Data Breaches news & analysis | SC Media

Data Breach

Have I Been Pwned code base goes open source as it expands

After a failed attempt at a sale, Have I Been Pwned (HIBP) founder Troy Hunt decided to open source the code base for the sprawling database, which has become unwieldy for his singular stewardship. Hunt said the HIPB website, which since 2013 has allowed internet users to check if their data has been compromised and…

More attackers trying to sabotage incident response tactics

The security industry needs to become more clandestine in its approach to incident response, making it harder for attackers to know that they are being tracked. At least that’s what researchers concluded in the fifth installment of VMware Carbon Black’s semi-annual Global Incident Response Threat Report, which also focused heavily on the impact of COVID-19…

Coordinated attack on Reddit spreads pro-Trump messaging

In a coordinated attack against Reddit that underscored the importance of multifactor authentication hackers compromised moderator accounts and led to numerous subreddit accounts being vandalized and defaced with pro-Trump messaging. Reddit acknowledged the “ongoing incident” and said it is “working on locking down the bad actors and reverting the changes.” The platform administrators called for…

Regulators levy $80 million fine, hammer Capital One for massive breach

Bank regulators dropped the hammer on Capital One, with the Office of the Comptroller of the Currency (OCC) levying an $80 million fine and the Federal Reserve filing a cease and desist order that specified what the steps the bank needed to take to redeem itself after a massive data breach in 2019 that compromised…

Stricken electronics firms weigh reward, cost of paying ransom

Garmin reportedly paid cyber extortionists millions of dollars for access to a decryptor so that the company could restore its services to customers following a July 23 WastedLocker ransomware attack. Meanwhile, a separate ransomware outfit this week reportedly leaked sensitive data lifted from LG and Xerox’s internal networks after attempted negotiations with the two tech…

Five ways to declaw the Meow bot

While the motivation behind the “Meow” bot attacks is unknown, the menace is still out there wiping out open source databases left unsecured on the internet, prompting Elastic to offer clear steps that organizations can take to safeguard their data. The bot came on the scene about two weeks ago when it was reported that…

Lesson learned: Failure to patch led to password leak of 900 VPN enterprise servers

Applying a security update to a CVE released more than a year ago could have prevented a hacker from publishing plaintext usernames and passwords, as well as IP addresses, for more than 900 Pulse Secure VPN enterprise servers. “The lesson here? Patch, patch, patch,” said Laurence Pitt, global security strategy director at Juniper Networks. “The…

Misconfigured servers contributed to more than 200 cloud breaches

Misconfigured storage services in 93 percent of cloud deployments have contributed to more than 200 breaches over the past two years, exposing more than 30 billion records, according to a report from Accurics, which predicted that cloud breaches are likely to increase in both velocity and scale. The researchers found that 91 percent of the…

Feds arrest teen Twitter hack leader, accomplices

The ringleader of the Twitter breach that used prominent accounts to run a cryptocurrency scam turns out to be a 17-year-old in Tampa arrested earlier today. Two accomplices, Nima Fazeli, 22, of Orlando and Mason Sheppard, 19, in the U.K., known as Rolex and Chaewon, respectively, were also arrested in the scheme that took over…

Next post in Data Breach