Data Breaches

06 Sep

Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Mistakes

Data Breaches, Information, News

Microsoft has published a post-mortem detailing multiple errors that led to Chinese cyberspies hacking into US government emails, blaming the embarrassing incident on a crash dump stolen from a hacked engineer’s corporate account. The crash dump, which dated back to April 2021, contained a Microsoft account (MSA) consumer key that was used to forge tokens to break into OWA and Outlook.com accounts. “Our investigation found that a consumer signing system crash in April of 2021…

Read More
05 Sep

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Data Breaches, Information, Insights

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. Taylor Monahan is lead product manager of MetaMask, a…

Read More
25 Aug

Kroll Employee SIM-Swapped for Crypto Investor Data

Data Breaches, Information, Insights

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks. Cryptocurrency lender BlockFi and the now-collapsed crypto trading platform FTX each disclosed data breaches this week thanks to a recent SIM-swapping attack…

Read More
14 Aug

Colorado Health Agency Says 4 Million Impacted by MOVEit Hack

Data Breaches, Information, News

The Colorado Department of Health Care Policy and Financing (HCPF) has revealed that the personal information of millions of individuals was compromised in a data breach resulting from the recent MOVEit cyberattack. On Friday, HCPF informed the Maine Attorney General’s office that it has started informing close to 4.1 million individuals that their personal information might have been compromised in the incident. In a sample notification letter submitted to authorities, HCPF revealed that, on May…

Read More
28 Jul

In Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in Android 

Data Breaches, Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
18 Jul

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Data Breaches, Information, Insights

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of passwords and other data exposed in countless data breaches. KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom, was hired in…

Read More
13 Jul

SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge

Data Breaches, Information, Insights

[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.] It was around 9 p.m. on Sunday, July 19, when I received a message through the contact form on KrebsOnSecurity.com that the marital infidelity website AshleyMadison.com had been hacked. The message contained links to confidential Ashley Madison documents, and included a manifesto that said a hacker group calling…

Read More
27 Jun

SEC notice to SolarWinds CISO and CFO roils cybersecurity industry

Data Breaches, Malware, Social Engineering

The US Securities and Exchange Commission has roiled the cybersecurity industry by putting executives of SolarWind on notice that it may pursue legal action for violations of federal law in connection with their response to the 2020 attack on the company’s infrastructure that affected thousands of customers in government agencies and companies globally. Current and former employees and officers of the company, including the chief financial officer (CFO) and chief information security officer (CISO), have…

Read More
27 Jun

Fortanix adds confidential data search for encrypted enterprise data

Data Breaches, Malware, Social Engineering

Cloud data security company Fortanix has announced Fortanix Confidential Data Search, a search offering for encrypted databases within enterprise cloud workflows. “Confidential Data Search allows data analysts to use off-the-shelf, unmodified databases in a standard, unrestricted SQL environment,” said Richard Searle, vice president of Confidential Computing, Fortanix. “Users do not need to convert their datasets to new complex proprietary database formats or deploy proprietary agents.” The search capability, Fortanix claims, doesn’t compromise data security or…

Read More
27 Jun

Bionic integrations offer context-based vulnerability management

Data Breaches, Malware, Social Engineering

Application security posture management (ASPM) company Bionic has added two new capabilities — Bionic Signals and Bionic Business Risk Scoring — to its namesake cybersecurity platform to help its customers detect, prioritize and remediate vulnerabilities and threats in their applications. The idea is to collate signals from multiple threat intelligence platforms and add business context to identify critical risks in customer applications and help prioritize them based on the level of risks involved. “The surge…

Read More