Microsoft warns of widespread gift card scam targeting organizations
Neowin, Usama Jawad
“Attackers typically conduct detailed reconnaissance activities about the person they are impersonating, their target, and the company in general.” Read More
Peloton’s leaky API let anyone grab riders’ private account data
TechCrunch, Zack Whittaker
“But the exposed API let him — and anyone else on the internet — access a Peloton user’s age, gender, city, weight, workout statistics and, if it was the user’s birthday, details that are hidden when users’ profile pages are set to private.” Read More
Scripps Health Knocked Offline by Ransomware
Infosecurity, Phil Muncaster
“While our information technology applications are offline, patient care continues to be delivered safely and effectively at our facilities, utilizing established back-up processes, including offline documentation methods.” Read More
Contact Tracer Breach Hits the Keystone State
Infosecurity, Sarah Coble
“They were basically putting information and people’s names into Google documents and then they were sharing them amongst each other.” Read More
More US agencies potentially hacked, this time with Pulse Secure exploits
Ars Technica, Dan Goodin
“CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorized access. We are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly.” Read More
