June 28, 2024 at 12:52PM Ticketmaster has informed customers about a data breach involving the theft of personal data from their Snowflake database. The breach occurred between April and May, affecting millions of customers worldwide. The stolen data includes names, contact information, credit card details, and more. Ticketmaster is offering free identity monitoring and warns … Read more
June 28, 2024 at 10:48AM TeamViewer, a widely used RMM software, has reported a breach in their corporate network believed to be orchestrated by the Russian state-sponsored hacking group Midnight Blizzard. The company believes the breach occurred using an employee’s credentials. TeamViewer assures customers that their production environment and customer data were not accessed, recommending … Read more
June 25, 2024 at 10:47AM Luxury retailer Neiman Marcus confirmed a data breach after hackers attempted to sell the company’s data from a recent attack. Personal information of 64,472 people was affected, but gift card PINs were not compromised. The breach is linked to the Snowflake data theft attacks, with the threat actor attempting to … Read more
June 24, 2024 at 09:57AM The Los Angeles County Department of Health Services (DHS) revealed a data breach resulting from a push notification spamming attack on an employee’s Microsoft 365 account. Personal information may have been compromised, including names, addresses, Social Security numbers, and medical data. The DHS took immediate action to mitigate the breach … Read more
June 19, 2024 at 09:33AM Amtrak notifies customers of a hacking incident involving username and password combinations obtained from other data breaches. Threat actors accessed accounts, changing email addresses and accessing personal and financial information. Amtrak urges affected individuals to reset passwords, review account statements, and consider placing fraud alerts on credit files. The company … Read more
June 18, 2024 at 01:32PM Australia’s Information Commissioner’s report identified operational failures that allowed a breach of Medibank’s network, exposing data from 9.7 million individuals. A contractor’s compromised credentials were exploited, granting unauthorized access. The breach involved a ransomware gang and a sanctioned Russian national. The report highlights the importance of implementing multi-factor authentication to … Read more
June 17, 2024 at 07:30AM Amazon Web Services (AWS) is making multi-factor authentication (MFA) mandatory for specific users, starting with privileged users in 2024. This change is being gradually implemented, aiming to enhance security against credential-based attacks. Additionally, AWS introduced FIDO2 passkey support, enabling customers to use biometrics or device PINs for MFA across various … Read more
June 15, 2024 at 01:15PM Microsoft’s ‘Secure Future Initiative’ for Outlook personal email accounts includes deprecating basic authentication by September 16, 2024. It aims to enhance cybersecurity by phasing out unsafe practices and replacing them with modern authentication methods backed by multi-factor authentication. Deprecations include ‘Mail’ and ‘Calendar’ apps on Windows and Outlook Light, with … Read more
June 14, 2024 at 03:00AM AWS made several security announcements at its re:Inforce conference, including new features for identity and malware protection services. These include support for passkeys as part of multi-factor authentication, IAM Access Analyzer enhancements, Amazon GuardDuty Malware Protection for S3, and a preview of natural language query generation in AWS CloudTrail Lake. … Read more
June 11, 2024 at 02:10PM Pure Storage confirmed a data breach involving a single Snowflake data analytics workspace. No customer data was compromised, but telemetry information such as company names and email addresses was accessed. Security firm Mandiant identified a common factor in the breaches as the lack of Multi-Factor Authentication. Pure Storage stated that … Read more