LATEST POST
CISA Contractor Leaked AWS GovCloud Keys on Github
When the federal agency that directs organizations and agencies to quickly attend to vulnerabilities and breaches has its own breach, people notice. Brian Krebs reports: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA […]
7-Eleven confirms April cyberattack; ShinyHunters claims more than 600k Salesforce records
Cybernews reports: 7-Eleven confirms its internal systems were breached in April, exposing the information of an unknown number of individuals just weeks after the ShinyHunters ransomware group listed the global convenience store chain as part of its recent “pay-or-leak” campaign. The Texas-based retail giant has now begun sending a “Notice of Security Incident” to affected […]
Criminal leaks 468k+ records, reportedly from Portugal’s postal carrier
The Register reports: Data allegedly belonging to CTT, the operator of Portugal’s national postal service, has leaked online, affecting hundreds of thousands of individuals. According to HaveIBeenPwned, which ingested the data, a little more than 468,000 unique email addresses were included in the vast data dump, along with full names, phone numbers, and parcel tracking codes […]
Vimeo data breach exposes personal information of 119,000 people
BleepingComputer reports: The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Have I Been Pwned. Vimeo is a video hosting and streaming platform publicly traded on the Nasdaq stock market, with over 300 million registered users and […]
Hackers have breached tank readers at US gas stations; officials suspect Iran is responsible
CNN reports: US officials suspect Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple states, according to multiple sources briefed on the activity. The hackers responsible have exploited automatic tank gauge (ATG) systems that were sitting online and unprotected by passwords, allowing them […]
Edtech giant Instructure waves white flag, makes deal with ShinyHunters to resolve incident
When education software giant Instructure announced on May 1 that its widely used Canvas software was unavailable as it investigated a data security incident, it suggested the breach was mostly contained. That turned out to be overly optimistic. While the firm posted updates on its site as its services returned to service, the ShinyHunters group that attacked them continued to […]
Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access
From the Google Threat Intelligence Group’s Executive Summary: Read more at Google.
Canvas restored after cyberattack disrupted access for schools
There has been yet another development in the hack-and-leak attack on edtech giant Instructure, which was targeted by the ShinyHunters gang in April. When Instructure didn’t pay the gang’s ransom demands to delete the data, ShinyHunters attacked them again, defacing Canvas login pages with a note from ShinyHunters to schools. CNN reports: An apparent cyberattack shut down an […]