Data Breach news and analysis | SC Media

Data Breaches News and Analysis

All eyes on VA security measures after compromise of 46,000 accounts

The U.S. Department of Veterans Affairs (VA) disclosure that the information of 46,000 U.S. service people recently was breached through an apparent social engineering scheme underscores the need for government vigilance even when a significant investment has been made in state-of-the-art protection. Security experts said the relatively low number of impacted accounts – in comparison…

History shows, transparency can ease the fallout from a cyberattack

Cybersecurity firms have a responsibility to keep their clients safe from digital attacks. But when they end up the victims, they potentially risk losing credibility with these customers, especially if their operations are disrupted. It’s a potentially juicy extortion scenario for attackers, and we just saw an example of this play out last week when…

What’s really changed three years after Equifax breach?

Are organizations better off today than they were three years ago when a devastating breach at Equifax exposed sensitive customer data and poor security practices in equal measure? The consensus among experts is that companies still have a ways to go. “Unfortunately, not much has changed,” said Greg Foss, senior threat researcher from VMware Carbon…

Corporate VPNs in danger as vishing attacks target home workers

Multiple hacking gangs are preying on remote workforces and corporate VPNs through vishing attacks that are more efficient, dangerous and ubiquitous than ever, prompting the U.S. government to issue both a warning and advice on how to thwart them. “The news has spread throughout the hacker community and multiple groups are now doing this,” said…

Apple OS developer supply chain threatened by ‘clever’ malware attack

In an attack described as a “clever” supply-chain threat, XCSSET malware is being injected undetected into programs created by unwitting Xcode Apple developers who share their projects on the GitHub repository. The “unusual infection” can pilfer infected users’ credentials, accounts and other vital data, according to a blog post from researchers at Trend Micro who…

Have I Been Pwned code base goes open source as it expands

After a failed attempt at a sale, Have I Been Pwned (HIBP) founder Troy Hunt decided to open source the code base for the sprawling database, which has become unwieldy for his singular stewardship. Hunt said the HIPB website, which since 2013 has allowed internet users to check if their data has been compromised and…

More attackers trying to sabotage incident response tactics

The security industry needs to become more clandestine in its approach to incident response, making it harder for attackers to know that they are being tracked. At least that’s what researchers concluded in the fifth installment of VMware Carbon Black’s semi-annual Global Incident Response Threat Report, which also focused heavily on the impact of COVID-19…

Coordinated attack on Reddit spreads pro-Trump messaging

In a coordinated attack against Reddit that underscored the importance of multifactor authentication hackers compromised moderator accounts and led to numerous subreddit accounts being vandalized and defaced with pro-Trump messaging. Reddit acknowledged the “ongoing incident” and said it is “working on locking down the bad actors and reverting the changes.” The platform administrators called for…

Stricken electronics firms weigh reward, cost of paying ransom

Garmin reportedly paid cyber extortionists millions of dollars for access to a decryptor so that the company could restore its services to customers following a July 23 WastedLocker ransomware attack. Meanwhile, a separate ransomware outfit this week reportedly leaked sensitive data lifted from LG and Xerox’s internal networks after attempted negotiations with the two tech…

Five ways to declaw the Meow bot

While the motivation behind the “Meow” bot attacks is unknown, the menace is still out there wiping out open source databases left unsecured on the internet, prompting Elastic to offer clear steps that organizations can take to safeguard their data. The bot came on the scene about two weeks ago when it was reported that…

Misconfigured servers contributed to more than 200 cloud breaches

Misconfigured storage services in 93 percent of cloud deployments have contributed to more than 200 breaches over the past two years, exposing more than 30 billion records, according to a report from Accurics, which predicted that cloud breaches are likely to increase in both velocity and scale. The researchers found that 91 percent of the…

Feds arrest teen Twitter hack leader, accomplices

The ringleader of the Twitter breach that used prominent accounts to run a cryptocurrency scam turns out to be a 17-year-old in Tampa arrested earlier today. Two accomplices, Nima Fazeli, 22, of Orlando and Mason Sheppard, 19, in the U.K., known as Rolex and Chaewon, respectively, were also arrested in the scheme that took over…