January 19, 2024 at 07:23PM Microsoft disclosed a breach in corporate email accounts, with data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The attack was detected on January 12th, and it was found that Nobelium accessed the accounts through a password spray attack in November 2023. The investigation is ongoing, and Microsoft is … Read more
January 19, 2024 at 07:08PM Microsoft confirmed a breach of corporate email accounts by Russian state-sponsored group Midnight Blizzard. The attack, detected on January 12th, 2023, was initiated via a password spray attack in November 2023. Access was gained to leadership team and legal department emails for over a month, enabling theft of emails and … Read more
January 19, 2024 at 06:26PM Conor Brian Fitzpatrick sentenced to 20 years of supervised release in the Eastern District of Virginia for operating the BreachForums hacking forum, involved in the sale and leaking of personal data for millions worldwide. Also pleaded guilty to multiple charges including child pornography possession. Court showed leniency on sentencing, with … Read more
January 19, 2024 at 05:24PM In 2024, CISOs are facing increased personal and legal responsibility for data breaches, particularly due to new SEC regulations. To protect themselves, they should create a system record, define “materiality,” speak to the board in financial terms, participate in cyber insurance negotiations, and monitor emerging privacy threats. Managing third-party risks … Read more
January 19, 2024 at 10:00AM The US Justice Department recently charged two Russian nationals for involvement in cybercriminal activities, including hacking retailers Michaels and Neiman Marcus in 2013. Aleksey Stroganov and Tim Stigal are accused of stealing and selling payment card data, causing $35 million in losses. Stroganov’s partner, Roman Seleznev, received multiple prison sentences … Read more
January 19, 2024 at 09:35AM VF Corporation reported a ransomware attack in December, with over 35 million customers’ personal data stolen, but no sensitive payment information affected. The attack disrupted business operations, leading to inventory and order fulfillment issues. VF Corp has restored most IT systems and is cooperating with authorities in investigating the incident. … Read more
January 19, 2024 at 09:00AM VF Corporation, parent company of popular fashion brands like Vans and North Face, reported that 35.5 million customers were affected by a cyber-attack in December. However, sensitive data such as social security numbers and financial information were unaffected, and there is no evidence that customer passwords were compromised. The attack … Read more
January 19, 2024 at 08:00AM 35.5 million customers’ personal information was stolen in a ransomware attack on VF Corporation in December 2023. The attack affected brands like Dickies, The North Face, and Vans. The company has restored impacted systems, but faced operational disruptions. It reported no evidence of stolen passwords and expects minimal financial impact. … Read more
January 19, 2024 at 01:52AM A German security researcher was fined €3,000 for uncovering an e-commerce database vulnerability affecting almost 700,000 customer records. The contractor, Hendrik H., discovered a plain-text password stored in a program file, providing potential access to customer data. Despite initial court support, the Jülich District Court later fined him under Germany’s … Read more
January 18, 2024 at 01:50PM Kansas State University is managing a cybersecurity incident disrupting VPN, K-State Today emails, and Canvas and Mediasite videos. Its prompt response includes engaging third-party IT forensic experts, providing guidance to maintain educational continuity, and ongoing updates. Email services will resume with limitations on January 18. No data breach has been … Read more