What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-09 10:35:58 | There\'s A RAT In mi Note, What Am I Gonna Do? (lien direct) | Cybercriminals use Microsoft OneNote attachments in phishing emails to spread malware and password stealers. Phishing campaigns are one of the most typical ways criminals obtain private or sensitive information. According to Verizon Data Breach Investigations Report, 94% of the malware is delivered by email. Malicious Word and Excel attachments for phishing have been prevalent for […] | Data Breach Malware | ★★★ | |
 |
2023-03-09 10:15:00 | House Members at Risk After Insurer Data Breach (lien direct) | Threat actor claims to have info on 170,000 victims | Data Breach Threat | ★★★ | |
 |
2023-03-08 17:48:41 | FBI investigates data breach impacting U.S. House members and staff (lien direct) | The FBI is investigating a data breach affecting U.S. House of Representatives members and staff after their account and personal information was stolen from DC Health Link's servers. [...] | Data Breach | ★★ | |
 |
2023-03-08 11:00:00 | Securing Your Supply Chain Through Cyber Risk Management (lien direct) | >Supply chain risk is now recognized as a top challenge, with more than half of security breaches attributed to supply chain and third-party suppliers. This can be a costly vulnerability. The global average data breach cost was $4.35 million last year, according to IBM’s Cost of a Data Breach 2022 report. These risks stem from […] | Data Breach | ★★ | |
|
2023-03-07 15:07:35 | Acer\'s Sensitive Data Allegedly For Sale On A Hacker Forum (lien direct) | Taiwan-based computer hardware and electronics company Acer is facing another potential data breach as a threat actor claimed to have posted the company’s sensitive data for sale on a popular hacking forum. According to reports, the data allegedly contains confidential product model documentation, binaries, backend infrastructure, and other sensitive data, which the attacker claims was […] | Data Breach Threat | ★ | |
 |
2023-03-07 11:51:00 | LastPass Hack: Engineer\'s Failure to Update Plex Software Led to Massive Data Breach (lien direct) | The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged information stolen from an earlier incident that took place prior to August 12, 2022, along with | Data Breach | LastPass LastPass | ★★ |
|
2023-03-07 10:38:43 | Acer confirms breach after 160GB of data for sale on hacking forum (lien direct) | Taiwanese computer giant Acer confirmed that it suffered a data breach after threat actors hacked a server hosting private documents used by repair technicians. [...] | Data Breach Threat | ★★★★ | |
|
2023-03-02 14:35:13 | Trezor Wallet Alerts Of Major Crypto Phishing Campaign (lien direct) | Trezor wallet is involved in an ongoing phishing attack that attempts to steal a target’s cryptocurrency wallet and assets by impersonating Trezor data breach alerts. Trezor is a cryptocurrency wallet that allows users to keep their cryptocurrency offline as opposed to in cloud-based or device-based wallets. This is because a hardware wallet like a Trezor […] | Data Breach | ★★★ | |
|
2023-03-02 14:33:21 | Hatch Bank discloses data breach after GoAnywhere MFT hack (lien direct) | Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company's Fortra GoAnywhere MFT secure file-sharing platform. [...] | Data Breach Hack | ★★ | |
|
2023-03-02 09:59:05 | British retail chain WH Smith says data stolen in cyberattack (lien direct) | British retailer WH Smith has suffered a data breach that exposed information belonging to current and former employees. [...] | Data Breach | ★★★ | |
|
2023-03-01 18:14:47 | Trezor warns of massive crypto wallet phishing campaign (lien direct) | An ongoing phishing campaign is pretending to be Trezor data breach notifications attempting to steal a target's cryptocurrency wallet and its assets. [...] | Data Breach | ★★★ | |
 |
2023-02-28 20:55:00 | Cyber Security Risks of Remote Employee Offboarding (lien direct) |
Remote work options are popular trends that provide flexibility for the employee and potentially a less expensive option for the employer. However, remote work devices can pose a real threat to your organization, especially after recent layoffs or organizational restructuring. We'll explore the potential vulnerabilities caused by unprotected devices as well as data breach prevention techniques to keep your organization's private data secure. |
Data Breach Threat | ★★ | |
|
2023-02-28 11:46:00 | LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (lien direct) | LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home computer breached and infected with a keylogger as part of a sustained cyber attack that exfiltrated | Data Breach Threat | LastPass | ★ |
 |
2023-02-28 06:59:07 | US Marshals Service leaks \'law enforcement sensitive information\' in ransomware incident (lien direct) | It's not just another data breach when the victim oversees witness protection programs The US Marshals Service, the enforcement branch of the nation's federal courts, has admitted to a “major” breach of its information security defenses allowed a ransomware infection and exfiltration of “law-enforcement sensitive information”.… | Ransomware Data Breach | ★ | |
 |
2023-02-27 17:21:30 | Émission Tv perturbée aprés un piratage informatique (lien direct) | Les émissions de Virgin Media Télévision ont été temporairement suspendues en Irlande après la découverte d'une tentative d'accès illégal aux systèmes.... | Data Breach | ★★ | |
 |
2023-02-27 16:07:21 | 27th February – Threat Intelligence Report (lien direct) | >For the latest discoveries in cyber research for the week of 27th February, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES Stanford University experienced a data breach in which files containing Economics Ph.D. program admission information were leaked. Personal and health information of 897 applicants might have been exposed. Dish Network, a major American TV and satellite broadcast provider, had been experiencing an unexplained outage with its websites and apps. Shortly after, the company's employees detected suspicious activity on their desktops and reported it as a cyberattack. Canadian telecom TELUS is investigating a potential data breach after a threat […] | Data Breach Threat | ★★ | |
 |
2023-02-27 10:42:19 | Media Giant News Corp Discloses New Details of Data Breach (lien direct) | >News Corp says a threat group, previously linked to the Chinese government, had access to its systems for two years before the breach was discovered. | Data Breach Threat | ★★ | |
 |
2023-02-25 00:42:12 | DNA Diagnostics Center to pay $400,000 fine for 2021 data breach (lien direct) |  One of the largest commercial DNA testing companies in the world agreed to pay a $400,000 fine to Ohio and Pennsylvania after a 2021 data breach compromised the information of more than 2 million people. The announcement from DNA Diagnostics Center (DDC) comes after a lawsuit filed by the two states’ attorneys general accused the [… |
Data Breach | ★★★ | |
|
2023-02-24 11:27:59 | Stanford University discloses data breach affecting PhD applicants (lien direct) | Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023. [...] | Data Breach | ★★ | |
|
2023-02-23 21:54:58 | TELUS investigating leak of stolen source code, employee data (lien direct) | Canada's second-largest telecom, TELUS is investigating a potential data breach after a threat actor shared samples online of what appears to be employee data. The threat actor subsequently shared screenshots apparently showing private source code repositories and payroll records held by the company. [...] | Data Breach Threat | ★★ | |
|
2023-02-21 22:29:24 | Activision Admits Data Breach Exposing Employee And Game Info (lien direct) | Activision has confirmed that it had a data breach at the beginning of December 2022. Hackers got into the company’s internal systems by sending an SMS phishing text to a worker and getting them to click on a link. The video game company says the incident hasn’t exposed player information or game source code. “On […] | Data Breach | ★★ | |
|
2023-02-21 14:14:40 | Activision confirms data breach exposing employee and game info (lien direct) | Activision has confirmed that it suffered a data breach in December 2022 after one of its employees fell victim to an SMS phishing attack, giving hackers access to its internal systems. [...] | Data Breach | ★★★ | |
 |
2023-02-21 14:00:00 | CyberheistNews Vol 13 #08 [Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach (lien direct) |
CyberheistNews Vol 13 #08 | February 21st, 2023
[Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach
There is a lot to learn from Reddit's recent data breach, which was the result of an employee falling for a "sophisticated and highly-targeted" spear phishing attack.
I spend a lot of time talking about phishing attacks and the specifics that closely surround that pivotal action taken by the user once they are duped into believing the phishing email was legitimate.
However, there are additional details about the attack we can analyze to see what kind of access the attacker was able to garner from this attack. But first, here are the basics:
According to Reddit, an attacker set up a website that impersonated the company's intranet gateway, then sent targeted phishing emails to Reddit employees. The site was designed to steal credentials and two-factor authentication tokens.
There are only a few details from the breach, but the notification does mention that the threat actor was able to access "some internal docs, code, as well as some internal dashboards and business systems."
Since the notice does imply that only a single employee fell victim, we have to make a few assumptions about this attack:
The attacker had some knowledge of Reddit's internal workings – The fact that the attacker can spoof an intranet gateway shows they had some familiarity with the gateway's look and feel, and its use by Reddit employees.
The targeting of victims was limited to users with specific desired access – Given the knowledge about the intranet, it's reasonable to believe that the attacker(s) targeted users with specific roles within Reddit. From the use of the term "code," I'm going to assume the target was developers or someone on the product side of Reddit.
The attacker may have been an initial access broker – Despite the access gained that Reddit is making out to be not a big deal, they do also mention that no production systems were accessed. This makes me believe that this attack may have been focused on gaining a foothold within Reddit versus penetrating more sensitive systems and data.
There are also a few takeaways from this attack that you can learn from:
2FA is an important security measure – Despite the fact that the threat actor collected and (I'm guessing) passed the credentials and 2FA details onto the legitimate Intranet gateway-a classic man-in-the |
Data Breach Hack Threat Guideline | ChatGPT | ★★ |
|
2023-02-20 18:09:25 | RailYatri: 31 Million Users Affected On Indian Ticketing Platform (lien direct) | Although the RailYatri attack occurred in December 2022, the stolen data was only recently made public on a well-known hacker forum. In addition to exposing personal information, the RailYatri hack revealed the locations of millions of travelers throughout India. A significant data breach at the well-known Indian railway ticketing website RailYatri exposed the private data […] | Data Breach Hack | ★★ | |
 |
2023-02-16 00:00:00 | Lower Data Breach Insurance Costs with These Tips (lien direct) | The changing attack landscape has resulted in the hardening of the data breach insurance market. Gain insight into how implementing security controls can reduce the mean time to detect and control the costliness of an attack. | Data Breach | ★★★ | |
|
2023-02-15 13:18:20 | Reddit is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach (lien direct) |
|
Data Breach | ★★ | |
 |
2023-02-15 12:00:00 | What to Look for When Buying a Security Camera (2023): Tips and Risks (lien direct) | Eufy's recent scandal shows it's not so much about the data breach but about how a company responds. Here are a few ways to shop smart. | Data Breach | ★★ | |
|
2023-02-14 21:14:01 | Q&A: What healthcare providers should do after a data breach (lien direct) | Eufy's recent scandal shows it's not so much about the data breach but about how a company responds. Here are a few ways to shop smart. | Data Breach | ★★ | |
|
2023-02-14 18:48:40 | Louisiana HBCU says personal data from 44,000 students accessed in November cyberattack (lien direct) |  The only Catholic historically Black college or university (HBCU) reported a data breach this week involving Social Security numbers and other personal information from more than 44,000 students and vendors. In filings with the office of Maine's attorney general, Xavier University of Louisiana said it suffered a cyberattack on November 22. “Xavier engaged cybersecurity experts [… |
Data Breach | ★★★ | |
|
2023-02-14 13:15:55 | Pepsi Bottling Ventures Discloses Data Breach (lien direct) | >Pepsi Bottling Ventures, the largest privately-held bottler of Pepsi-Cola products in the United States, says data was stolen from its systems following a malware attack. | Data Breach Malware | ★ | |
|
2023-02-14 11:26:54 | Healthcare giant CHS reports first data breach in GoAnywhere hacks (lien direct) | Community Health Systems (CHS) says it was impacted by a recent wave of attacks targeting a zero-day vulnerability in Fortra's GoAnywhere MFT secure file transfer platform. [...] | Data Breach Vulnerability | ★★ | |
 |
2023-02-14 04:04:00 | Pepsi Bottling Ventures suffers data breach (lien direct) | Pepsi Bottling Ventures, the largest bottlers of Pepsi beverages in the US, has reported a data breach affecting the personal information of several employees.The company filed a notice of the data breach with the Attorney General of Montana on February 10 after discovering that a threat actor had accessed confidential information of certain current and former employees. “As a precautionary measure, we are writing to make you aware of an incident that may affect the security of some of your personal information,” the company wrote in its incident report. It said that as of now it is not aware of any kind of identity theft or fraud involving the leaked personal data. To read this article in full, please click here | Data Breach Threat | ★ | |
 |
2023-02-13 11:48:55 | BlackCat Leaks Data Belonging to Irish University (lien direct) | >Our CEO Brian Honan was interviewed by Data Breach Today at Information Security Media Group (ISMG) on what the High Court's injunction prohibiting ransomware attackers from leaking data will mean for Munster Technological University, following their ransomware attack. Read More > | Ransomware Data Breach | ★ | |
|
2023-02-13 05:33:19 | Pepsi Bottling Ventures suffers data breach after malware attack (lien direct) | Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing malware and the extraction of data from its IT systems. [...] | Data Breach Malware | ★★ | |
|
2023-02-10 19:45:08 | December ransomware attack leads to massive data breach from California health network (lien direct) |  Facilities within California's Heritage Provider Network reported a data breach related to a ransomware attack in December |
Ransomware Data Breach Guideline | Heritage Heritage | ★★★ |
|
2023-02-10 15:30:15 | A10 Networks confirms data breach after Play ransomware attack (lien direct) | The California-based networking hardware manufacturer 'A10 Networks' has confirmed to BleepingComputer that the Play ransomware gang briefly gained access to its IT infrastructure and compromised data. [...] | Ransomware Data Breach | ★★ | |
|
2023-02-10 12:36:22 | California medical group data breach impacts 3.3 million patients (lien direct) | Multiple medical groups in the Heritage Provider Network in California have suffered a ransomware attack, exposing sensitive patient information to cybercriminals. [...] | Ransomware Data Breach Medical | Heritage Heritage | ★★★ |
 |
2023-02-10 07:30:00 | Social media platform Reddit breached in phishing attack (lien direct) | Multiple medical groups in the Heritage Provider Network in California have suffered a ransomware attack, exposing sensitive patient information to cybercriminals. [...] | Data Breach | ★★★ | |
|
2023-02-09 10:10:48 | Weee! Acknowledges Data Leak,1.1 million People Impacted (lien direct) | A data breach at the Weee! Asian and Hispanic meal delivery business exposed the private data of 1.1 million clients. Weee! bills itself as the most prominent Asian and Hispanic supermarket in North America, shipping groceries to all 48 states via its network of warehouses. On Monday, a threat actor named “IntelBroker” started leaking information […] | Data Breach Threat | ★★★ | |
|
2023-02-08 20:30:00 | Sydney Man Sentenced for Blackmailing Optus Customers After Data Breach (lien direct) | A Sydney man has been sentenced to an 18-month Community Correction Order (CCO) and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers. The unnamed individual, 19 when arrested in October 2022 and now 20, used the leaked records stolen from the security lapse to orchestrate an SMS-based extortion scheme. The suspect | Data Breach | ★★ | |
|
2023-02-08 16:21:24 | Weee! grocery service confirms data breach, 1.1 million affected (lien direct) | The Weee! Asian and Hispanic food delivery service suffered a data breach exposing the personal information of 1.1 million customers. [...] | Data Breach | ★★★ | |
|
2023-02-08 08:30:00 | Patient Information Compromised in Data Breach at San Diego Healthcare Provider (lien direct) | San Diego healthcare services provider Sharp says patient information was compromised in January data breach. | Data Breach | ★★ | |
 |
2023-02-07 11:00:00 | How to protect your car dealership from cyber-attacks (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Recent trends show that car dealerships are becoming a prime target for cyber-attacks, partly due to the rise in autonomous and connected vehicles. This is in addition to more traditional attacks such as phishing. Therefore, car dealerships are urged to take measures to improve their cybersecurity posture. Throughout this article, we will focus on how to protect your car dealership from cyber-attacks, from technological solutions to raising staff awareness, and more. Why are car dealerships being targeted by cybercriminals? Car dealerships collect a significant amount of data which is often stored on-site. This data includes things like names, addresses, email addresses, phone numbers, and perhaps more importantly, financial information such as bank details and social security numbers. Gaining access to this database can be very lucrative for criminals. A cybercriminal’s life is also made much easier if a car dealership uses outdated IT infrastructure and lacks sufficient processes in terms of protecting employee login details. How are car dealerships vulnerable to cyber-attacks? Before we discuss how to protect your car dealership from a cyber-attack, it is important to know what makes a car dealership vulnerable, and what sort of attacks it could be subjected to. Open Wi-Fi networks - Many car dealerships have open Wi-Fi networks for their customers to use freely. However, this provides an opportunity for hackers who can potentially access other areas of the network that store sensitive data. Malware - Malware is possibly the most likely form of cyber-attack, targeting individuals within your organization with malicious email attachments that execute software onto the victim’s device. This software can then grant the attacker remote access to the system. Phishing - Phishing emails are much more sophisticated than they used to be, appearing much more legitimate, and targeting individuals within the company. If an email seems suspicious or is from an unknown contact, then it is advised to avoid clicking any links. User error - Unfortunately, anyone working for the car dealership, even the owner, could pose a risk to security. Perhaps using lazy passwords, or not storing log-in details in a safe place. This is why cyber security training is now becoming mandatory at most businesses. The consequences of cyber-attacks on car dealerships If a small-to-medium-sized car dealership is the victim of a cyber-attack, then it can have a much bigger impact than just a short-term financial loss. Many smaller businesses that suffer a data breach are said to go out of business within six months of such an event, losing the trust of their customer base, and failing to recover from the financial impact. Research suggests that most consumers would not purchase a car from a dealership that has had a security breach in the past. Failing to prevent a cyber-attack and a criminal from gaining access to customer information is extremely detrimental to a business’s public image. How to protect your car dealership from cyber-attacks Regardl | Data Breach Malware Vulnerability | ★★ | |
|
2023-02-06 12:46:10 | 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder (lien direct) | Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users. | Data Breach | ★★ | |
|
2023-02-06 11:00:00 | The ethics of biometric data use in security (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In a world where you can scan the veins in your hand to unlock a smartphone, how do you maintain control over personal data? Biometric authentication, the use of distinctive human features like iris patterns, fingerprints and even gait in lieu of a password, is gaining ground in the tech world. Proponents tout its inherent, hard-to-replicate qualities as a security benefit, while detractors see the same features as an invasion of privacy. Both sides may be right. The problems with biometrics Unlike a password, you can’t forget your face at home. But also, unlike a password, you can’t reset your face — meaning you’re out of luck if someone steals a photo of it. In 2016, a biometrics researcher helped investigators hack into a murder victim’s phone with only a photo of the man’s fingerprint. While security systems are getting more advanced all the time, current technology also allows cybercriminals to run wild with a single piece of biometric data, accessing everything from laptop logins to bank accounts. By its very nature, biometric authentication requires third parties to store biometric data. What happens if the information is exposed? In addition to potential hacking, breaching people’s personal data might reveal something they’d rather keep private. Vein patterns could reveal that a person has a vascular disorder, raising their insurance premiums. Fingerprints could expose a chromosomal disease. True, people give this same information to their doctors, and a medical data breach could have the same repercussions. But handing off biometric data to a commercial company — which isn’t bound by HIPAA or sworn to do no harm — is a much grayer area. Another issue that occasionally plagues biometric authentication is injuries and natural bodily changes. A single paper cut can derail a fingerprint scanner, and an aging eye throws iris scanners for a loop. People will have to update their photos every few years to remind the system what they look like. Some facial recognition programs can even predict how long a person will live. Insurance companies have expressed interest in getting hold of this data, since the way a person ages says a lot about their health. If stolen biometric data fed into an algorithm predicts a person won’t make it past 50, will their employer pass them up for a promotion? In the event of an accident, your family won’t easily be able to access your accounts if you use biometric authentication, since it’s not as simple as writing down a list of passwords. Maybe that’s a good thing — but maybe not. Another ethical dilemma with biometric data use is identifying people without their consent. Most people are used to being on camera at the grocery store, but if that same camera snaps a photo without permission and stores it for later retrieval, they probably won’t be too happy. Some people point out that you have no right to privacy in a public space, and that’s true — to an extent. But where do you draw the line between publicity and paparazzi? Is it OK to snap a stranger’s photo while you’re talking to them, or is that considered rude and intrusive? The benefits of biometric data Of course, no one would be handing off a photo of their face if the | Data Breach Hack Prediction Medical | ★★ | |
|
2023-02-03 18:24:05 | TruthFinder, Instant Checkmate confirm data breach affecting 20M customers (lien direct) | PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirmed they suffered a data breach after hackers leaked a 2019 backup database containing the info of millions of customers. [...] | Data Breach | ★★★ | |
|
2023-02-03 16:53:57 | Microsoft accuses Iran\'s government of cyber operation against Charlie Hebdo (lien direct) |  Microsoft says the data breach of Charlie Hebdo was retaliation for the satire publication's call for drawings of Iran's leader, Ali Khamenei. |
Data Breach Guideline | ★ | |
|
2023-02-02 15:24:42 | Data breach at Vice Media involved SSNs, financial info (lien direct) |  A data breach involving Vice Media leaked the sensitive information and financial data of more than 1,700 people, according to filings with Maine's Attorney General. In two separate filings on January 26 and 31, Vice Media said it was alerted in March 2022 that there was a cyberattack on its network. The media company hired [… |
Data Breach | ★★ | |
|
2023-02-02 11:39:52 | Ransomware Gang Stole Customer Data, Arnold Clark Confirms (lien direct) | >Our CEO Brian Honan speaks to Data Breach Today at Information Security Media Group (ISMG) about the Arnold Clark Ransomware attack. Read More > | Ransomware Data Breach | ★ | |
 |
2023-02-01 20:47:33 | 19 Tips for Data Breach Victims in 2023 (lien direct) | >
If your personal information was exposed in a data breach, here are 19 action items to take. Download Now
|
Data Breach | ★★★ |
To see everything:
Our RSS (filtrered)
