Data Breaches

Researchers at Aqua Security are calling urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations and open-source projects are vulnerable to this “ticking supply chain attack bomb.” In a research paper, Aqua researchers Yakir Kadkoda and Assaf Morag said they found Kubernetes secrets in public repositories that allow access to sensitive environments in the Software Development Life Cycle (SDLC) and open a severe supply chain attack threat.  “Among the…

Car parts giant AutoZone, which has over 7,000 stores across the Americas, is informing nearly 185,000 individuals that their personal information was compromised as a result of the massive MOVEit hacking campaign. AutoZone revealed that cybercriminals have stolen information, including social security numbers, after exploiting a vulnerability in the MOVEit Transfer managed file transfer application. However, the company is not aware of instances where the exposed information has been used for fraud. Nevertheless, impacted customers…

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop, exposing credentials that led to the theft of data from multiple Okta customers. A brief post-mortem from Okta security chief David Bradbury said the internal lapse was the “most likely avenue” for the breach that ensnared hundreds of Okta customers, including cybersecurity companies BeyondTrust and Cloudflare. “We can confirm that from…

The City of Philadelphia has revealed that the information of certain individuals was stolen in a cyberattack earlier this year. The malicious activity, the city says in an incident notification (PDF) on its website, was initially identified on May 24, and involved its email environment. According to the city, the investigation into the matter has revealed that an unauthorized party had access to certain city email accounts between May 26 and July 28, and that…

Identity and access management tech firm Okta on Friday warned that hackers broke into its support case management system and stole sensitive data that can be used to impersonate valid users. A security notice from Okta security chief David Bradbury said the company found “adversarial activity” that leveraged access to a stolen credential to access the support case management system. “The threat actor was able to view files uploaded by certain Okta customers as part…

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Finland on Wednesday charged a hacker, accused of the theft of tens of thousands of records from psychotherapy patients, with over 21,000 counts of extortion, the national prosecutor announced. “The suspect is held on remand and has denied being guilty of the offenses,” the National Prosecution Authority said in a statement. The prosecutor is seeking a seven-year prison sentence for the defendant, Aleksanteri Kivimaki, who was formerly identified as Julius Kivimaki. In the 2018 breach…