September 18, 2024 at 03:31PM The Federal Communications Commission fined AT&T $13 million and ordered it to tighten privacy and security practices following a third-party compromise. The commission extended consumer protections to the cloud and found AT&T responsible for failing to oversee third-party provider Snowflake, which was compromised, exposing sensitive data. AT&T must improve security … Read more
September 17, 2024 at 05:00PM Temu denies being hacked or experiencing a data breach. This comes after a threat actor alleged to be selling a stolen database with 87 million customer records. Based on the meeting notes, Temu denies that it was hacked or suffered a data breach, even after a threat actor claimed to … Read more
September 17, 2024 at 09:32AM Over 1,000 misconfigured ServiceNow instances exposed sensitive corporate information in Knowledge Base articles to external users and potential threat actors. Based on the meeting notes provided, the clear takeaway is that over 1,000 misconfigured ServiceNow enterprise instances were discovered, which led to the exposure of sensitive corporate information in Knowledge … Read more
September 16, 2024 at 01:03PM Submit a clever cybersecurity-related caption by Oct. 16, 2024, to [email protected] with the subject “Dark Reading September Toon” or via X, Facebook, and LinkedIn. Congrats to last month’s winner, Renen Wasserman. Notable entries included “Blindfolded and Breached: The Modern Cybersecurity Nightmare” and “This 5th level of multi-authentication may be taking … Read more
August 30, 2024 at 02:42AM Threat actors linked to North Korea are targeting developers with malware to steal cryptocurrency assets. The campaign involves publishing malicious packages to the npm registry. The attackers use various tactics, including fake job interviews and obfuscated JavaScript, to deploy malware and exfiltrate sensitive data. CrowdStrike has linked the group to … Read more
August 27, 2024 at 01:38PM China’s Volt Typhoon exploited a critical bug affecting Versa’s SD-WAN customers using Versa Director, planting custom web shells to harvest credentials on networks. Lumen Technologies linked this to the new malware, VersaMem. Versa has issued a patch and recommends customers to upgrade, but the vulnerability was already exploited, attributed to … Read more
August 26, 2024 at 09:12AM TDECU notified over 500,000 individuals of a data breach in the MOVEit campaign by the Cl0p ransomware group. Up to 96 million people and 2,700 organizations may have been affected. The compromised information includes sensitive data, but TDECU has not observed identity or financial fraud. Impacted individuals are being offered … Read more
August 20, 2024 at 06:50PM Cannon Corporation, operating as CannonDesign, has notified over 13,000 clients of a data breach where hackers stole data in early 2023. The breach included unauthorized network access and data theft. Despite discovering the breach in January 2023, the investigation was completed in May 2024, revealing compromised personal information. The ransomware … Read more
August 19, 2024 at 04:57PM Toyota confirmed a breach after ZeroSevenGroup leaked 240GB of stolen data. Toyota is engaging with those affected and will provide assistance if needed. The company has yet to disclose breach details. BleepingComputer found files were created on December 25, 2022. This follows earlier data breaches in 2021 and 2023, prompting … Read more
August 19, 2024 at 09:43AM National Public Data (NPD) confirms a data breach affecting 1.3 million US individuals, with 2760 from Maine. Reports suggest 2.9 billion records compromised. NPD suspects a third-party bad actor and acknowledges potential leaks. Discrepancies exist between NPD’s announcement and external reports. The full story behind the breach remains unclear. Initial … Read more