California Pizza Kitchen spills over 100,000 employee Social Security numbers
Tech Crunch, Carly Page
“The company said it learned of a ‘disruption’ to its systems on September 15 and moved to ‘immediately secure’ its environment. By October 4, the company said it had determined cybercriminals had infiltrated its systems and gained access to certain files, including employee names and SSNs.” Read More
US, UK warn of Iranian hackers exploiting Microsoft Exchange, Fortinet
Bleeping Computer, Sergiu Gatlan
“FBI and CISA have observed this Iranian government-sponsored APT group exploit Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.” Read More
New banking Trojan SharkBot makes waves across Europe, US
ZD Net, Charlie Osborne
“With the discovery of SharkBot we have shown new evidence about how mobile malware [is] quickly finding new ways to perform fraud, trying to bypass behavioral detection countermeasures put in place by multiple banks and financial services during the last years.” Read More
10,000+ websites and apps are vulnerable to Magecart
Helpnet Security
“Victims are often the last to know as it’s only later that organizations find that their data was sold or exploited, with the problem extending beyond any single vendor or client relationship. For enterprises in particular, Magecart attacks pose a significant challenge because it is problematic to set up a solution at scale.” Read More
Ohio hospital diverting ambulances, canceling appointments amid cyberattack
SC Magazine, Jessica Davis
“The latest advisory shows the health system is still working to safely restore systems and operations and warns province residents that it appears protected health information was stolen in the attack.” Read More