Browsing tag
A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in the 2019 Capital One breach. Paige Thompson, who operated under the online alias “erratic” and worked for the tech giant till 2016, […]
An illicit online marketplace known as SSNDOB was taken down in operation led by U.S. law enforcement agencies, the Department of Justice (DoJ) announced Tuesday. SSNDOB trafficked in personal information such as names, dates of birth, credit card numbers, and Social Security numbers of about 24 million individuals in the U.S., generating its operators $19 […]
If one word could sum up the 2021 infosecurity year (well, actually three), it would be these: “supply chain attack”. A software supply chain attack happens when hackers manipulate the code in third-party software components to compromise the ‘downstream’ applications that use them. In 2021, we have seen a dramatic rise in such attacks: high […]
The database containing 10GB worth of user information of three VPN services such as ChatVPN, SuperVPN, and GeckoVPN was leaked in the Telegram Groups. On May 7th, 2022, the data of 21 million users was leaked, exposing the personal details and login credentials of the users. The Data Breach: Telegram uses encryption and offers its […]
India’s computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours. “Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents […] to CERT-In within six hours […]
Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the group indicating that LAPSUS$ breached the company several […]
Identity and access management provider Okta on Tuesday said it concluded its probe into the breach of a third-party vendor in late January 2022 by the LAPSUS$ extortionist gang and that it was far more limited in scope. Stating that the “impact of the incident was significantly less than the maximum potential impact” the company […]
GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI. “Customers should also continue to monitor Heroku and Travis CI for updates on their own investigations into the […]
Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data from several organizations. “An attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM,” […]
Block Inc, confirmed that they had a data breach which was due to a former employee. Cash App is one of the products developed by Block. Cash App is a mobile application that can be used to transfer money between users. But this app is limited to the United Kingdom and the United States only. […]
Block, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers. “While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were […]
An independent security researcher has shared what’s a detailed timeline of events that transpired as the notorious LAPSUS$ extortion gang broke into a third-party provider linked to the cyber incident at Okta in late January 2022. In a set of screenshots posted on Twitter, Bill Demirkapi published a two-page “intrusion timeline” allegedly prepared by Mandiant, […]
Recently on March 22, 2022, several screenshots from the computer of one of Okta’s third-party support technicians were published online by the Lapsus$ hacking group claiming to have stolen sensitive data. There are many companies such as FedEx, Moody’s Corp (MCO.N), Peloton, SONOS, T-Mobile that rely on Okta to provide access to their networks primarily […]
Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer. The company added that 366 corporate customers, or about 2.5% of its customer […]
Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained “limited access” to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. “No customer code or data was involved in the observed activities,” Microsoft’s Threat Intelligence Center (MSTIC) […]
Cyberattacks on Russia have been on the rise since their invasion of Ukraine. On February 25th, the Anonymous group posted on Twitter, “The Anonymous Collective is officially in cyberwar against the Russian government”. Anonymous has been infiltrating several Russian organizations ever since. — Anonymous (@YourAnonOne) February 24, 2022 Most of the businesses were Russian-state backed. […]
The Security Service of Ukraine (SBU) said it has detained a “hacker” who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory. The anonymous suspect is said to have broadcasted text messages to Ukrainian officials, including security officers and civil servants, proposing that they surrender and take […]
The Irish Data Protection Commission (DPC) on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million (~$18.6 million) for a series of security lapses that occurred in violation of the European Union’s GDPR laws in the region. “The DPC found that Meta Platforms failed to have in place appropriate technical and […]
French video game company Ubisoft on Friday confirmed it was a victim of a “cyber security incident,” causing temporary disruptions to its games, systems, and services. The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wide password reset as a precautionary measure. “Also, we can confirm […]
The Tech giant reported that their systems were compromised by the hacker group LAPSUS$ who were also responsible for the Nvidia data breach. On February 28, hackers gained access to Samsung’s confidential data including source code for their Galaxy smartphones. However, the company stated that a data breach occurred but no data relating to the […]
French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union’s General Data Protection Regulation (GDPR) laws in the country, almost a month after a similar decision was reached in Austria. To that end, the National Commission on Informatics and Liberty (CNIL) ruled that the transatlantic movement of […]