Data Breaches

14 Aug

Colorado Health Agency Says 4 Million Impacted by MOVEit Hack

Data Breaches, Information, News

The Colorado Department of Health Care Policy and Financing (HCPF) has revealed that the personal information of millions of individuals was compromised in a data breach resulting from the recent MOVEit cyberattack. On Friday, HCPF informed the Maine Attorney General’s office that it has started informing close to 4.1 million individuals that their personal information might have been compromised in the incident. In a sample notification letter submitted to authorities, HCPF revealed that, on May…

Read More
28 Jul

In Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in Android 

Data Breaches, Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
18 Jul

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Data Breaches, Information, Insights

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of passwords and other data exposed in countless data breaches. KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom, was hired in…

Read More
13 Jul

SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge

Data Breaches, Information, Insights

[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.] It was around 9 p.m. on Sunday, July 19, when I received a message through the contact form on KrebsOnSecurity.com that the marital infidelity website AshleyMadison.com had been hacked. The message contained links to confidential Ashley Madison documents, and included a manifesto that said a hacker group calling…

Read More
27 Jun

SEC notice to SolarWinds CISO and CFO roils cybersecurity industry

Data Breaches, Malware, Social Engineering

The US Securities and Exchange Commission has roiled the cybersecurity industry by putting executives of SolarWind on notice that it may pursue legal action for violations of federal law in connection with their response to the 2020 attack on the company’s infrastructure that affected thousands of customers in government agencies and companies globally. Current and former employees and officers of the company, including the chief financial officer (CFO) and chief information security officer (CISO), have…

Read More
27 Jun

Bionic integrations offer context-based vulnerability management

Data Breaches, Malware, Social Engineering

Application security posture management (ASPM) company Bionic has added two new capabilities — Bionic Signals and Bionic Business Risk Scoring — to its namesake cybersecurity platform to help its customers detect, prioritize and remediate vulnerabilities and threats in their applications. The idea is to collate signals from multiple threat intelligence platforms and add business context to identify critical risks in customer applications and help prioritize them based on the level of risks involved. “The surge…

Read More
27 Jun

Fortanix adds confidential data search for encrypted enterprise data

Data Breaches, Malware, Social Engineering

Cloud data security company Fortanix has announced Fortanix Confidential Data Search, a search offering for encrypted databases within enterprise cloud workflows. “Confidential Data Search allows data analysts to use off-the-shelf, unmodified databases in a standard, unrestricted SQL environment,” said Richard Searle, vice president of Confidential Computing, Fortanix. “Users do not need to convert their datasets to new complex proprietary database formats or deploy proprietary agents.” The search capability, Fortanix claims, doesn’t compromise data security or…

Read More
26 Jun

Critical flaw in VMware Aria Operations for Networks sees mass exploitation

Data Breaches, Malware, Social Engineering

Researchers warn that a vulnerability patched this month in VMware Aria Operations for Networks, formerly known as vRealize Network Insight, is now seeing exploitation en masse. The flaw allows for remote code execution through command injection and is rated with critical severity. “New data from Akamai shows the scale of active scanning for sites vulnerable to CVE-2023-20887 is much greater than originally reported,” researchers from Akamai told CSO via email. “There have been 695,072 total…

Read More
26 Jun

Latest MOVEit exploit hits thousands of NYC school students and staff

Data Breaches, Malware, Social Engineering

Personal data of over 45,000 public school students was compromised in a breach involving the file-transfer software MOVEit, according to a community letter sent to families and staff by the New York City Department of Education. “DOE used MOVEit to transfer documents and data internally as well as to and from vendors, including third party special education service providers,” the letter said.   The breach is the latest expoit of a SQL injection vulnerability found…

Read More
26 Jun

American Airlines, Southwest Airlines Impacted by Data Breach at Third-Party Provider

Data Breaches, Information, News

American Airlines and Southwest Airlines have started informing thousands of pilots that their personal information was compromised in a data breach at Pilot Credentials. A portal managing pilot and cadet recruitment applications on behalf of various airlines, Pilot Credentials informed both companies on May 3 that it had suffered a cyberattack resulting in the compromise of files on its systems. The vendor was breached on or around April 30 and the attackers obtained files containing…

Read More