Bleeping Computer reports: New York-based venture capital and private equity firm Insight Partners has disclosed that its systems were breached in January following a social engineering attack. The company manages over $90 billion in regulatory assets and has invested in over 800 software and technology startups and companies worldwide during its 30 years of activity. […]
SecurityWeek reports: British fintech giant Finastra last week started sending written notifications to individuals who had their personal information stolen in a data breach. The incident came to light in mid-November 2024, after a threat actor offered on an underground forum data allegedly stolen from the company’s systems. The hacker claimed the theft of 400 gigabytes […]
The personal data of thousands of Polish lawyers and trainee lawyers has been leaked online, exposing social security numbers and password hashes, cybersecurity sources have reported. The breach, first reported by CyberDefence24, occurred on February 14 at around 8:00 PM, with some 10,337 names and 9,037 social security—or PESEL numbers—leaked. The Supreme Bar Council (Naczelna […]
Military.com reports: The Coast Guard‘s personnel and pay system was taken offline Friday and will remain down until at least Feb. 19 while officials investigate a data breach that affected more than 1,100 members. Coast Guard officials said Friday that the service’s Direct Access system, which manages pay and personnel matters, including orders, was hacked Friday, exposing sensitive […]
2023 was a bad year for commercial file transfer software apps because the Clop ransomware gang kept managing to find zero-day vulnerabilities to exploit. One of their campaigns involved Fortra’s GoAnywhere software. Even though Fortra issued a patch for CVE-2023-0669 within a week of discovery, there were many victims, including Brightline. Now TechTarget reports that […]
The North Korean state-sponsored threat actor known as Lazaraus Group is now running a campaign targeting software and Web3 developers with “undetectable” malware. MSN reports: Cybersecurity researchers at STRIKE from SecurityScorecard said they observed malware being embedded into GitHub repositories and NPM packages, where unsuspecting developers pick them up and integrate into their own projects. The […]
Security Affairs reports: China-linked APT group Salt Typhoon is still targeting telecommunications providers worldwide, and according to a new report published by Recorded Future’s Insikt Group, the threat actors has breached more U.S. telecommunications providers by exploiting unpatched Cisco IOS XE network devices. Insikt Group researchers reported that the Chinese hacked have exploited two Cisco flaws, tracked […]
Some might say it was only a matter of time. HuffPost reports: Elon Musk’s team at the so-called Department of Government Efficiency has posted classified information about the size and staff of a U.S. intelligence agency on its new website, raising bigger concerns about where Musk’s programmers got this information and what they are doing […]
The Record reports; Police in the Netherlands say they seized 127 servers this week that were used by Zservers, a bulletproof hosting service that was the subject of international sanctions issued Tuesday. The raid on Wednesday at the Paul van Vlissingenstraat data center in Amsterdam “followed a long-term digital investigation into the activities of a […]
Should India adopt a threshold-based data breach reporting?
MediaNama reports: India needs a threshold-based system for data breach reporting, speakers argued at MediaNama’s discussion on the draft Digital Personal Data Protection Rules (DPDP Rules, 2025) on February 7. This came as a comment during the session on the draft rules around data breaches. MediaNama conducted this discussion under the Chatham House Rule. (Chatham […]