised the details of more than 1000 visitors.


Toll Group Systems Offline After Suspected Cyber Attack

Permalink - Posted on 2020-01-31 16:00

Some systems are offline at transport and logistics company Toll Group following a cyber security incident. A message posted to the Australian-owned company's website reads, "As a precautionary measure, Toll has made the decision to shut down a number of systems in response to a suspected cyber security incident.


97 of the World's 100 Largest Airports Have Massive Cyber Security Risks

Permalink - Posted on 2020-01-30 18:00

An investigation of airport cybersecurity found glaring gaps in security for web and mobile applications, misconfigured public clouds, Dark Web exposure and code repositories leaks.


Students Got £140,000 from U.E.A. for Private Data Leak

Permalink - Posted on 2020-01-30 17:00

The leak in June 2017 saw an email containing confidential details about students' extenuating circumstances sent to hundreds of their peers. The circumstances, detailed in a spreadsheet, included suicidal thoughts, sexual assault, and serious family illnesses and bereavements.


U.N. Tried to Keep Cyber Attack Under Wraps

Permalink - Posted on 2020-01-30 17:00

The UN did not publicly disclose a major hacking attack into its IT systems in Europe – a decision that potentially put staff, other organisations, and individuals at risk, according to data protection advocates.


Hackers Infiltrated a Big Facebook Data Partner to Launch Scams

Permalink - Posted on 2020-01-30 17:00

When hackers take over your account on Facebook, it could mean you see suspicious posts about deals on Ray-Ban sunglasses, which are definitely bogus content. But when hackers take over a single account belonging to one of Facebook's biggest data partners, it means a widespread campaign that could lead to thousands of dollars lost and a huge number of credit card numbers stolen.


Trello Exposes Huge Trove of Private Data

Permalink - Posted on 2020-01-30 17:00

Search engines such as Google index public Trello boards, making it simple for anyone to uncover the boards’ contents using a specialised type of search called a ‘dork’. And it’s surprising how much sensitive data there is.


Cost of Insider Threats Rises 31%

Permalink - Posted on 2020-01-30 17:00

New research released yesterday by the Ponemon Institute reveals a dramatic increase in both the frequency of insider threats and their financial cost to businesses since 2018.


Fake Exec Tricks New York City Medical Center into Sharing Patient Info.

Permalink - Posted on 2020-01-30 17:00

An employee at a New York City medical center was tricked into giving out patient information by a threat actor purporting to be one of the facility's executives. The data was shared by an individual at community-based non-profit the VillageCare Rehabilitation and Nursing Center (VCRN) who had received what they believed to be a genuine email from a senior member of staff.


200K WordPress Sites Exposed to Takeover Attacks by Plugin Bug

Permalink - Posted on 2020-01-30 17:00

A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu. According to the active installations count on its WordPress library entry, the open-source Code Snippets plugin is currently used by more than 200,000 websites.


County Computers Still Down 1 Week After Ransomware Attack

Permalink - Posted on 2020-01-30 17:00

One week after an Oregon county was hit by a cyberattack, the county computers remain unplugged while a cybersecurity firm tries to negotiate with criminals who deployed the ransomware, according to a county official.


White Hat Hackers Brought Down U.S.A.F. F-15

Permalink - Posted on 2020-01-30 17:00

A team of hackers in early August 2019 gained access to an F-15 fighter in an eye-opening U.S. military test. The successful hack underscores U.S. forces’ vulnerability to electronic intrusion.


Social Security Numbers Revealed on County Website

Permalink - Posted on 2020-01-30 17:00

The Allegheny County, Pa., Civil Courts public website has exposed documents related to federal tax liens filed between 1997 and 2010 that contain hundreds of unredacted social security numbers.


Number of Botnet Command & Control Servers Soared in 2019

Permalink - Posted on 2020-01-30 17:00

Servers worldwide that were used to control malware-infected systems jumped more than 71% compared to 2018, Spamhaus says.


30 Million Wawa Customers' Hacked Credit Card Info. Being Sold

Permalink - Posted on 2020-01-29 17:00

Convenience store giant Wawa Inc. said Tuesday it is responding to reports that hacked information from its customers’ credit cards may be being sold on the dark web.


65% of U.S. Organizations Experienced a Successful Phishing Attack in 2019

Permalink - Posted on 2020-01-29 17:00

The 2020 State of the Phish report from the cybersecurity firm Proofpoint shows 65% of U.S. organizations (55% globally) had to deal with at least one successful phishing attack in 2019.


Regis University Paid Ransom After Cyber Attack Last Fall

Permalink - Posted on 2020-01-29 17:00

The ransomware attack in August impacted 1,800 computers on campus and crippled the university's network. Regis University paid the ransom several days later.


Cyber Attacks Against Endpoints Rising, Reaching $9 Million per Attack in 2019

Permalink - Posted on 2020-01-29 17:00

Protecting your organization's network from security threats carries with it a variety of challenges. But one of the biggest challenges may be endpoint security, meaning the ability to protect your network from all the computers, mobile phones, tablets, and other devices that remotely connect to it. Since such devices come from outside your organization, they can be an access point for hackers and cybercriminals to launch attacks that could infect your network.


The Hunt for Security Flaws in Self-Driving Cars Steps Up a Gear

Permalink - Posted on 2020-01-29 17:00

In a recent survey published by British motoring association AA, an overwhelming 87% of UK drivers expressed their concern at the possibility of incidents happening that were not anticipated by software programmers when developing autonomous technology.


50% of People Would Exercise at Least One Right Under the CCPA

Permalink - Posted on 2020-01-29 17:00

As state houses and Congress rush to consider new consumer privacy legislation in 2020, ​Americans expect more control over their personal information online, and are concerned with how businesses use the data collected about them, a DataGrail research reveals.


A Payments Processor Spilled 6 Million Transaction Records Online

Permalink - Posted on 2020-01-29 17:00

A little-known payments processor, which bills itself as a Christian-friendly company that does “not process credit card transactions for morally objectionable businesses,” left online a database containing years’ worth of customer payment transactions.


Cyber Crimes in Florida Nearly Double, Cost $7K per Victim

Permalink - Posted on 2020-01-29 17:00

Research released earlier this month from Florida Atlantic University’s Center for Forensic Accounting showed the losses related to cybercrime jumped from $95 million in 2015 to $178 million in 2018, an 88 percent increase.


LabCorp Security Lapse Exposed Thousands of Medical Documents

Permalink - Posted on 2020-01-28 17:00

A security flaw in LabCorp’s website exposed thousands of medical documents, like test results containing sensitive health data.


'SuperCasino' Breached by Hackers and Customer Info. Leaked

Permalink - Posted on 2020-01-28 17:00

The online gambling platform is known as ‘SuperCasino’ has experienced a data breach that exposed sensitive information belonging to its customers. The incident came to light after several registered users received an email from SuperCasino which informed them about the leak. The organization claims that the people’s financial details such as credit cards, payment information, and any other documents that were uploaded in the context of the user identity authentication have not been accessed by the hackers. The same applies to the user passwords that have apparently remained uncompromised.


The Average Ransom Demand for a REvil Ransomware Infection Is a Whopping $260,000

Permalink - Posted on 2020-01-28 17:00

According to their findings, KPN says they were able to determine that REvil affiliates requested ransom demands totalling more than $38 million over the past few months, with an average of $260,000 per infected company.


C-Suite Unprepared for NotPetya and Other Extinction-Level Cyber Attacks

Permalink - Posted on 2020-01-28 17:00

Many executives either don't know what their company's cyber defense is, lack budget, or spend too much time analyzing rather than taking action.


Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners

Permalink - Posted on 2020-01-28 17:00

The Amazon-owned video doorbell uses third-party trackers to serve up rich data to marketers without meaningfully notifying users.


Staff Send 130+ Emails Per Week to Wrong Recipient

Permalink - Posted on 2020-01-28 17:00

Staff in large enterprises send 136 emails per week to the wrong person, according to new data from Tessian released to coincide with today’s Data Protection Day.


U.K.'s IoT Law Hopes to Drive Security-by-Design

Permalink - Posted on 2020-01-28 17:00

The UK government has unveiled a new consumer IoT law designed to prohibit the sale of smart products that fail to meet three strict security requirements.


Computer Science Researchers in Texas Expose Security Risks of Micromobility Vehicles

Permalink - Posted on 2020-01-28 17:00

Researchers at the Department of Computer Science of the University of Texas at San Antonio (UTSA) have recently exposed vulnerabilities in the micromobility ecosystem that may compromise the security, safety and privacy of users of battery-powered electric scooters.


British Court Freezes $860,000 in Bitcoin Linked to Ransomware Payout

Permalink - Posted on 2020-01-28 17:00

The victim of the ransomware attack had paid $950,000 in bitcoin to the perpetrator through an insurance company, according to a filing published last week by the England and Wales High Court (Commercial Court) and first reported by New Money Review. While some of the bitcoin was converted into fiat currency, the remainder appears to have been sent to an address on the Bitfinex platform.


Average Cost to Recover from Ransomware Skyrockets to Over $84,000

Permalink - Posted on 2020-01-27 18:00

It’s not just the result of cybercriminals demanding steeper ransoms, though that’s certainly one factor. Others include hardware replacement and repair costs, lost revenues, and, in some incidents, damage to the victim’s brand.


Major Canadian Military Contractor Compromised in Ransomware Attack

Permalink - Posted on 2020-01-27 17:00

General contractor Bird Construction, which is based in Toronto, was allegedly targeted by cyber-threat group MAZE in December 2019. MAZE claims to have stolen 60 GB of data from the company, which landed 48 contracts worth $406m with Canada's Department of National Defense between 2006 and 2015.


Beaumont Health Discovers 20-Month Insider Breach

Permalink - Posted on 2020-01-27 17:00

Beaumont Health, a not-for-profit 8-hospital health system based in Southfield, MI, has discovered a former employee has accessed the medical records patients without authorization and is understood to have shared protected health information with another individual.


German Privacy Watchdog Investigates Clothing Retailer H&M

Permalink - Posted on 2020-01-27 17:00

A German privacy watchdog says it has opened an investigation into clothing retailer H&M amid evidence that the Swedish retailer had committed “massive data protection breaches” by spying on its customer service representatives in Germany.


S. Carolina Tidelands Health Named in Class Action Lawsuit After December Ransomware Attack

Permalink - Posted on 2020-01-27 17:00

The impacts of the December 12 cyberattack on the Tidelands Health Hospital System are unclear, but what is clear is that patients feel they were victimized as a result of negligence. A class-action lawsuit was filed in federal court this week holding the hospital system liable for the attack and the treatment of patients thereafter.


Hackers Hijack Social Media Accounts for the NFL and 15 Teams

Permalink - Posted on 2020-01-27 17:00

OurMine crew hijacks social media accounts for the NFL, the 49ers, Cardinals, Bears, Bills, Broncos, Browns, Bucs, Cowboys, Colts, Chiefs, Eagles, Giants, Packers, Texans, and Vikings.


Patients Believe Stronger Privacy Protections Are More Important Than Easier Health Data Access

Permalink - Posted on 2020-01-27 17:00

Patients and consumers deserve better access to personalized, actionable health care information to empower them to make better, more informed decisions – but it should not drive up health care costs or compromise the privacy of their personal health data, according to a poll of patients and consumers from Morning Consult and America’s Health Insurance Plans (AHIP).


North Carolina Water Supplier Targeted in Cyber Attack

Permalink - Posted on 2020-01-27 17:00

A water supplier in Greenville, North Carolina has suffered a targeted cyber-attack that affected online payments for half a million a people. The outage is expected to last at least two more days as experts investigate the hack.


City of Potsdam Offline Following a Cyber Attack

Permalink - Posted on 2020-01-27 17:00

The German City of Potsdam has suffered a major cyberattack that took down its servers earlier this week, the good news is that emergency services, including the city’s fire department fully operational and payments were not affected.


AWS Engineer Spilled Passwords, Keys, Confidential Internal Training Info., Customer Messages on GitHub

Permalink - Posted on 2020-01-24 17:00

An Amazon Web Services engineer published exchanges with customers and "system credentials including passwords, AWS key pairs, and private keys" to a public GitHub repository by accident.


U.S. Military Faces Replacing Chips in Computers Because of Flaws

Permalink - Posted on 2020-01-24 17:00

Many computers used by the government contain a processor vulnerability that could enable hostile nations to steal key data sets and information.


Travelex Hackers Shut Down German Car Parts Company Gedia in Massive Cyber Attack

Permalink - Posted on 2020-01-24 17:00

The criminal group responsible for the cyber attack that has disrupted high-street banks and the foreign currency exchange chain Travelex for more than three weeks has launched what has been described as a “massive cyber attack” on a German automotive parts supplier.


Ransomware Payments Doubled and Downtime Grew in Q4

Permalink - Posted on 2020-01-24 17:00

The average ransomware payment more than doubled quarter-on-quarter in the final three months of 2019, while average downtime grew by several days, according to the latest figures from Coveware.


Nearly 200,000 Patients Impacted by PIH Health Phishing Attack

Permalink - Posted on 2020-01-24 17:00

PIH Health, a 2-hospital nonprofit healthcare network based in Whittier, CA, has started notifying nearly 200,000 patients about a potential breach of their personal and protected health information in June 2019.


Class-Action Lawsuit Filed Against Controversial Clearview AI Startup

Permalink - Posted on 2020-01-24 17:00

A lawsuit -- seeking class-action status -- was filed this week in Illinois against Clearview AI, a New York-based startup that has scraped social media networks for people's photos and created one of the biggest facial recognition databases in the world.


Privacy Worries Cited as Possible Reason for DNA Test Firm 23andMe's Sales Downturn

Permalink - Posted on 2020-01-24 17:00

23andMe is reducing staff numbers by roughly 100 people, or 14 percent of its overall workforce, with its CEO citing privacy concerns as a potential reason for declining sales.


Over Half of Organizations Were Successfully Phished in 2019

Permalink - Posted on 2020-01-23 18:00

An annual report into the virulence of phishing scams has found that more than half of organizations dealt with at least one successful phishing attack in 2019.


U.S. County Suffers Two Cyber Attacks in Three Weeks

Permalink - Posted on 2020-01-23 18:00

Albany County in the state of New York has been struck by two separate cyber-attacks in three weeks. A five-figure ransom in Bitcoin was paid by Albany County Airport Authority (ACAA) earlier this month after their servers became infected with ransomware on Christmas day.


Maze Ransomware Gang Publishes Research Data of Medical Diagnostic Laboratories

Permalink - Posted on 2020-01-23 18:00

The operators of Maze ransomware are following through on their threats to publish data stolen from the victims of ransomware attacks when the ransom is not paid.


Vulnerabilities Found in GE Healthcare Patient Monitoring Products

Permalink - Posted on 2020-01-23 18:00

Several potentially serious vulnerabilities have been found in patient monitoring products made by GE Healthcare, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and healthcare cybersecurity firm CyberMDX revealed on Thursday.


Detroit Officials Warn Data Breach Exposed City Workers, Residents

Permalink - Posted on 2020-01-23 18:00

The city's Chief Information Officer Beth Niblock said the breach happened Jan. 16 and fewer than 10 email accounts were affected. Some of the accounts contained sensitive information and the majority of the data was encrypted.


Email Security Industry Miss Rates When Encountering Threats Are Higher Than 20%

Permalink - Posted on 2020-01-23 18:00

Email security miss rates are definitely a huge issue. Malicious files regularly bypass all of today’s leading email security products, leaving enterprises vulnerable to email-based attacks including ransomware, phishing and data breaches, according to BitDam.


Ryuk Ransomware Hit Multiple Oil & Gas Facilities, ICS Security Expert Says

Permalink - Posted on 2020-01-23 18:00

More signs that the industrial control system (ICS) sector has become one of the latest favorite targets of ransomware attacks: The head of an operational technology (OT) cybersecurity services firm says at least five organizations in the oil and gas industry were recently hit by Ryuk.


Serious Vulnerabilities Expose Honeywell Surveillance Systems to Attacks

Permalink - Posted on 2020-01-23 18:00

Some of Honeywell’s MAXPRO video surveillance systems are affected by serious vulnerabilities that can be exploited by hackers to take complete control of the system, a researcher has discovered.


Euro Cup and Olympics Ticket Reseller Hit by MageCart

Permalink - Posted on 2020-01-23 18:00

Site belonging to a reseller of tickets for Euro Cup and the Tokyo Summer Olympics, two major sports events happening later this year, have been infected with JavaScript that steals payment card details.


Thousands of WordPress Sites Hacked to Fuel Scam Campaign

Permalink - Posted on 2020-01-23 18:00

Over 2,000 Wordpress sites have been hacked to fuel a campaign to redirect visitors to scam sites containing unwanted browser notification subscriptions, fake surveys, giveaways, and fake Adobe Flash downloads. This hacking campaign was discovered by website security firm Sucuri who detected attackers exploiting vulnerabilities in Wordpress plugins during the third week of January 2020.


Treasury Wants Better Information on Financial Entities' Cyber Security Practices

Permalink - Posted on 2020-01-23 18:00

A department official says expanded data collection powers would enable it to “advocate” for companies with other agencies.


Sodinokibi Ransomware Threatens to Publish Data of Automotive Group

Permalink - Posted on 2020-01-23 18:00

The attackers behind the Sodinokibi Ransomware are now threatening to publish data stolen from another victim after they failed to get in touch and pay the ransom to have the data decrypted.


New Study Finds Cost of Cyber Attacks Soaring in Florida

Permalink - Posted on 2020-01-22 18:00

As with many jurisdictions across the country, the financial toll of cybercrime in Florida has jumped from $95 million in 2015 to $178 million in 2018, according to a Florida Atlantic University analysis of FBI data.


Microsoft Exposes 250 Million Call Center Records in Privacy SNAFU

Permalink - Posted on 2020-01-22 18:00

Each contained a seemingly identical trove of Microsoft Customer Service and Support (CSS) records spanning a 14-year period. The records included phone conversations between service agents and customers dating back to 2005, all password-free and completely unprotected, according to Comparitech.


American Express, PayPal Customers Now Targeted by 16Shop

Permalink - Posted on 2020-01-22 18:00

The Indonesian cybercrime gang Cyber Army has expanded its phishing-as-a-service offering, dubbed 16Shop, enabling users to target PayPal and American Express customers.


Data Leak Strikes U.S. Cannabis Users, Sensitive Information Exposed

Permalink - Posted on 2020-01-22 18:00

A database backing point-of-sale systems used in medical and recreational marijuana dispensaries has been compromised.


Bill Tracker: Allowing Victims of Data Breaches to Sue Companies That Didn't Secure Information

Permalink - Posted on 2020-01-22 18:00

If the data breach stems from negligence or other fault by the company that owns your information, the Pennsylvania Attorney General’s Office can seek fines and restitution. But according to state Rep. Jared Solomon, D-Philadelphia, the victims of data breaches can’t sue on their own. House Bill 1010, introduced by Solomon, would change that. Under the bill, victims of data breaches could sue for $5,000 per violation or more if their actual losses were more than $5,000. The attorney general’s office can also seek civil penalties up to $10,000.


N.Y. Senator Carlucci Introduces Bill That Prohibits Paying Ransom

Permalink - Posted on 2020-01-22 18:00

New York Senator David Carlucci introduced Senate Bill S7289 that would ban the paying of ransom.


Surge in Ships Seeking Cyber Security Classification

Permalink - Posted on 2020-01-21 17:00

A leading offshore safety and verification body has reported a rapid rise in the number of ships seeking to gain a cybersecurity classification.


Hong Kong Looks to GDPR as It Strengthens Privacy Laws

Permalink - Posted on 2020-01-21 17:00

Hong Kong is set to follow the lead of European regulators in applying tougher penalties for data protection infractions, following a serious breach at airline Cathay Pacific in 2018.


Hackers Compromise Website of Children's Clothier

Permalink - Posted on 2020-01-21 17:00

Portland, Oregon-based children's clothing maker Hanna Andersson has quietly disclosed a breach to affected customers. Very few details of the breach have been made public.


U.K. Gov Database Leak Exposes 28 Million Children

Permalink - Posted on 2020-01-21 17:00

Known as the Learning Record Service, the database stores information on students in England, Wales and North Ireland choosing to take post-14 qualifications like GCSEs.


Oman's Largest Insurance Company Hit by Ransomware Attack

Permalink - Posted on 2020-01-20 18:00

Oman United Insurance Co SAOG, one among the largest insurers in the country has disclosed a “ransomware attack” on the company’s data centre early this month.


Phishing Attack Reported by Adventist Health Sonora

Permalink - Posted on 2020-01-20 18:00

Adventist Health Sonora in California has discovered an unauthorized individual has gained access to the email account of a hospital associate and potentially viewed patient information.


WeWork Rival Regus in Massive Employee Data Breach

Permalink - Posted on 2020-01-20 18:00

Detailed information about the job performance of more than 900 employees of Regus owner IWG was accidentally published online after the shared office business conducted a review of sales staff.


Mitsubishi Electric Data May Have Been Compromised in Cyber Attack

Permalink - Posted on 2020-01-20 18:00

Mitsubishi Electric Corp. said Monday it has been targeted in a massive cyberattack, and that information regarding government agencies and other business partners may have been compromised.


Hacker Leaks Passwords for More Than 500,000 Servers, Routers, and IoT Devices

Permalink - Posted on 2020-01-20 18:00

The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.


Fines for European Privacy Breaches Reach 114 Million Euros

Permalink - Posted on 2020-01-20 18:00

European regulators have imposed 114 million euros ($126 million) in fines for data breaches since tougher privacy rules came into force in mid-2018, with approaches varying widely from country to country.


70,000 Tinder Photos of Women Are Being Circulated in Cyber Crime Forum

Permalink - Posted on 2020-01-17 16:00

The images were discovered alongside a list of roughly 16,000 unique Tinder profile IDs by the New York City Cyber Sexual Assault Taskforce.


Mobile Banking Malware Up 50% in First Half of 2019

Permalink - Posted on 2020-01-17 16:00

A new report from Check Point recaps the cybercrime trends, statistics, and vulnerabilities that defined the security landscape in 2019.


Singapore Public Sector Called Out for Recurring IT Lapses

Permalink - Posted on 2020-01-17 16:00

Country's government agencies must resolve repeated lapses and plug weaknesses in IT controls, especially given the speed at which new IT systems are implemented, says government committee responsible for assessing how public funds are used.


Travelex Won't say If It Has Paid a Ransom to Its Attackers

Permalink - Posted on 2020-01-17 16:00

Travelex, the foreign currency exchange service whose services have been knocked offline since New Year’s eve by a cyber attack, is declining to say if it has paid a ransom to the criminals responsible.


ADP Users Hit with Phishing Scam Ahead of Tax Season

Permalink - Posted on 2020-01-17 16:00

Cybercriminals eager to jump-start tax season have launched a phishing campaign targeting some ADP users, telling them their W-2 forms are ready and prompting them to click a malicious link.


Town of Colonie Got Hacked; Looks to Avoid Paying Ransomware Demand of About $400,000

Permalink - Posted on 2020-01-17 16:00

The City of Albany was the subject of a similar attack in March, 2019, and was able to restore all computer systems without paying the hackers a ransom. It did, though, have to pay some $300,000 to rebuild its main system.


Oracle Scolds Customers for Ignoring Critical Patches

Permalink - Posted on 2020-01-17 16:00

Oracle has issued a strong rebuke to customers over their failure to update their systems regularly, following a number of reports showing exploits of vulnerabilities that should have already been patched.


Most-Clicked Phishing Email Subjects Include "Change of Password Required Immediately"

Permalink - Posted on 2020-01-16 17:00

But bad actors have become increasingly clever in phishing attempts. KnowBe4, which provides security awareness training, revealed the most clicked subject line in a fourth-quarter report.


NY Fed Reveals Implications of Cyber Attack on U.S. Financial System

Permalink - Posted on 2020-01-16 17:00

A cyberattack compromising the integrity of US financial systems could lead to an "unprecedented" reconciliation and recuperation process, bank analysts predict in new research published this week from the Federal Reserve Bank of New York.


U.K. Consultancies Leak Data on Thousands of Workers

Permalink - Posted on 2020-01-16 17:00

Thousands of UK business professionals have had their personal details exposed online via a leaky Amazon Web Services bucket, after researchers discovered files belonging to multiple consulting firms.


Online Pharmacy PlanetDrugsDirect Discloses Security Breach

Permalink - Posted on 2020-01-16 17:00

Canadian online pharmacy PlanetDrugsDirect is emailing customers, notifying them of a data security incident that might have impacted some of their sensitive personal and financial information.


Business Disruption Attacks Most Prevalent in Last 12 Months

Permalink - Posted on 2020-01-16 17:00

Business disruption was the main objective of attackers in the last year, with ransomware, DDoS and malware commonly used.


Bill for New Orleans Cyber Attack $7m and Rising

Permalink - Posted on 2020-01-16 17:00

A cyber-insurance policy taken out by New Orleans prior to the attack has allowed the Big Easy to recover $3m, but the popular vacation city will still be left cruelly out of pocket as a result of the incident. According to Cantrell, the cost is just something that the city will "have to eat."


Phishing Attack on SouthEast Eye Specialist Group Impacts 13,000 Patients

Permalink - Posted on 2020-01-16 17:00

It is unclear from the SEES Group’s substitute breach notice when the phishing attack occurred, but on November 1, 2019, SEES Group determined patient information was contained in email accounts that were accessed by unknown individuals.


Unprotected Medical Systems Expose Data on Millions of Patients

Permalink - Posted on 2020-01-16 17:00

Hundreds of Internet-accessible, unprotected medical imaging systems expose data on millions of patients worldwide, German security firm Greenbone reveals.


Ottawa Considering Compensation for Privacy Breach Victims

Permalink - Posted on 2020-01-16 17:00

Canadians who fall victim to privacy breaches could soon be eligible for some sort of compensation as the Liberal government works on introducing a new set of online rights.


Equifax Settles Class-Action Breach Lawsuit for $380.5M

Permalink - Posted on 2020-01-15 17:00

A Georgia court granted final approval for an Equifax settlement in a class-action lawsuit, after the credit-reporting agency was hit by its massive 2017 data breach.


PussyCash Adult Webcam Data Breach Exposes Highly Sensitive Data of Models

Permalink - Posted on 2020-01-15 17:00

Security researchers at VPN Mentor say that they uncovered a leaky Amazon S3 bucket, administered by the explicit webcam network, with 875,000 files accessible to anybody with an internet connection – no password required.


More Than 600 Million Users Installed Android "Fleeceware" Apps from the Play Store

Permalink - Posted on 2020-01-15 17:00

The term fleeceware is a recent addition to the cyber-security jargon. It was coined by UK cyber-security firm Sophos last September following an investigation that discovered a new type of financial fraud on the official Google Play Store. It refers to apps that abuse the ability for Android apps to run trial periods before a payment is charged to the user's account.


Vietnam Government Drafts Decree to Protect Personal Data

Permalink - Posted on 2020-01-15 17:00

The Ministry of Public Security is drafting a governmental decree on personal data protection in order to protect the legal rights and interests of individuals and organizations.


App Exposes Baby Photos, Videos

Permalink - Posted on 2020-01-15 17:00

The Peekaboo Moments database contains more than 70 million log files comprising more than 100 GB, with information appearing to date from March 2019, Ehrlich says. The logs record when someone uses the Peekaboo app and the specific action they took at a certain point in time, such as uploading data or content.


49 Million User Records from U.S. Data Broker LimeLeads Put Up for Sale Online

Permalink - Posted on 2020-01-15 17:00

LimeLeads turned out to be just the latest in a long line of companies that failed to set up a password for an internal server, which allowed anyone on the internet to access the company's crucial customer data.


Production Company Data Breach Exposes Personal Data of Dove 'Real People' Ad Participants

Permalink - Posted on 2020-01-15 17:00

A data breach at UK-based Fresh Film Productions, which makes adverts for high-profile companies including Unilever, has exposed sensitive personal data of participants in antiperspirant brand Dove’s ‘real people’ campaign.


P&N Bank Discloses Data Breach, Customer Account Information, Balances Exposed

Permalink - Posted on 2020-01-15 17:00

P&N Bank, a division of Police & Nurses Limited and operating in Western Australia, sent the notice which warned of an "information breach" occurring through its customer relationship management (CRM) platform.


Enloe Medical Center Continues to Experience EMR Downtime Due to Ransomware Attack

Permalink - Posted on 2020-01-15 17:00

Enloe Medical Center in Chico, CA, discovered the attack on January 2, 2020. Its entire network was encrypted, including its electronic medical record (EMR) system, which prevented staff from accessing patient information. Emergency protocols were immediately implemented to ensure care could still be provided to patients and only a limited number of elective medical procedures had to be rescheduled.


Texas School District Loses $2.3M to Phishing Attack

Permalink - Posted on 2020-01-13 20:00

The Manor Independent School District is investigating a phishing email scam that led to three separate fraudulent transactions.


Website Collecting Australian Fire Donations Hit by Magecart

Permalink - Posted on 2020-01-13 20:00

A website gathering donations for the victims of the wildfires in Australia has been hit by a credential-skimming attack, placing the payment information of donors at risk. The attack, identified as the work of Magecart, injected the ATMZOW skimmer into the charity's website code, grabbed payment information, and forwarded it to a third-party destination with an obfuscated web address.


New Data Leak Exposes Owners of 400,000 Anonymous Companies

Permalink - Posted on 2020-01-13 20:00

Millions of documents leaked from a corporate services firm with a posh London address are helping journalists unmask owners of secret offshore companies and the alleged criminal activities of some of those owners.


22GB Database Containing 56 Million U.S. Citizens Exposed Online

Permalink - Posted on 2020-01-10 17:00

A database containing the personal details of 56.25m US residents – from names and home addresses to phone numbers and ages – has been found on the public internet, served from a computer with a Chinese IP address, bizarrely enough.


Albany Airport Falls Victim to Cyber Attack

Permalink - Posted on 2020-01-10 17:00

LogicalNet, the authority’s Schenectady-based computer management provider, says its own network had been targeted and breached. A virus entered the airport’s system through LogicalNet’s maintenance server and then overcame the airport’s anti-virus protection.


Hundreds of Millions of Cable Modems Vulnerable to New Cable Haunt Vulnerability

Permalink - Posted on 2020-01-10 17:00

The vulnerability impacts a standard component of Broadcom chips called a spectrum analyzer. This is a hardware and software component that protects the cable modem from signal surges and disturbances coming via the coax cable. The component is often used by internet service providers (ISPs) in debugging connection quality.


Study Points to Lax Focus on Cyber Security

Permalink - Posted on 2020-01-10 17:00

Despite ranking at the top of respondents' concerns, organizations still show gaps in acting on cybersecurity, Society for Information Management (SIM) report finds.


Nearly 7 in 10 SMBs Interested in AI Are Unaware of Security Risks

Permalink - Posted on 2020-01-10 17:00

While it doesn’t come as a shock that 88% of the SMB leaders surveyed reported high levels of interest in adopting AI within their business, 7 in 10 of those interested leaders were not aware of potential cybersecurity risks that could accompany its use.


Patients of Hacked U.S. Surgical Company Hit with Ransom Demands

Permalink - Posted on 2020-01-10 17:00

Patients of a hacked facial surgery company in Florida are being individually threatened by cyber-criminals, who are demanding money in return for not releasing stolen personal information to the public.


Hackers Are Breaking Directly into Telecom Companies to Take Over Customer Phone Numbers

Permalink - Posted on 2020-01-10 17:00

SIM swappers have escalated from bribing employees to using remote desktop software to get direct access to internal T-Mobile, AT&T, and Sprint tools.


Dixons Carphone Fined £500,000 for Massive Data Breach

Permalink - Posted on 2020-01-09 18:00

Dixons Carphone has been hit with the maximum possible fine after the tills in its shops were compromised by a cyber-attack that affected at least 14 million people.


Travelex Customers Left in Cashless Limbo, ICO Not Formally Alerted to Data Theft Claims

Permalink - Posted on 2020-01-09 18:00

Since a ransomware attack on New Year's Eve, the currency provider's online services have remained offline, third-party companies that leverage the Travelex system have been rendered useless, the cybercriminals responsible have demanded a ransom and issued a deadline, customer fury has spiked, and now, the UK's Information Commissioner's Office (ICO) is waiting to become involved.


Nepal Deports 122 Chinese Nationals After Cyber Raid

Permalink - Posted on 2020-01-09 18:00

Acting on a tip-off from Chinese authorities, more than 700 mobile phones, 331 laptops and nearly 100 desktop computers were seized along with pen drives and SIM cards.


Avid Technology Reports a Breach That They Discovered in 2018

Permalink - Posted on 2020-01-09 18:00

Notice to some individuals was made more than 7 months after discovery of a problem, but others did not get notified for more than one year.


Developers Still Don't Properly Handle Sensitive Data

Permalink - Posted on 2020-01-09 18:00

The top classes of vulnerabilities for 2019 indicate that developers still don't correctly sanitize inputs, nor protect passwords and keys as they should.


New Year Honours Data Breach Lasted Three Times Longer Than First Admitted

Permalink - Posted on 2020-01-09 18:00

The home addresses of more than a thousand New Year honours recipients were available online for three times longer than the Government originally stated.


College Athlete Recruiting Software Exposed Students' Medical Info., Grades

Permalink - Posted on 2020-01-08 17:00

The exposed information from company Front Rush included physical evaluations, post-injury reports, and performance reviews from specific teams for particular players.


Healthcare Data Breaches Predicted to Cost Industry $4 Billion in 2020

Permalink - Posted on 2020-01-08 17:00

Healthcare industry data breaches are occurring more frequently than ever before. The healthcare data breach figures for 2019 have yet to be finalized, but so far 494 data breaches of more than 500 records have been reported to the HHS’ Office for Civil Rights and more than 41.11 million records were exposed, stolen, or impermissibly disclosed in 2019. That makes 2019 the worst ever year for healthcare data breaches and the second worst in terms of the number of breached healthcare records.


U.S. Biz Closes Doors After Ransomware Attack

Permalink - Posted on 2020-01-07 17:00

A US fundraising firm has been forced to close its doors after more than 60 years in business following a crippling ransomware attack in October.


Hackers Access Sask. eHealth System, Demand Ransom

Permalink - Posted on 2020-01-07 17:00

Hackers made it through the first level of security for Saskatchewan’s eHealth records system this weekend, locking the government out of some systems.


Facial Recognition Hardware to Reach Over 800 Million Devices by 2024

Permalink - Posted on 2020-01-07 17:00

A new report from Juniper Research found that facial recognition hardware, such as Face ID on recent iPhones, will be the fastest growing form of smartphone biometric hardware. This means it will reach over 800 million in 2024, compared to an estimated 96 million in 2019.


'Maze' Ransomware Threatens Data Exposure Unless $6m Ransom Paid

Permalink - Posted on 2020-01-07 17:00

That ransomware attackers can steal as well as encrypt data isn’t a new phenomenon but the possibility that sensitive data might be revealed to the world is potentially more damaging than any short-term disruption caused by the malware.


Ring Customers Sue Amazon in Proposed Class Action Lawsuit

Permalink - Posted on 2020-01-07 17:00

The plaintiffs accuse Ring of negligence, breach of implied contract, and other violations. They claim Ring failed to implement basic security features like two-factor authentication and notifying users of suspicious log-in attempts.


Alabama Community College Postpones Classes Over Cyber Attack

Permalink - Posted on 2020-01-06 17:00

Wallace State Community College says student and employee data weren't breached in the attack on its online services. News outlets report that a school statement says student email and Blackboard have been affected.


Travelex Site Still Down After New Year's Eve Attack

Permalink - Posted on 2020-01-06 17:00

London-headquartered Travelex, which describes itself as “the world's leading foreign exchange specialist,” operates online around the world and in airports, as well as supporting travel money services for several high street lenders in the UK.


Colorado Town Wires Over $1 Million to BEC Scammers

Permalink - Posted on 2020-01-06 17:00

Colorado Town of Erie lost more than $1 million to a business email compromise scam (BEC) that ended with the town's employees sending the funds to a bank account controlled by scammers.


California IT Service Provider Synoptek Pays Ransom After Sodinokibi Attack

Permalink - Posted on 2020-01-06 17:00

Synoptek has more than 1,100 customers across multiple industries, including local governments, financial services, healthcare, manufacturing, media, retail and software.


Critics Hit Out at Cisco After Security Researcher Finds 120+ Vulnerabilities in a Single Product

Permalink - Posted on 2020-01-06 17:00

A trio of critical vulnerabilities in Cisco Data Center Network Manager (DCNM) product could let hackers remotely bypass authentication and waltz into enterprises’ data centre systems, owing to rudimental security errors including hard coded credentials.


Lawsuit Filed Against LifeLabs Over Data Breach

Permalink - Posted on 2020-01-06 17:00

A class-action lawsuit has been filed against a Canadian laboratory testing company following a cyber-attack in which the data of 15 million of its customers was accessed by criminals.


Automotive Cyber Security Incidents Doubled in 2019, Up 605% Since 2016

Permalink - Posted on 2020-01-06 17:00

Upstream Security’s 2020 Automotive Cybersecurity Report shares in-depth insights and statistics gleaned from analyzing 367 publicly reported automotive cyber incidents spanning the past decade, highlighting vulnerabilities and insights identified during 2019.


FTC Finalizes Settlement with Utah Company Failed to Safeguard Consumer Data

Permalink - Posted on 2020-01-06 17:00

The Federal Trade Commission has granted final approval to a settlement with a Utah-based technology company related to allegations that the firm failed to put in place reasonable security safeguards, allowing a hacker to access the personal information of more than a million consumers.


Japanese Love Hotel Site Breached

Permalink - Posted on 2020-01-06 17:00

A booking site for customers of Japanese “love hotels” has been hacked, raising fears over follow-on identity fraud and blackmail attempts.


Information Commissioner's Office Takes Enforcement Action Against Pharmacy

Permalink - Posted on 2019-12-20 17:00

The Information Commissioner’s Office (ICO) has fined a London-based pharmacy £275,000 for failing to ensure the security of special category data.


Henry County Spends $650K to Restore Its Computer Network Affected in a Data Breach

Permalink - Posted on 2019-12-20 17:00

Henry County, Georgia, was forced to pull out typewriters and switch to paper forms after it’s computer network was affected in a ransomware attack that occurred in July 2019. This tireless manual process appeared to have extended for the next couple of weeks until the affected systems were restored.


Fashion Rental Company HURR Collective Exposed User Information Through Misconfigured Plugin

Permalink - Posted on 2019-12-20 17:00

HURR Collective, a UK-based fashion rental company, has notified around 400 users of a data security incident that resulted in their email addresses being exposed.


Over 267 million Facebook Users Reportedly Had Data Exposed Online

Permalink - Posted on 2019-12-20 17:00

More than 267 million Facebook users allegedly had their user IDs, phone numbers and names exposed online, according to a report from Comparitech and security researcher Bob Diachenko. That info was found in a database that could be accessed without a password or any other authentication, and the researchers believe it was gathered as part of an illegal scraping operation or Facebook API abuse.


Wawa Warns of "Data Security Incident" Involving Credit and Debit Cards

Permalink - Posted on 2019-12-20 17:00

Wawa customers who paid with credit or debit cards in the last nine months may have had their card information compromised, the convenience store chain announced Thursday.


New Orleans to Boost Cyber Insurance to $10M Post-Ransomware

Permalink - Posted on 2019-12-20 17:00

Mayor LaToya Cantrell anticipates the recent cyberattack to exceed its current $3 million cyber insurance policy.


100% Rise in Number of U.K. Businesses Paying Hacking Ransoms

Permalink - Posted on 2019-12-20 17:00

New research into the attitudes and beliefs of cybersecurity professionals has identified a sharp rise in the number of businesses paying up when stung by a ransomware attack.


Frankfurt Shuts Down IT Network Following Emotet Infection

Permalink - Posted on 2019-12-19 18:00

Frankfurt, one of the largest financial hubs in the world and the home of the European Central Bank, has shut down its IT network this week following an infection with the Emotet malware. Frankfurt is the fourth German entity that shut down its IT network in the past two weeks because of Emotet.


Manitoba Insurance Company Struck by Ransomware Attack

Permalink - Posted on 2019-12-19 18:00

A Manitoba-based insurance and financial brokerage that has clients across the Prairies has been hit by a ransomware attack that it hadn't publicly disclosed.


A Data Leak Exposed the Personal Information of Over 3,000 Ring Users

Permalink - Posted on 2019-12-19 18:00

The log-in credentials for 3,672 Ring camera owners were compromised this week, exposing log-in emails, passwords, time zones, and the names people give to specific Ring cameras, which are often the same as camera locations, such as “bedroom” or “front door.”


Cyber Security a Growing Concern for America's Corporate Lawyers

Permalink - Posted on 2019-12-19 18:00

New research into litigation trends has identified cybersecurity as a major new source of legal disputes in the United States. The 2019 Litigation Trends Annual Survey conducted by global law firm Norton Rose Fulbright questioned corporate counsel about dispute-related issues and concerns.


Twelve Million Phones, One Dataset, Zero Privacy

Permalink - Posted on 2019-12-19 18:00

The companies that collect all this information on your movements justify their business on the basis of three claims: People consent to be tracked, the data is anonymous and the data is secure. None of those claims hold up, based on the file we’ve obtained and our review of company practices.