Data Breach | SC Media

Data Breach

Microsoft web mail services breached after support agent’s credentials are compromised

By

Hackers reportedly compromised a Microsoft Corp. support agent’s credentials, allowing them to gain unauthorized access to the company’s various web-based email services, including Outlook, MSN and Hotmail, for at least three months in 2019. This breach exposed not only information pertaining to certain customers’ email accounts, but also in some cases the content of the…

Commission offers suggestions for stemming online spy threat from China

Chinese HR firms and recruiting agencies found to leak more than half a billion resumes

By

Chinese companies were discovered leaking more than half a billion resumes on the web via poorly secured ElasticSearch and MongoDB databases. The leaks occurred solely at Chinese firms over the last few months from Chinese human resource-focused companies in batches ranging from a handful of CVs to professional executive head-hunting firms all leaking customer details…

The trickle-down effect of cyberwarfare: Protecting yourself when the bad gets worse

In the post-Vault7 world, there has been an interesting shift in the cybersecurity landscape. At one time, well-funded, government-backed nation-state threat actors were the only ones capable of carrying out sophisticated cyberattacks. But now, these hacking techniques have trickled down to your average cybercriminal, equipping them with the power to take down enterprise networks, steal…

VSkimmer trojan steals card data on point-of-sale systems

2M credit cards exposed in Buca di Beppo, Earl of Sandwich, Planet Hollywood parent company breach

By

A point-of-sale data breach allegedly discovered a month ago and just now admitted, exposed two million credit cards belonging to diners of Earl Enterprises restaurants. KrebsOnSecurity claims to have contacted the Italian restaurant chain that owns Buca di Beppo, Earl of Sandwich, Planet Hollywood and other restaurant brands, on Feb. 21, 2019, after finding evidence…

github_1439470

Paper: Leaked authentication secrets rampant across GitHub

By

An academic study of GitHub found that more than 100,000 of the web service’s code repositories contain publicly accessible authentication secrets such as API and cryptographic keys, while thousands of new secrets are leaked each day. North Carolina State University researchers Michael Meli, Matthew McNiece (also from Cisco Systems) and Bradley Reaves detail their findings…

Phishing scam stings Oregon Dept. of Human Services, compromises emails containing resident data

By

The Oregon Department of Human Services (DHS) was the victim of a phishing campaign earlier this year, resulting in a data breach that reportedly involves the records of up to 1.6 million state residents. According to a March 21 Oregon DHS press release, the incident took place last Jan. 8, when nine separate agency employees…

Report: Chinese e-retailer Gearbest leaves database exposed, endangering 1.5 million records

By

The parent company of Chinese e-retailing giant Gearbest has been operating a completely unsecured corporate database, leaving roughly 1.5 million customer records unencrypted and exposed to the public, a new report warns. Led by white-hat hacker Noam Rotem, researchers from VPNMentor revealed the security issue after discovering they were able to access Gearbest’s customer, order,…

Next post in Security News