August 20, 2024 at 06:50PM Cannon Corporation, operating as CannonDesign, has notified over 13,000 clients of a data breach where hackers stole data in early 2023. The breach included unauthorized network access and data theft. Despite discovering the breach in January 2023, the investigation was completed in May 2024, revealing compromised personal information. The ransomware … Read more
July 16, 2024 at 10:58AM Rite Aid, the third-largest US drugstore chain, suffered a data breach affecting 2.2 million customers’ personal information. The breach, detected on June 6, involved purchase-related data such as names, addresses, and driver’s license numbers, but not Social Security, financial, or health information. The ransomware gang RansomHub claimed responsibility and threatened … Read more
May 28, 2024 at 02:39PM Evgeniy Doroshenko, a Russian national, has been indicted in the U.S. for wire and computer fraud. He allegedly acted as an “initial access broker,” gaining unauthorized entry to corporate networks and selling access on Russian-language cybercrime forums. The charges carry a maximum of 20 years imprisonment and a $250,000 fine … Read more
November 16, 2023 at 07:00AM Novel attack methods targeting Google Workspace and the Google Cloud Platform have been demonstrated, posing risks of ransomware, data exfiltration, and password recovery attacks. Threat actors could exploit vulnerabilities in Google Credential Provider for Windows (GCPW) to gain access to machines and bypass multi-factor authentication protections. These attacks highlight the … Read more
November 15, 2023 at 07:46PM The chief security officer of Clorox, Amy Bogac, has left her position following a corporate network breach that cost the company hundreds of millions of dollars. In separate news, ransomware group AlphV has claimed to have breached digital lending firm MeridianLink and filed a complaint against the company with the … Read more
November 15, 2023 at 11:17AM PJ&A, a medical transcription service provider, experienced a cyberattack in March 2023 that exposed the personal information of approximately 9 million patients. The breach included sensitive data such as full names, dates of birth, medical records, social security numbers, and more. PJ&A began notifying affected individuals on October 31, 2023. … Read more
November 2, 2023 at 12:23PM HelloKitty ransomware is exploiting a critical Apache ActiveMQ flaw to breach networks and encrypt devices. The flaw allows attackers to execute arbitrary shell commands. Despite a security update being released, there are still thousands of internet-exposed servers using a vulnerable version. Rapid7 reported instances of threat actors exploiting the flaw … Read more
October 23, 2023 at 12:42PM US energy services firm BHI Energy disclosed how the Akira ransomware gang breached their network and stole data in a recent attack. The attackers used stolen VPN credentials from a third-party contractor to gain access. They stole 767k files, including personal information such as full names, dates of birth, social … Read more