What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-23 21:54:58 | TELUS investigating leak of stolen source code, employee data (lien direct) | Canada's second-largest telecom, TELUS is investigating a potential data breach after a threat actor shared samples online of what appears to be employee data. The threat actor subsequently shared screenshots apparently showing private source code repositories and payroll records held by the company. [...] | Data Breach Threat | ★★ | |
 |
2023-02-21 22:29:24 | Activision Admits Data Breach Exposing Employee And Game Info (lien direct) | Activision has confirmed that it had a data breach at the beginning of December 2022. Hackers got into the company’s internal systems by sending an SMS phishing text to a worker and getting them to click on a link. The video game company says the incident hasn’t exposed player information or game source code. “On […] | Data Breach | ★★ | |
|
2023-02-21 14:14:40 | Activision confirms data breach exposing employee and game info (lien direct) | Activision has confirmed that it suffered a data breach in December 2022 after one of its employees fell victim to an SMS phishing attack, giving hackers access to its internal systems. [...] | Data Breach | ★★★ | |
 |
2023-02-21 14:00:00 | CyberheistNews Vol 13 #08 [Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach (lien direct) |
CyberheistNews Vol 13 #08 | February 21st, 2023
[Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach
There is a lot to learn from Reddit's recent data breach, which was the result of an employee falling for a "sophisticated and highly-targeted" spear phishing attack.
I spend a lot of time talking about phishing attacks and the specifics that closely surround that pivotal action taken by the user once they are duped into believing the phishing email was legitimate.
However, there are additional details about the attack we can analyze to see what kind of access the attacker was able to garner from this attack. But first, here are the basics:
According to Reddit, an attacker set up a website that impersonated the company's intranet gateway, then sent targeted phishing emails to Reddit employees. The site was designed to steal credentials and two-factor authentication tokens.
There are only a few details from the breach, but the notification does mention that the threat actor was able to access "some internal docs, code, as well as some internal dashboards and business systems."
Since the notice does imply that only a single employee fell victim, we have to make a few assumptions about this attack:
The attacker had some knowledge of Reddit's internal workings – The fact that the attacker can spoof an intranet gateway shows they had some familiarity with the gateway's look and feel, and its use by Reddit employees.
The targeting of victims was limited to users with specific desired access – Given the knowledge about the intranet, it's reasonable to believe that the attacker(s) targeted users with specific roles within Reddit. From the use of the term "code," I'm going to assume the target was developers or someone on the product side of Reddit.
The attacker may have been an initial access broker – Despite the access gained that Reddit is making out to be not a big deal, they do also mention that no production systems were accessed. This makes me believe that this attack may have been focused on gaining a foothold within Reddit versus penetrating more sensitive systems and data.
There are also a few takeaways from this attack that you can learn from:
2FA is an important security measure – Despite the fact that the threat actor collected and (I'm guessing) passed the credentials and 2FA details onto the legitimate Intranet gateway-a classic man-in-the |
Data Breach Hack Threat Guideline | ChatGPT | ★★ |
|
2023-02-20 18:09:25 | RailYatri: 31 Million Users Affected On Indian Ticketing Platform (lien direct) | Although the RailYatri attack occurred in December 2022, the stolen data was only recently made public on a well-known hacker forum. In addition to exposing personal information, the RailYatri hack revealed the locations of millions of travelers throughout India. A significant data breach at the well-known Indian railway ticketing website RailYatri exposed the private data […] | Data Breach Hack | ★★ | |
 |
2023-02-16 00:00:00 | Lower Data Breach Insurance Costs with These Tips (lien direct) | The changing attack landscape has resulted in the hardening of the data breach insurance market. Gain insight into how implementing security controls can reduce the mean time to detect and control the costliness of an attack. | Data Breach | ★★★ | |
|
2023-02-15 13:18:20 | Reddit is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach (lien direct) |
|
Data Breach | ★★ | |
 |
2023-02-15 12:00:00 | What to Look for When Buying a Security Camera (2023): Tips and Risks (lien direct) | Eufy's recent scandal shows it's not so much about the data breach but about how a company responds. Here are a few ways to shop smart. | Data Breach | ★★ | |
|
2023-02-14 21:14:01 | Q&A: What healthcare providers should do after a data breach (lien direct) | Eufy's recent scandal shows it's not so much about the data breach but about how a company responds. Here are a few ways to shop smart. | Data Breach | ★★ | |
 |
2023-02-14 18:48:40 | Louisiana HBCU says personal data from 44,000 students accessed in November cyberattack (lien direct) |  The only Catholic historically Black college or university (HBCU) reported a data breach this week involving Social Security numbers and other personal information from more than 44,000 students and vendors. In filings with the office of Maine's attorney general, Xavier University of Louisiana said it suffered a cyberattack on November 22. “Xavier engaged cybersecurity experts [… |
Data Breach | ★★★ | |
 |
2023-02-14 13:15:55 | Pepsi Bottling Ventures Discloses Data Breach (lien direct) | >Pepsi Bottling Ventures, the largest privately-held bottler of Pepsi-Cola products in the United States, says data was stolen from its systems following a malware attack. | Data Breach Malware | ★ | |
|
2023-02-14 11:26:54 | Healthcare giant CHS reports first data breach in GoAnywhere hacks (lien direct) | Community Health Systems (CHS) says it was impacted by a recent wave of attacks targeting a zero-day vulnerability in Fortra's GoAnywhere MFT secure file transfer platform. [...] | Data Breach Vulnerability | ★★ | |
 |
2023-02-14 04:04:00 | Pepsi Bottling Ventures suffers data breach (lien direct) | Pepsi Bottling Ventures, the largest bottlers of Pepsi beverages in the US, has reported a data breach affecting the personal information of several employees.The company filed a notice of the data breach with the Attorney General of Montana on February 10 after discovering that a threat actor had accessed confidential information of certain current and former employees. “As a precautionary measure, we are writing to make you aware of an incident that may affect the security of some of your personal information,” the company wrote in its incident report. It said that as of now it is not aware of any kind of identity theft or fraud involving the leaked personal data. To read this article in full, please click here | Data Breach Threat | ★ | |
 |
2023-02-13 11:48:55 | BlackCat Leaks Data Belonging to Irish University (lien direct) | >Our CEO Brian Honan was interviewed by Data Breach Today at Information Security Media Group (ISMG) on what the High Court's injunction prohibiting ransomware attackers from leaking data will mean for Munster Technological University, following their ransomware attack. Read More > | Ransomware Data Breach | ★ | |
|
2023-02-13 05:33:19 | Pepsi Bottling Ventures suffers data breach after malware attack (lien direct) | Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing malware and the extraction of data from its IT systems. [...] | Data Breach Malware | ★★ | |
|
2023-02-10 19:45:08 | December ransomware attack leads to massive data breach from California health network (lien direct) |  Facilities within California's Heritage Provider Network reported a data breach related to a ransomware attack in December |
Ransomware Data Breach Guideline | Heritage Heritage | ★★★ |
|
2023-02-10 15:30:15 | A10 Networks confirms data breach after Play ransomware attack (lien direct) | The California-based networking hardware manufacturer 'A10 Networks' has confirmed to BleepingComputer that the Play ransomware gang briefly gained access to its IT infrastructure and compromised data. [...] | Ransomware Data Breach | ★★ | |
|
2023-02-10 12:36:22 | California medical group data breach impacts 3.3 million patients (lien direct) | Multiple medical groups in the Heritage Provider Network in California have suffered a ransomware attack, exposing sensitive patient information to cybercriminals. [...] | Ransomware Data Breach Medical | Heritage Heritage | ★★★ |
 |
2023-02-10 07:30:00 | Social media platform Reddit breached in phishing attack (lien direct) | Multiple medical groups in the Heritage Provider Network in California have suffered a ransomware attack, exposing sensitive patient information to cybercriminals. [...] | Data Breach | ★★★ | |
|
2023-02-09 10:10:48 | Weee! Acknowledges Data Leak,1.1 million People Impacted (lien direct) | A data breach at the Weee! Asian and Hispanic meal delivery business exposed the private data of 1.1 million clients. Weee! bills itself as the most prominent Asian and Hispanic supermarket in North America, shipping groceries to all 48 states via its network of warehouses. On Monday, a threat actor named “IntelBroker” started leaking information […] | Data Breach Threat | ★★★ | |
 |
2023-02-08 20:30:00 | Sydney Man Sentenced for Blackmailing Optus Customers After Data Breach (lien direct) | A Sydney man has been sentenced to an 18-month Community Correction Order (CCO) and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers. The unnamed individual, 19 when arrested in October 2022 and now 20, used the leaked records stolen from the security lapse to orchestrate an SMS-based extortion scheme. The suspect | Data Breach | ★★ | |
|
2023-02-08 16:21:24 | Weee! grocery service confirms data breach, 1.1 million affected (lien direct) | The Weee! Asian and Hispanic food delivery service suffered a data breach exposing the personal information of 1.1 million customers. [...] | Data Breach | ★★★ | |
|
2023-02-08 08:30:00 | Patient Information Compromised in Data Breach at San Diego Healthcare Provider (lien direct) | San Diego healthcare services provider Sharp says patient information was compromised in January data breach. | Data Breach | ★★ | |
 |
2023-02-07 11:00:00 | How to protect your car dealership from cyber-attacks (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Recent trends show that car dealerships are becoming a prime target for cyber-attacks, partly due to the rise in autonomous and connected vehicles. This is in addition to more traditional attacks such as phishing. Therefore, car dealerships are urged to take measures to improve their cybersecurity posture. Throughout this article, we will focus on how to protect your car dealership from cyber-attacks, from technological solutions to raising staff awareness, and more. Why are car dealerships being targeted by cybercriminals? Car dealerships collect a significant amount of data which is often stored on-site. This data includes things like names, addresses, email addresses, phone numbers, and perhaps more importantly, financial information such as bank details and social security numbers. Gaining access to this database can be very lucrative for criminals. A cybercriminal’s life is also made much easier if a car dealership uses outdated IT infrastructure and lacks sufficient processes in terms of protecting employee login details. How are car dealerships vulnerable to cyber-attacks? Before we discuss how to protect your car dealership from a cyber-attack, it is important to know what makes a car dealership vulnerable, and what sort of attacks it could be subjected to. Open Wi-Fi networks - Many car dealerships have open Wi-Fi networks for their customers to use freely. However, this provides an opportunity for hackers who can potentially access other areas of the network that store sensitive data. Malware - Malware is possibly the most likely form of cyber-attack, targeting individuals within your organization with malicious email attachments that execute software onto the victim’s device. This software can then grant the attacker remote access to the system. Phishing - Phishing emails are much more sophisticated than they used to be, appearing much more legitimate, and targeting individuals within the company. If an email seems suspicious or is from an unknown contact, then it is advised to avoid clicking any links. User error - Unfortunately, anyone working for the car dealership, even the owner, could pose a risk to security. Perhaps using lazy passwords, or not storing log-in details in a safe place. This is why cyber security training is now becoming mandatory at most businesses. The consequences of cyber-attacks on car dealerships If a small-to-medium-sized car dealership is the victim of a cyber-attack, then it can have a much bigger impact than just a short-term financial loss. Many smaller businesses that suffer a data breach are said to go out of business within six months of such an event, losing the trust of their customer base, and failing to recover from the financial impact. Research suggests that most consumers would not purchase a car from a dealership that has had a security breach in the past. Failing to prevent a cyber-attack and a criminal from gaining access to customer information is extremely detrimental to a business’s public image. How to protect your car dealership from cyber-attacks Regardl | Data Breach Malware Vulnerability | ★★ | |
|
2023-02-06 12:46:10 | 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder (lien direct) | Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users. | Data Breach | ★★ | |
|
2023-02-06 11:00:00 | The ethics of biometric data use in security (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In a world where you can scan the veins in your hand to unlock a smartphone, how do you maintain control over personal data? Biometric authentication, the use of distinctive human features like iris patterns, fingerprints and even gait in lieu of a password, is gaining ground in the tech world. Proponents tout its inherent, hard-to-replicate qualities as a security benefit, while detractors see the same features as an invasion of privacy. Both sides may be right. The problems with biometrics Unlike a password, you can’t forget your face at home. But also, unlike a password, you can’t reset your face — meaning you’re out of luck if someone steals a photo of it. In 2016, a biometrics researcher helped investigators hack into a murder victim’s phone with only a photo of the man’s fingerprint. While security systems are getting more advanced all the time, current technology also allows cybercriminals to run wild with a single piece of biometric data, accessing everything from laptop logins to bank accounts. By its very nature, biometric authentication requires third parties to store biometric data. What happens if the information is exposed? In addition to potential hacking, breaching people’s personal data might reveal something they’d rather keep private. Vein patterns could reveal that a person has a vascular disorder, raising their insurance premiums. Fingerprints could expose a chromosomal disease. True, people give this same information to their doctors, and a medical data breach could have the same repercussions. But handing off biometric data to a commercial company — which isn’t bound by HIPAA or sworn to do no harm — is a much grayer area. Another issue that occasionally plagues biometric authentication is injuries and natural bodily changes. A single paper cut can derail a fingerprint scanner, and an aging eye throws iris scanners for a loop. People will have to update their photos every few years to remind the system what they look like. Some facial recognition programs can even predict how long a person will live. Insurance companies have expressed interest in getting hold of this data, since the way a person ages says a lot about their health. If stolen biometric data fed into an algorithm predicts a person won’t make it past 50, will their employer pass them up for a promotion? In the event of an accident, your family won’t easily be able to access your accounts if you use biometric authentication, since it’s not as simple as writing down a list of passwords. Maybe that’s a good thing — but maybe not. Another ethical dilemma with biometric data use is identifying people without their consent. Most people are used to being on camera at the grocery store, but if that same camera snaps a photo without permission and stores it for later retrieval, they probably won’t be too happy. Some people point out that you have no right to privacy in a public space, and that’s true — to an extent. But where do you draw the line between publicity and paparazzi? Is it OK to snap a stranger’s photo while you’re talking to them, or is that considered rude and intrusive? The benefits of biometric data Of course, no one would be handing off a photo of their face if the | Data Breach Hack Prediction Medical | ★★ | |
|
2023-02-03 18:24:05 | TruthFinder, Instant Checkmate confirm data breach affecting 20M customers (lien direct) | PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirmed they suffered a data breach after hackers leaked a 2019 backup database containing the info of millions of customers. [...] | Data Breach | ★★★ | |
|
2023-02-03 16:53:57 | Microsoft accuses Iran\'s government of cyber operation against Charlie Hebdo (lien direct) |  Microsoft says the data breach of Charlie Hebdo was retaliation for the satire publication's call for drawings of Iran's leader, Ali Khamenei. |
Data Breach Guideline | ★ | |
|
2023-02-02 15:24:42 | Data breach at Vice Media involved SSNs, financial info (lien direct) |  A data breach involving Vice Media leaked the sensitive information and financial data of more than 1,700 people, according to filings with Maine's Attorney General. In two separate filings on January 26 and 31, Vice Media said it was alerted in March 2022 that there was a cyberattack on its network. The media company hired [… |
Data Breach | ★★ | |
|
2023-02-02 11:39:52 | Ransomware Gang Stole Customer Data, Arnold Clark Confirms (lien direct) | >Our CEO Brian Honan speaks to Data Breach Today at Information Security Media Group (ISMG) about the Arnold Clark Ransomware attack. Read More > | Ransomware Data Breach | ★ | |
 |
2023-02-01 20:47:33 | 19 Tips for Data Breach Victims in 2023 (lien direct) | >
If your personal information was exposed in a data breach, here are 19 action items to take. Download Now
|
Data Breach | ★★★ | |
|
2023-02-01 15:43:12 | Google Fi data breach let hackers carry out SIM swap attacks (lien direct) | Google Fi, Google's U.S.-only telecommunications and mobile internet service, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some customers warned that it allowed SIM swapping attacks. [...] | Data Breach | ★★ | |
|
2023-02-01 10:38:16 | Google Fi Data Breach Reportedly Led to SIM Swapping (lien direct) | >Google Fi informs customers about a data breach related to the recent T-Mobile cyberattack and some users claim they were targeted in a SIM swapping attack | Data Breach | ★★★ | |
 |
2023-01-30 21:17:00 | 10M JD Sports Customers\' Info Exposed in Data Breach (lien direct) | UK sportswear retailer asks exposed customers to stay "vigilant" against phishing attempts following cyberattack. | Data Breach | ★★★ | |
 |
2023-01-30 18:00:00 | JD Sports Confirms Breach Affected 10 Million Customers (lien direct) | The cyber-attack hit the company between November 2018 and October 2020 | Data Breach | ★★★ | |
|
2023-01-30 16:17:49 | British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers (lien direct) | JD Sports discovers unauthorized access to information from orders placed by customers between 2018 and 2020. | Data Breach | ★★★ | |
 |
2023-01-30 15:32:43 | JD Sports admits data breach (lien direct) | JD Sports has warned customers that bought items on its website, as well as those of Size?, Blacks and Millets, between November 2018 and October 2020 may have been impacted in the breach. The company has urged customers to be wary of potential phishing emails, calls and texts in the aftermath of the breach, while […] | Data Breach | ★★ | |
|
2023-01-30 12:34:09 | Breaking: JD Sports Data Breach Following Cyberattack (lien direct) | JD Sports has issued a warning that a cyberattack that affected the company may have exposed the personal information of roughly 10 million customers, including personal contact information, such as phone and email addresses. The hack may have affected customers who ordered goods from the business between 2018 and 2020. The company claimed that credit […] | Data Breach Hack | ★★ | |
|
2023-01-30 10:55:41 | JD Sports says hackers stole data of 10 million customers (lien direct) | UK sports apparel chain JD Sports is warning customers of a data breach after a server was hacked that contained online order information for 10 million customers. [...] | Data Breach | ★★ | |
|
2023-01-27 20:00:00 | On Data Privacy Day, Organizations Fail Data Privacy Expectations (lien direct) | Data Privacy Day rolls around year after year, and data privacy breaches likewise. Two-thirds of data breaches result in data exposure. | Data Breach | ★★★ | |
 |
2023-01-27 19:55:27 | Racial slurs discovered in leaked Yandex source code (lien direct) | >The code excerpts were part of a 44.7 gigabyte tranche of internal company code leaked online earlier this week. | Data Breach | ★★★ | |
|
2023-01-26 19:51:00 | Is Once-Yearly Pen Testing Enough for Your Organization? (lien direct) | Any organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line. There are two main reasons why regular pen testing is necessary for secure web application development: Security: Web applications are constantly evolving, and new | Data Breach | ★★ | |
|
2023-01-26 14:49:02 | 820k Impacted by Data Breach at Zacks Investment Research (lien direct) | >Zacks Investment Research is informing 820,000 individuals that their personal data was compromised in a data breach. | Data Breach | ★★ | |
|
2023-01-26 09:44:29 | 820K Zacks Investment Research Clients Impacted By Data Breach (lien direct) | The company Zacks Investment Research (Zacks) was infiltrated by hackers last year, allowing them access to 820,000 clients’ sensitive and personal data. The 1978-founded business uses cutting-edge financial data analytics systems to assist stock buyers. A threat actor entered the network between November 2021 and August 2022, according to an internal examination of the incident. […] | Data Breach Threat | ★★ | |
|
2023-01-25 19:24:21 | Data breach notices become more opaque, leaving consumers in the dark (lien direct) | >Of the 1,802 breaches the Identity Theft Resource Center tracked in 2022, 66% of notices lacked details about the attack and victims. | Data Breach | ★ | |
|
2023-01-25 13:45:11 | Zacks Investment Research data breach affects 820,000 clients (lien direct) | Hackers breached Zacks Investment Research (Zacks) company last year and gained access to personal and sensitive information belonging to 820,000 customers. [...] | Data Breach | ★★ | |
|
2023-01-24 12:03:34 | Zendesk Hacked After Employees Fall for Phishing Attack (lien direct) | >Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company's employees. | Data Breach | ★★ | |
|
2023-01-24 11:40:14 | How To Safeguard Your Business From Cybersecurity Stress And Prevent IT Burnout (lien direct) | The number of data breaches and their effects are increasing as more aspects of our lives move online. It’s not surprising that the latest IBM Data Breach report found that the average cost of a hack to businesses has reached a record $4.35 million when combined with inflationary levels that are unheard of. Employees are […] | Data Breach Hack | ★★ | |
|
2023-01-23 12:10:54 | Companies Impacted by Recent Mailchimp Breach Start Notifying Customers (lien direct) | Companies affected by the recent Mailchimp data breach have started notifying customers. The list includes WooCommerce, FanDuel, Yuga Labs and the Solana Foundation. | Data Breach | ★★ | |
|
2023-01-23 10:02:40 | FanDuel Cautions Users Of Data Breach In Vendor Hack (lien direct) | Customers of the FanDuel sportsbook and betting platform are being cautioned that their names and email addresses were made public due to a security breach at MailChimp in January 2023. Users are advised to be on the lookout for scam communications. MailChimp announced a compromise on January 13th after hackers used a social engineering effort […] | Data Breach Hack | ★ |
To see everything:
