Data Breaches

05 May

The Merck appeal: cyber insurance and the definition of war

Data Breaches, Malware, Social Engineering

Pharmaceutical firm Merck recently won an appeal that could mean its insurers will have to pay up on a $1.4-billion judgment related to the NotPetya cyberattack in 2017. The New Jersey appellate division judges hearing the appeal judge noted that the plain definition of war applies to the various insurance policies and that a cyberattack against an accounting firm not engaged in hostilities, while criminal and based on ill-will, was not tantamount to an act…

Read More
04 May

Patch manager Action1 to add vulnerability discovery, prioritization

Data Breaches, Malware, Social Engineering

Cloud-native, patch-management application provider Action1 is set to add vulnerability discovery and prioritization capabilities to its namesake flagship platform to help businesses stay ahead of software exploits. The plan is part of a company strategy to expand beyond its traditional patch management features and add capabilities aimed at enhancing an organization’s resilience to cybersecurity threats. “The new features will enable customers to see beyond what is patchable into what is actually vulnerable,” said Mike Walters,…

Read More
28 Apr

IOTW: American Bar Association accused of data breach affecting 1.4 million peop…

Attacks, Data Breaches

In a class action lawsuit, the American Bar Association (ABA) has been accused of “grossly fail[ing] to comply with security standards” and causing a data breach that affected approximately 1.5 million people. The data breach, which occurred in March 2023, saw a malicious actor gain access to the ABA’s systems and steal the data of approximately 1.4 million members. The data stolen included personal information such as name, phone number, address and email address. The…

Read More
20 Apr

Hundreds of members of congress affected by data breach

Attacks, Data Breaches

DC Health Link, the provider of health insurance for those in the United States (US) Government, has suffered a data breach that affects over 50,000 people.  The breach, which took place on March 6, saw an unauthorized party gain access to the data of 56,415 current and past customers of DC Health Link, including 585 staff members and 17 members of the US Congress.  In a message sent to employees on March 8, the US…

Read More
12 Apr

KFC owner suffers data breach following ransomware attack

Attacks, Data Breaches

Note: This article was updated on April 12, 2023, to reflect the fact that employee data, not customer data, was accessed during the cyber attack against Yum! Brands US fast-food corporation Yum! Brands, which owns franchises including KFC, Pizza Hut and Taco Bell, has suffered a data breach following a ransomware attack. The cyber attack, which took place on January 18, 2023, involved a malicious actor gaining unauthorized access to Yum! Brands’ network. The ransomware…

Read More
30 Mar

IOTW: Latitude Financial data breach affects 14 million people

Attacks, Data Breaches

Australian financial services company, Latitude Financial, has suffered a large-scale data break that exposed the personal information for more than 14 million customers. The breach was initially discovered on March 16, but was originally thought to have affected a fraction of the customers actually impacted by the cyber attack. How did the Latitude Financial data breach happen? The data breach was initially reported by Latitude Financial on March 16, after unusual activity was detected on…

Read More
29 Mar

Twitter source code leaked via GitHub

Attacks, Data Breaches

Part of the source code for social media site Twitter has been leaked via source code repository GitHub, according to a DMCA takedown request. The DMCA request stated that the code leaked included “proprietary source code for Twitter’s platform and internal tools”. Following the DMCA request, the code was taken down. The source code was leaked by a user under the screen name ‘FreeSpeechEnthusiast’. It is unclear how long the source code was available for,…

Read More
24 Mar

Critical flaw in WooCommerce can be used to compromise WordPress websites

Data Breaches, Malware, Social Engineering

WooCommerce, a popular plug-in for running WordPress-based online stores, contains a critical vulnerability that could allow attackers to take over websites. Technical details about the vulnerability have not been published yet, but the WooCommerce team released updates and attackers could reverse-engineer the patch. “Although what we know at this time is limited, what we do know is that the vulnerability allows for unauthenticated administrative takeover of websites,” researchers from web security firm Sucuri said in…

Read More
24 Mar

Cyberpion rebrands as Ionix, offering new EASM visibility improvements

Data Breaches, Malware, Social Engineering

SaaS-based external attack surface management (EASM) company Cyberpion has rebranded as Ionix, at the same time adding a clutch of new cybersecurity capabilities to its namesake offering. Designed to provide a “wider coverage and deeper focus” into its customers’ internet-facing assets and connected dependencies, the revamp of Ionix’s system will feature new abilities such as extending visibility into connected assets and shadow IT, and scoring risks based on possible blast radius. “Along with the rebrand comes…

Read More
24 Mar

Android-based banking Trojan Nexus now available as malware-as-a-service

Data Breaches, Malware, Social Engineering

Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide. First observed in June 2022 as a variant of SOVA, another Android banking Trojan, Nexus has since improved targeting capabilities and is available via a malware-as-a-service (MaaS) program for $3000 a month, and allows other attackers to rent or subscribe to the malware…

Read More