Breaches and Incidents

New Home Depot Data Leak Reveals a Hole in Consumer Privacy Protection

New Home Depot Data Leak Reveals a Hole in Consumer Privacy Protection

Recently, Consumerist received an anonymous tip pointing to an internet address that hosted several digital images. The site also hosted 13 Excel spreadsheets of customer records. The internet address that hosted these spreadsheets was part of the HomeDepot.com domain; and all the files there were unencrypted, unprotected, discoverable by search engines, and completely accessible to the open...

Russian-Controlled Telecom Takes Over Financial Services’ Internet Traffic

Russian-Controlled Telecom Takes Over Financial Services’ Internet Traffic

Using BGP routing tables, the authorized service providers for MasterCard, Visa, and the various other companies "announce" their ownership of the large blocks of IP addresses belonging to the client companies. On Wednesday afternoon at around 3:36pm Pacific time, however, Rostelecom suddenly announced its control of the blocks. As a result, traffic flowing into the affected networks started...

Ireland: Trinity College Dublin Confirms Money Lost in Cybersecurity Attack

Ireland: Trinity College Dublin Confirms Money Lost in Cybersecurity Attack

The fundraising arm of Trinity College Dublin has confirmed it has been the victim of a cybersecurity attack. The Irish Sun estimated that as much as €1million may have been taken in the incident. Trinity Foundation said in a statement on Thursday that it had been alerted by its bank to suspicious activity in its accounts. While it refused to comment on how much money had been stolen, the...

250 ISIS Twitter Accounts Defaced by a Hacktivist with Adult Content

250 ISIS Twitter Accounts Defaced by a Hacktivist with Adult Content

One hacker is waging war against ISIS with adult images after hacking over 250 Twitter accounts known to be associated with the terrorist group. WauchulaGhost is a hacker that's been known for a lot of work, including pointing out security flaws in President Trump's Twitter account after his inauguration. His fight against ISIS on social media goes a way back, however, as this isn't even the...

Auto Lender Leaves Loan Data  of About 1 Million Applicants Unprotected

Auto Lender Leaves Loan Data of About 1 Million Applicants Unprotected

A California auto loan company left the names, addresses, credit scores and partial Social Security numbers of up to 1 million people exposed on an insecure online database. The company behind the database is Alliance Direct Lending Corporation, according to Kromtech Security Research Center, which discovered the data earlier this week. It said the data was found on an unprotected Amazon server...

Chipotle Mexican Grill Says Its Payments System Was Hacked

Chipotle Mexican Grill Says Its Payments System Was Hacked

Chipotle Mexican Grill's executives told Wall Street analysts that the company's payment processing system was hacked. "We want to make our customers and investors aware we recently detected unauthorized activity on a network that supports payment processing for purchases made in our restaurants," chief financial officer Jack Hartung told analysts during an investor presentation. He said that...

Pro Pakistani Hackers Hack Websites of Four Indian Universities' Websites

Pro Pakistani Hackers Hack Websites of Four Indian Universities' Websites

Pakistan-based hackers allegedly hacked the official websites of four prominent Indian universities — Delhi University (DU), Aligarh Muslim University (AMU), Indian Institute of Technology (IIT) Delhi and IIT BHU (Banaras Hindu University - Varanasi). The hackers operate under the group code named “PHC Pakistani l33t w4s h3r3.” After hacking the IIT Delhi website, they posted an abusive...

Compromised Again, Over One Million Accounts Exposed - R2Games

Compromised Again, Over One Million Accounts Exposed - R2Games

Online gaming company Reality Squared Games (R2Games) has been compromised for the second time in two years, according to records obtained by the for-profit notification service LeakBase. The hacker who shared the data with LeakBase says the attack happened earlier this month. The data involved with this most recent breach was compromised isn't exactly clear. The forums impacted are all operating...

  • More at CSO
  • |
  • |
Northrop Grumman Couldn't Protect Its Workers' W-2

Northrop Grumman Couldn't Protect Its Workers' W-2

Northrop Grumman has admitted one of its internal portals was broken into, exposing employees' sensitive tax records to miscreants. In a letter to workers and the California Attorney General's office, the aerospace contractor said that between April 18, 2016, and March 29, 2017, crooks infiltrated the website, allowing them to access staffers' W-2 paperwork for the 2016 tax year. "The personal...

Pawn Storm Leverage the Power of Social Engineering

Pawn Storm Leverage the Power of Social Engineering

In the first stage of the Pawn Storm group (a.k.a. APT28 or FancyBear) attacks, they rely on credential phishing campaigns anchored by geopolitical events as lures to set the hook on their targets. They successfully tailor emails with proper spelling and grammar to evade spam filters to gain a foothold on targeted systems. The threat actor then uses relatively simple first stage malware to map...

Hipchat Resets Password of Users After Possible Breach

Hipchat Resets Password of Users After Possible Breach

HipChat has reset all its users' passwords after what it called a security incident that may have exposed their names, email addresses and hashed password information. In some cases, attackers may have accessed messages and content in chat rooms, HipChat said in a Monday blog post. But this happened in no more than 0.05 percent of the cases, each of which involved a domain URL, such as...

Lifespan Informs 20,000 Patients of Data Breach

Lifespan Informs 20,000 Patients of Data Breach

Lifespan, a health-care network, has notified about 20,000 patients of the theft of an employee’s laptop containing patient information. There is no indication that any patient information has been accessed or used by anyone as a result of the theft, Lifespan said in a statement released Friday. The employee immediately contacted law enforcement and reported the theft to Lifespan. Lifespan...

Healthcare Records Put Up for Sale on Dark Web

Healthcare Records Put Up for Sale on Dark Web

Last August a Baltimore substance abuse treatment facility had its database hacked. Patient records subsequently found their way onto the Dark Web, according to DataBreaches.net. The group noticed such things as dates of admission, whether the patients are on methadone, their doctors and counselors, and dosing information. In the DataBreaches.net blog, the hacker “Return,” who they think is...

  • More at CSO
  • |
  • |
ECMC, Hit by Cyberattack, Continues Massive Job of Restoring Computer Functions

ECMC, Hit by Cyberattack, Continues Massive Job of Restoring Computer Functions

Erie County Medical Center, which continues to struggle with a massive computer shutdown, reported Friday that it is making progress in efforts to restore its information systems. The hospital shut down its computers on April 9 after a cyberattack. Hospital officials still decline to confirm the attack as ransomware, citing investigations into what happened. But sources have told The News that it...

Massive Viagra Botnet Claims 80K Devices

Massive Viagra Botnet Claims 80K Devices

A massive Viagra spam campaign has been uncovered, found to be enlarged by 80,000 compromised devices. The sheer size of the operation is notable: In the course of an investigation by Incapsula, researchers were able to intercept payloads with details of 51 websites used by spammers to sell counterfeit drugs. These were located in China, Malaysia, Vietnam, Ukraine, France, Taiwan, Russia,...

Script Kiddies are Using Leaked NSA Hack Tools to pwn 1000s of Windows Boxes

Script Kiddies are Using Leaked NSA Hack Tools to pwn 1000s of Windows Boxes

The NSA's Equation Group hacking tools, leaked last Friday by the Shadow Brokers, have now been used to infect thousands of Windows machines worldwide. On Thursday, Dan Tentler, founder of security shop Phobos Group, told The Register he's seen rising numbers of boxes on the public internet showing signs they have DOUBLEPULSAR installed on them. DOUBLEPULSAR is a backdoor used to inject and run...

Check out the recent cyber security breaches and incidents.

This category provides expertly curated cyber security news on the important cyber security attacks that occur across the world. Nowadays the quantum and nature of breaches is changing at a faster pace than before. The attacks are no longer simple and limited to only confidentiality and availability of data. They have become highly sophisticated with a real threat for integrity attacks and this is what makes it extremely challenging for any security team to provide full proof security to organizational networks. Add to this the magnitude of the attacks that are taking place right now. That is quite a huge number and they are not going to stop any sooner. The silver lining is the cyber awareness gained through learning from breaches and incidents that are occurring in real time across the national boundaries and in different industries and sectors of economy. Our aim is to provide our users a time window for proactive action so that they can plug in the loopholes and vulnerabilities in their systems and networks and secure themselves from information security breach and any cyber security breach in general. The news is disseminated in real time to provide information on recent cyber attacks to the users to keep them updated. Information on cyber incidents is of utmost importance to any security team because it helps them dynamically improve their organizational security framework. It is important for every security team to continuously gauge and keep a tab on the dynamic threat landscape that is actively changing and that is why we recommend all security professionals and experts to subscribe to this category.