LATEST POST
Crickets from Chirp Systems in Smart Lock Key Leak
Brian Krebs reports that the U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. “The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021,: Krebs reports. “Meanwhile, […]
MGM Resorts Sues the Federal Trade Commission to Limit Investigation into 2023 Data Breach
Although the Federal Trade Commission (FTC) has the authority to investigate data breaches, some entities they have investigated have pushed back against the regulator. In 2013, FTC filed a complaint against LabMD for allegedly failing to protect consumer’s data. When the government found for itself in a proceeding by an administrative law judge, LabMD sued […]
Threat actors claim they stole info on more than 3.5M Omni Hotels & Resorts guests
Less than two weeks after Omni Hotels & Resorts admitted that they had been the victim of a cyberattack, a known ransomware gang has publicly claimed that they were responsible for the attack. A post on Daixin Team’s dark web leak site claimed they had “Sensitive data. (Including all records of all visitors from 2017 […]
Sisense breach and Palo Alto Networks vulnerability made for a busy week for CISOs
Sisense Security Week reports: The US government cybersecurity agency CISA on Thursday issued a red-alert for what appears to be a massive supply chain breach at Sisense, a New York company that sells big-data analytics tools to businesses. In a cryptic note, CISA warned of a recent “compromise of Sisense customer data” that was discovered […]
Small practices vulnerable after Change Healthcare cyberattack; some considering bankruptcy
While Change Healthcare UnitedHealth Group claims it continues to make progress in mitigating the impact to consumers and care providers of a massive cyberattack in February on its system and services, Radiology Business provides a grimmer picture of the impact and recent situation: The incident first occurred in February, shutting down the nation’s largest clearinghouse […]
576,000 Roku user accounts hacked in second credential stuffing incident in two months
Streaming giant Roku has disclosed that it experienced a second data security breach in as many months. This time, about 576,000 user accounts were compromised by a second credential stuffing attack. In credential stuffing, threat actors test username/password combinations from other incidents, knowing that some consumers re-use the same login across sites and that some […]
AT&T files breach notification, notifies 51 million customers
Remember all the headlines about AT&T customer data of more than 70 million people showing up on the internet again after a previous leak? Now AT&T has filed a notice with the Maine Attorney General’s Office about the incident. Here are two things to note about their notification to Maine: AT&T filed the notification The […]
Still recovering from ransomware attack, Change Healthcare faces a new threat
While Change Healthcare continues to try to restore all services following a damaging ransomware attack in February, they now face a new and concerning threat. No Honor Among Thieves On March 4, a threat actor calling themself “notchy” claimed that they had been involved in the attack on Change Healthcare and that their job was […]