Select Page

Cybersecurity News

Weekly Summary of the Top Stories in Cybersecurity

Cybersecurity News: June 28, 2021

Cybersecurity News: June 28, 2021

An internal code repo used by New York State’s IT office was exposed online

TechCrunch, Zack Whittaker
“…the GitLab server contained secret keys and passwords associated with servers and databases belonging to New York State’s Office of Information Technology Services.” Read More

Cyber-attack Exposes Eye Clinic Patient Data

Infosecurity, Sarah Coble
“According to the clinic, the perpetrators behind the cyber-attack may have compromised the records of roughly half a million past and present patients. …patient data exposed in the attack may have included patient names, mailing addresses, dates of birth, Social Security numbers, and protected medical/health information.” Read More

SonicWall sees 226.3 million ransomware attack attempts in May

Computer Weekly, Alex Scroxton
“The bombardment of ransomware attacks is forcing organisations into a constant state of defence rather than an offensive stance.” Read More

Ohio Medicaid Provider Suffers Data Breach

Infosecurity, Sarah Coble
“Information exposed in the incident included names, dates of birth and Social Security numbers belonging to the state’s Medicaid providers. Maximus said the breached data could have been stolen.” Read More

Wegmans reports misconfigurations on two cloud databases

SC Magazine, Steve Zurier
“You must know what security functions are provided by the cloud vendor versus what cloud users are responsible for.” Read More

Cybersecurity News: June 21, 2021

Cybersecurity News: June 21, 2021

Carnival Cruise hit by data breach, warns of data misuse risk

BleepingComputer, Sergiu Gatlan
“The impacted information includes data routinely collected during the guest experience and travel booking process or through the course of employment or providing services to the Company, including COVID or other safety testing.” Read More

Biden tells Putin certain cyberattacks should be ‘off-limits’

Reuters, Vladimir Soldatkin & Humeyra Pamuk
“We agreed to task experts in both our countries to work on specific understandings about what is off-limits. We’ll find out whether we have a cybersecurity arrangement that begins to bring some order.” Read More

NATO: Series of cyberattacks could be seen as the same threat as an armed attack

ZDNet, Liam Tung
“Allies recognise that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack.” Read More

Intuit notifies customers of compromised TurboTax accounts

BleepingComputer, Sergiu Gatlan
“By accessing your account, the unauthorized party may have obtained information contained in a prior year’s tax return or your current tax return in progress, such as your name, Social Security number, address(es), date of birth, driver’s license number and financial information (e.g., salary and deductions)….” Read More

How Hackers Used Slack to Break into EA Games

Vice, Joseph Cox
“A representative for the hackers told Motherboard in an online chat that the process started by purchasing stolen cookies being sold online for $10 and using those to gain access to a Slack channel used by EA. The hackers then requested a multifactor authentication token from EA IT support to gain access to EA’s corporate network.” Read More

Cybersecurity News: June 14, 2021

Cybersecurity News: June 14, 2021

Hackers Stole a Ton of EA Data—Including Valuable Source Code

Wired, Cecilia D’Anastasio
“…video game source code is a big-money commodity, especially for cheat-makers. Popular cheats are often designed by injecting bits of the original game source code into another piece of software. ‘When they have access to the source code, they could easily see what makes the game function and how they could adapt their cheats to the game.’” Read More

This unreported trojan managed to steal 1.2 TB of personal data

TechRadar, Anthony Spadafora
“The malware also stole over 6.6m files stored on the desktops and Downloads folders of victims including text files, image files and other documents.” Read More

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

CyberNews, Edvardas Mikalauskas
“Considering the fact that only about 4.7 billion people are online, numbers-wise the RockYou2021 compilation potentially includes the passwords of the entire global online population almost two times over.” Read More

Ransomware Struck Another Pipeline Firm—and 70GB of Data Leaked

Wired, Andy Greenberg
“The data…includes 73,500 emails, accounting files, contracts, and other business documents, around 19 GB of software code and data, and 10 GB of human resources files that includes scans of employee driver’s licenses and Social Security cards.” Read More

US to Treat Ransomware Like Terrorism

Infosecurity Magazine, Sarah Coble
“We really want to make sure prosecutors and criminal investigators report and are tracking … cryptocurrency exchanges, illicit online forums or marketplaces where people are selling hacking tools, network access credentials – going after the botnets that serve multiple purposes.” Read More

Cybersecurity News: June 7, 2021

Cybersecurity News: June 7, 2021

Fujifilm Shuts Down Servers to Investigate Possible Ransomware Attack

Infosecurity Magazine, Benjamin David
“For some entities, this affects all forms of communications, including emails and incoming calls, which come through the company’s network systems.” Read More

Scripps Notifying 147K People of Data Breach

Infosecurity Magazine, Sarah Coble
“Data exposed includes health information, Social Security numbers, driver’s license numbers, and financial information.” Read More

JBS: World’s largest meat supplier hit by cyber-attack

BBC News, Staff
“The company’s five biggest beef plants are in the US, and the shutdowns have halted a fifth of meat production there. According to the trade group Beef Central, ‘supermarkets and other large end-users like the McDonald’s burger pattie supply network will be some of the most immediately impacted customers, due to their need for consistent supply'” Read More

Hackers are targeting employees returning to the post-COVID office

TechCrunch, Carly Page
“The email looks legitimate enough, sporting the company’s official logo in the header, as well as being signed spoofing the CIO. The bulk of the message outlines the new precautions and changes to business operations the company is taking relative to the pandemic.” Read More

SolarWinds attackers leveraged trust in Constant Contact email marketing, USAID, to launch campaign

SC Media, Bradley Barth
“About 25% of these targets were international development, humanitarian and human rights organizations – employees of which might not flinch at the sight of an email from USAID, especially one sent from a credible and legitimate marketing service such as Constant Contact.” Read More

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.

Mitre Disrupting Advanced Persistent Threats