What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-13 19:20:00 | FCC Proposes Stricter Data Breach Reporting Requirements (lien direct) | Commission wants companies to notify customers of “inadvertent” breaches | Data Breach | ★★★★ | |
 |
2022-01-13 17:36:10 | FCC Chair Proposes New Policies for Carrier Data Breach Reporting (lien direct) | Federal Communications Commission (FCC) chairwoman Jessica Rosenworcel this week proposed updated policies around telecom providers' reporting of data breaches. | Data Breach | ||
 |
2022-01-13 16:39:48 | FCC wants new data breach reporting rules for telecom carriers (lien direct) | The Federal Communications Commission (FCC) has proposed more rigorous data breach reporting requirements for telecom carriers in response to breaches that recently hit the telecommunications industry. [...] | Data Breach | ||
|
2022-01-12 21:00:00 | Clinical Review Vendor Reports Data Breach (lien direct) | Nearly 135K individuals impacted by cyber-attack on Medical Review Institute of America | Data Breach | ||
 |
2022-01-12 16:00:00 | Anomali Cyber Watch: FluBot, iOS, Ransomware, Zloader, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Data breach, Phishing, Ransomware and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Attack Misuses Google Docs Comments to Spew Out “Massive Wave” of Malicious Links
(published: January 7, 2022)
Security researchers have seen a very large number of attacks leveraging the comment features of Google Docs to send emails to users containing malicious content. The attackers can create a document, sheet, or slides and add comments tagging any user's email address. Google then sends an email to the tagged user account. These emails come from Google itself and are more likely to be trusted than some other phishing avenues.
Analyst Comment: Phishing education can often help users identify and prevent phishing attacks. Specific to this attack method, users should verify that any unsolicited comments that are received come from the user indicated, and if unsure, reach out separately to the user that appears to have sent the comment to verify that it is real. Links in email should be treated with caution.
MITRE ATT&CK:[MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Phishing - T1156
Tags: Google, Impersonation, Phishing
Finalsite Ransomware Attack Forces 5,000 School Websites Offline
(published: January 7, 2022)
Finalsite, a firm used by schools for website content management, design, and hosting, has been hit by an unknown strain of ransomware that affected approximately 5,000 of their 8,000 customers. The company has said in a statement that many of the affected sites were preemptively shut down to protect user's data, that there is no evidence of that data was breached (although they did not confirm that they had the needed telemetry in place to detect that), and that most of the sites and services have been restored.
Analyst Comment: Verified backup and disaster recovery processes are an important aspect of protecting organizations and allowing for remediation of successful attacks. Monitoring and telemetry can aid in detection and prevention from attacks, and provide evidence as to whether data has been exfiltrated.
MITRE ATT&CK:[MITRE ATT&CK] Web Service - T1102 | [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: Education, Finalsite, Ransomware, Web hosting
FluBot’s Authors Employ Creative and Sophisticated Techniques to Achieve Their Goals in Version 5.0 and Beyond
(published: January 6, 2022)
Security researchers have analyzed a new and more sophisticated version of the FluBot Android malware first detected in early 2020. Once installed on a device, the malware can full |
Ransomware Data Breach Malware Tool Vulnerability Threat Guideline | ||
 |
2022-01-12 14:44:51 | Hackers raided Panasonic server for months, stealing personal data of job seekers (lien direct) | Technology giant Panasonic has confirmed that one of its servers suffered a data breach which saw the personal information of job applicants accessed by an unauthorised party. Read more in my article on the Hot for Security blog. | Data Breach | ||
 |
2022-01-12 14:06:05 | Achieve 10X Faster Response Time with Cybereason XDR (lien direct) |
Despite spending millions of dollars on cybersecurity tools over the past few years, most organizations still can't detect or respond to cyber attacks in a reasonable timeframe. According to Verizon's 2021 Data Breach Investigations Report (DBIR), 60% of incidents were discovered within days. However, in 20% of attacks, it took months or longer before organizations realized a breach had occurred. |
Data Breach | ||
|
2022-01-11 11:24:57 | MRIoA Discloses Data Breach Affecting 134,000 People (lien direct) | Medical Review Institute of America (MRIoA) on Friday started notifying some individuals that their personal information was compromised in a cyberattack. | Data Breach | ||
|
2022-01-10 11:00:00 | FlexBooker Reveals Major Customer Data Breach (lien direct) | Nearly four million customers impacted by AWS account compromise | Data Breach | ||
|
2022-01-07 12:12:38 | Online Pharmacy Service Ravkoo Discloses Data Breach (lien direct) | United States-based online pharmacy service Ravkoo this week started notifying patients of a data breach that potentially resulted in the exposure of personal information. | Data Breach | ||
 |
2022-01-07 09:20:29 | Over 3.7 million accounts were compromised in the FlexBooker data breach (lien direct) | The appointment scheduling service FlexBooker discloses a data breach that impacted over 3.7 million accounts. Threat actors compromised the FlexBooker accounts of more than 3.7 million users, the attack took place before the holidays. Stolen data are now available for sale on multiple cybercrime forums. FlexBooker is an online appointment scheduling platform that allows users to […] | Data Breach Threat | ||
|
2022-01-06 18:27:00 | Investigation Launched into RIPTA Data Breach (lien direct) | Rhode Island attorney general to probe data breach of the Ocean State's public transit authority | Data Breach | APT 32 | |
|
2022-01-06 11:48:11 | US online pharmacy Ravkoo links data breach to AWS portal incident (lien direct) | Ravkoo, a US Internet-based pharmacy service, has disclosed a data breach after the company's AWS hosted cloud prescription portal was involved in a security incident that may have led to personal and health information being accessed. [...] | Data Breach | ||
|
2022-01-05 19:46:00 | Morgan Stanley Agrees to Data Breach Settlement (lien direct) | American company willing to pay $60M to settle allegations of data safeguarding failures | Data Breach | ||
 |
2022-01-05 11:19:41 | Morgan Stanley agrees to $60 million settlement in data breach lawsuit (lien direct) | Customer data was held on legacy equipment that was later sold on without being wiped. | Data Breach | ★★★★ | |
|
2022-01-05 10:58:58 | (Déjà vu) Broward Health Data Breach Impacts 1.3 Million People (lien direct) | More than 1.3 million people were impacted in a data breach at Broward Health, the Florida hospital system has revealed. | Data Breach | ||
 |
2022-01-04 21:43:18 | What to Do If You\'re Caught Up in a Data Breach (lien direct) | 
It happens with more regularity than any of us like to see. There's either a headline in your news feed...
|
Data Breach | ★★ | |
|
2022-01-04 21:05:11 | UScellular discloses the second data breach in a year (lien direct) | UScellular, one of the largest wireless carriers in the US, has disclosed a data breach after the hack suffered in December 2021. UScellular has disclosed a data breach after the attack that compromised the company’s billing system in December 2021. United States Cellular Corporation, is the fourth-largest wireless carrier in the United States, with over […] | Data Breach Hack | ||
 |
2022-01-04 16:43:57 | McMenamins Data Breach Affects 12 Years of Employee Info (lien direct) | The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack. | Ransomware Data Breach | ||
 |
2022-01-04 12:44:43 | Broward Health data breach exposes data of 1,357,879 individuals (lien direct) | Broward Health, a Florida-based healthcare system with over thirty locations, has suffered a significant data breach impacting over a million individuals. The incident took place last October, and Broward Health was able to identify the intrusion four days after the compromise. Authorities were informed immediately, and employees were invited to reset their credentials. It now […] | Data Breach | ||
|
2022-01-04 12:07:08 | UScellular discloses data breach after billing system hack (lien direct) | UScellular, self-described as the fourth-largest wireless carrier in the US, has disclosed a data breach after the company's billing system was hacked in December 2021. [...] | Data Breach Hack | ||
|
2022-01-04 11:22:55 | Have I Been Pwned warns of DatPiff data breach impacting millions (lien direct) | The cracked passwords for almost 7.5 million DatPiff members are being sold online, and users can check if they are part of the data breach through the Have I Been Pwned notification service. [...] | Data Breach | ||
|
2022-01-04 09:07:38 | Hospitality Chain McMenamins discloses data breach after ransomware attack (lien direct) | Hospitality chain McMenamins disclosed a data breach after a recent ransomware attack. Hospitality chain McMenamins discloses a data breach after a ransomware attack that took place on December 12. McMenamins is a family-owned chain of brewpubs, breweries, music venues, historic hotels, and theater pubs in Oregon and Washington. According to the company, threat actors have stolen data of individuals […] | Ransomware Data Breach Threat | ||
|
2022-01-04 05:36:01 | Broward Health suffered a data breach that impacted +1.3 million people (lien direct) | The Broward Health public health system disclosed a massive data breach that has impacted more than 1.3 million individuals. The Broward Health public health system has suffered a data breach that impacted 1,357,879 individuals. Broward Health, formally the North Broward Hospital District, is one of the 10 largest public health systems in the U.S. Located […] | Data Breach | ||
|
2022-01-04 03:51:52 | Broward Health Hit With Data Breach on Patients, Staff (lien direct) | The Broward Health hospital system on Saturday said it suffered a data breach in October where a hacker accessed personal and medical information of patients and staff. | Data Breach | ||
|
2022-01-03 12:16:05 | ACLU Demands Answers About Transit Agency Data Breach (lien direct) | The American Civil Liberties Union of Rhode Island is demanding more answers about a data breach at the state's public bus service, including why the personal information of state employees who don't even work for the agency was compromised. | Data Breach | ||
|
2022-01-03 11:50:42 | Broward Health discloses data breach affecting 1.3 million people (lien direct) | Florida's Broward Health healthcare system has disclosed a large-scale data breach incident impacting 1,357,879 individuals. [...] | Data Breach | ||
|
2022-01-01 12:30:10 | PulseTV discloses potential credit card breach (lien direct) | U.S. online store PulseTV disclosed a potential credit card data breach, more than 200,000 customers have been impacted. U.S. online store PulseTV has disclosed a credit card data breach that has impacted more than 200,000 customers. According to the notification letter published by the Office of the Maine Attorney General, VISA informed the company on March […] | Data Breach | ||
|
2021-12-31 21:03:58 | (Déjà vu) The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware (lien direct) | The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The service now includes credentials for 441K accounts stolen by […] | Data Breach Malware | ||
|
2021-12-31 08:13:00 | Top 10 healthcare breaches in the U.S. exposed data of 19 million (lien direct) | The healthcare sector has been the target of hundreds of cyberattacks this year. A tally of public data breach reports so far shows that tens of millions of healthcare records have been exposed to unauthorized parties. [...] | Data Breach | ||
|
2021-12-30 15:17:31 | Have I Been Pwned adds 441K accounts stolen by RedLine malware (lien direct) | The Have I Been Pwned data breach notification service now lets you check if your email and password are one of 441,000 accounts stolen in an information-stealing campaign using RedLine malware. [...] | Data Breach Malware | ||
|
2021-12-29 21:18:14 | T-Mobile suffered a new data breach (lien direct) | T-Mobile discloses a new data breach that impacted a “very small number of customers” who were victim of SIM swap attacks. T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.' According to The T-Mo Report, which viewed T-Mobile internal documents, there was “unauthorized activity” on […] | Data Breach Threat | ||
|
2021-12-29 12:03:42 | T-Mobile says new data breach caused by SIM swap attacks (lien direct) | T-Mobile confirmed that recent reports of a new data breach are linked to notifications sent to a "very small number of customers" that they fell victim to SIM swap attacks. [...] | Data Breach | ||
 |
2021-12-28 18:28:54 | West Virginia Healthcare Breach Traced to Phishing (lien direct) |
Monongalia Health System in West Virginia has disclosed a data breach that exposed sensitive patient and employee information. |
Data Breach | ||
|
2021-12-28 08:49:27 | Logistics giant D.W. Morgan exposed 100 GB worth of clients\' data, including Fortune 500 Clients (lien direct) | The Website Planet security team discovered a data breach suffered by the multinational logistics giant D.W. Morgan. The Website Planet security team discovered an Amazon S3 bucket owned by logistics giant D.W. Morgan that was left unsecured online. The S3 bucket contained more than 100 GB of sensitive data relating to shipments and the company's clients, including some Fortune 500 […] | Data Breach | ||
|
2021-12-23 20:03:00 | Russian Hacker\'s $1.7M Restitution Order Overturned (lien direct) | Ninth Circuit rules Yevgeniy Nikulin will not have to compensate tech companies for 2012 data breach | Data Breach | ||
|
2021-12-23 10:49:36 | Pro Wrestling Tees discloses data breach after credit cards stolen (lien direct) | Popular wrestling t-shirt site Pro Wrestling Tees has disclosed a data breach incident that has resulted in the compromise of the financial details of tens of thousands of its customers. [...] | Data Breach | ||
|
2021-12-22 19:16:53 | Ubisoft discloses unauthorized access to \'Just Dance\' user data (lien direct) | Video game company Ubisoft confirmed a security breach that resulted in unauthorized access to ‘Just Dance’ user data. Ubisoft discloses a data breach that resulted in unauthorized access to ‘Just Dance’ user data. The security breach was caused by a misconfiguration, the good news is that the problem has been quickly solved. According to the […] | Data Breach | ||
|
2021-12-22 16:38:54 | Ubisoft Confirms Unauthorized Access to \'Just Dance\' User Data (lien direct) | French video game company Ubisoft this week confirmed that 'Just Dance' user data was compromised in a recent cybersecurity incident. The data breach was the result of a misconfiguration that has since been corrected, but not before player data was accessed and potentially copied by a third party. | Data Breach | ||
|
2021-12-22 10:39:00 | Ubisoft Reveals Player Data Breach Came from User Error (lien direct) | IT misconfiguration enabled attackers to access network | Data Breach | ||
|
2021-12-21 19:42:00 | Desjardins Proposes $155M Data Breach Settlement (lien direct) | Canadian financial company endeavors to settle class-action suit over long-running data breach | Data Breach | ||
 |
2021-12-20 08:16:00 | Five fundamental tips for getting executive buy-in on AppSec (lien direct) | The need for effective cybersecurity programs has never been more apparent. By October of 2021, the number of data breaches leapfrogged the total from 2020 by 17%, and 2021 saw the highest average data breach cost in 17 years ($4.24 million, in fact). Yet, for... Read more | Data Breach | ||
|
2021-12-16 20:43:00 | New Jersey Cancer Care Providers Settle Data Breach Claim (lien direct) | Healthcare providers accused of two security breaches in one year agree to $425K settlement | Data Breach | ||
|
2021-12-15 20:16:53 | FBI\'s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine (lien direct) | While investigating a data breach suffered by a healthcare organization, FBI accidentally revealed that it believes that the HelloKitty ransomware gang operates out of Ukraine. The investigation conducted by FBI on a recent data breach suffered by an Oregon healthcare organization lead to the accidental revelation that the FBI believes that the HelloKitty ransomware gang […] | Ransomware Data Breach Guideline | ||
|
2021-12-13 14:09:38 | Socially Engineering Your Way to Customer Data (lien direct) |
US telecommunications company Cox Communications has disclosed a data breach that exposed some customers' information, BleepingComputer reports. The company said in a breach notification letter that an attacker was able to gain access to some customer accounts after using social engineering tactics to impersonate a Cox employee. |
Data Breach | ||
|
2021-12-09 08:58:50 | Cox discloses data breach after hacker impersonates support agent (lien direct) | Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers' personal information. [...] | Data Breach | ||
|
2021-12-09 07:47:15 | Fujitsu pins Japanese govt data breach on stolen ProjectWEB accounts (lien direct) | Fujitsu says the attackers behind the May data breach used a vulnerability in the company's ProjectWEB information-sharing tool to steal accounts from legitimate users and access proprietary data belonging to multiple Japanese government agencies. [...] | Data Breach Tool Vulnerability | ||
|
2021-12-07 15:53:12 | Victims: After a Data Breach, Changing Passwords and Good Password Hygiene Remain Unimportant (lien direct) |
New shocking data shows how unconcerned victim users are after being notified of a data breach involving their credentials, personal information, and even social media accounts. |
Data Breach | ||
|
2021-12-03 19:07:00 | UK Government Fined Over Honors List Data Breach (lien direct) | Exposing honorees' addresses lands Cabinet Office with £500K ($661K) penalty | Data Breach | ||
|
2021-12-03 14:47:43 | UK Government fined £500,000 after revealing home addresses in New Year honours data breach (lien direct) | The Information Commissioner’s Office (ICO), the UK’s data watchdog, has fined the Government £500,000 after the addresses of over 1,000 New Years Honours recipients were mistakenly published online. The data breach occurred at 10:30pm on Friday 27 December 2019, when the personal details of more 1,097 celebrities, government employees, politicians, and officials who had received … Continue reading "UK Government fined £500,000 after revealing home addresses in New Year honours data breach" | Data Breach |
To see everything:
Our RSS (filtrered)
