The Korea Times reports: Luxury jewelry brand Cartier has confirmed a breach of customer data, raising concerns over data security among high-end brands following recent incidents involving Dior and Tiffany. The company sent out an email Tuesday informing its customers that an “unauthorized third party” accessed its systems temporarily and obtained certain customer information. While […]
TechRadar reports: Security and compliance automation company Vanta has confirmed sharing sensitive customer data with other customers by mistake. In a statement (via TechCrunch), the company said a change it had made in the code resulted in a security breach. In it, some sensitive data from a small subset of customers was shared with other customers. […]
When criminals note that there is an unpatched vulnerability, expect more attacks to follow. A Russian-language forum recently picked up a report from SecurityLab.ru. It begins (translation): Popular forums on vBulletin have once again been found to have holes through which arbitrary code can be executed directly on the server – without a login and […]
Ransomware gangs will swear not to reveal that you were a victim if you pay their ransom demands. SBut if they fail to secure their negotiation chat servers, researchers and intel analysts can discover who their victims are and shoulder-surf any negotiations or payment arrangements. The SuspectFile blog reports on another case like that where […]
Australia’s biggest superannuation fund was questioned by its own clients about a security weakness in its accounts before cybercriminals stole hundreds of thousands of dollars in retirement savings. ABC Australia reports: Two AustralianSuper customers have told the ABC they had asked for multi-factor authentication (MFA) on their accounts but were rebuffed — one of them […]
Yet another member of President Trump’s staff has been caught up in a data security incident. The Guardian reports: The FBI is investigating an apparent impersonator who pretended to be the White House chief of staff, Susie Wiles, in texts and calls to her contacts, including prominent Republicans. Wiles has privately informed colleagues that the contacts in her personal cellphone […]
The Record reports: Australia became on Friday the first country in the world to require victims of ransomware attacks to declare to the government any extortion payments made on their behalf to cybercriminals. The law, initially proposed last year, only applies to organizations with an annual turnover greater than AUS $3 million ($1.93 million) alongside a smaller […]
The Register reports: A Seattle cancer facility has agreed to fork out around $52.5 million as part of a class action settlement linked to a Thanksgiving 2023 cyberattack where criminals directly threatened cancer patients with swat attacks. The Fred Hutchinson Cancer Center (Fred Hutch) disclosed its November 2023 attack a month later, after it confirmed […]
‘ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers‘ — ConnectWise statement The Record reports: IT management software company ConnectWise said it is investigating a nation-state attack on its systems that impacted some of its […]
LIGA reports: Russian hacking group RomCom attempted to hack into the accounts of employees of the UK Ministry of Defence under the guise of journalists. The attack was unsuccessful, but overall, there have been twice as many hacking attacks on the country’s defence department in the past two years as in the previous similar period, […]
