Snowflake breach snowballs as more victims, perps, come forward

June 23, 2024 at 10:21PM Snowflake breach continues to expand with victims, including Ticketek and Advance Auto Parts. Hacker claims to have accessed Snowflake by compromising third parties. CDK faces ransomware attack and potential payment. Critical vulnerabilities found in Juniper Secure Analytics, CAREL Boss-Mini, Westermo L210-F2G, and RAD Data Communications SecFlow-2. Alleged Apple tools leaked. … Read more

Santander Employee Data Breach Linked to Snowflake Attack

June 21, 2024 at 09:21AM Santander US has reported a data breach impacting 12,000 employees’ personal information. The breach is linked to a Snowflake attack. Source: SecurityWeek. Based on the meeting notes, it appears that Santander US is notifying over 12,000 employees that their personal information was compromised in a data breach. The breach has … Read more

Advance Auto Parts confirms data breach exposed employee information

June 19, 2024 at 03:50PM Advance Auto Parts confirmed a data breach as a threat actor attempted to sell stolen data on a hacking forum. The breach affected personal information of current and former employees, job applicants, and possibly customers. The company will provide breach notifications, identity restoration services, and has incurred $3 million in … Read more

Blackbaud has to cough up a few million dollars more over 2020 ransomware attack

June 17, 2024 at 01:50PM Cloud software company Blackbaud has agreed to settle with California’s attorney general, paying a $6.75 million fine for its cybersecurity failings after a 2020 ransomware attack. The settlement aims to improve data protection and security measures. This follows a previous settlement with 49 other state AGs and the District of … Read more

Why Hackers Love Logs

June 6, 2024 at 10:39AM Cybercriminals often target computer log files, which record system actions and are crucial for identifying malfunctions or malicious activity. Logs may contain valuable information for attackers, such as reconnaissance data, PII, means for covering tracks, and methods for disruption and extortion. Common tampering methods include injecting false actions, attacking log … Read more

NIST Commits to Plan to Resume NVD Work

June 4, 2024 at 10:53AM NIST has faced a significant backlog in processing vulnerability reports, with only 26% being processed this year due to increasing workload and resource reductions. The agency has announced a plan to address the issue, including partnering with CISA and implementing process updates to enhance efficiency. Industry professionals express concerns and … Read more

NIST Commits to Vulnerability Plan, But Researchers’ Concerns Remain

June 4, 2024 at 09:04AM US National Institute of Standards and Technology is addressing the backlog in processing vulnerability reports. NIST’s plan involves a multipronged approach, working with public and private sectors, and updating technology to handle the increasing number of disclosed vulnerabilities. The backlog has been attributed to a combination of resource reductions and … Read more

Hudson Rock yanks report fingering Snowflake employee creds snafu for mega-leak

June 3, 2024 at 10:35PM Hudson Rock has removed its report about cybercriminals breaching Snowflake’s systems and stealing data from customers like Ticketmaster and Santander Bank, following legal pressure from Snowflake. Snowflake denies any breach, stating that stolen individual customer account credentials may have been used. The breach’s extent and impact are subject to ongoing … Read more

Crooks threaten to leak 3B personal records ‘stolen from background check firm’

June 3, 2024 at 03:40PM Personal information of billions of US, Canadian, and British citizens may be dumped online after being allegedly obtained from a Florida firm. A criminal gang aims to sell the database for $3.5 million, which includes sensitive details like full names, addresses, social security numbers, and family information. The pilfered data … Read more

Name That Edge Toon: Zonked Out

June 3, 2024 at 12:37PM The excerpt calls for cybersecurity-related captions for a security team’s photo, with the chance to win a $25 Amazon gift card. Submissions are accepted via email, social media, and the previous month’s winner is acknowledged. The deadline for entries is June 26, 2024. “Surviving the daily grind of cybersecurity is … Read more