Data Breach | SC Media

Data Breach

Hollywood

REvil hackers extort law firm with Lady Gaga, Nicki Minaj, Elton John as clients

Cyberattackers have breached a high-profile entertainment and media law firm, infecting the practice with ransomware and stealing files that apparently pertain to its star clients, including Lady Gaga, Madonna, Elton John, Barbara Streisand, Bruce Springsteen, Mariah Carey and Mary J. Blige. A cyber analyst who requested anonymity provided SC Media with content posted on the…

The report shines a light on the Syrian Electronic Army, including its attacks, tactics and members.

‘Shiny Hunters’ bursts onto dark web scene following breaches, Microsoft data theft claims

A malicious actor known as Shiny Hunters has emerged as a serious dark web player following a spate of high-profile breaches, and now the hacker or hackers is claiming to have stolen data from Microsoft’s private GitHub repositories and is threatening to release the code for free. According to researchers from ZeroFOX Alpha Team, Shiny…

Hospital

No reprieve for health care orgs as ransomware hits hospital operator, plastic surgeons

If there was any lingering hope that cybercriminals would show mercy on health care providers during the COVID-19 crisis — as some claimed they would do — that pipe dream evaporated with the news that various ransomware groups attacked Fresenius, Europe’s largest private hospital operator, as well as a pair of U.S.-based plastic surgery clinics.…

Cyber gangs battle to take down Xbox and PlayStation gaming networks for Christmas.

Roblox hacker enabled by insider threats; expert offers tips to curb rogue employees

A hacker reportedly used both bribery and social engineering to gain unauthorized access to a customer support system operated by the popular video game Roblox — illustrating why companies must be on the lookout for employees who fit the mold of an insider threat. The unnamed hacker told Motherboard that they paid one insider to…

Data Breach Disclosure

GoDaddy takes seven months to discover data breach

Cybersecurity pros are coming down hard on GoDaddy after the domain registry company reported that an outsider had accessed customer login credentials possibly affecting all 19 million company accounts. GoDaddy informed its customers on May 4 of the breach saying an unauthorized individual accessed the login credentials used to connect to SSH on the hosting…

In growing market for genetic data, privacy implications prove lasting

ExecuPharm employee info compromised following reported ransomware attack

ExecuPharm, a provider of pharmaceutical clinical research support services, has suffered a data security incident that has reportedly been identified as a CLOP ransomware attack, coupled with a corresponding data leak. Security experts have expressed concern that cybercriminals will target health care organizations at a time when their services may be needed to help respond…

Nintendo confirms 160,000 user accounts hacked

Nintendo has confirmed 160,000 user accounts have been accessed exposing a limited amount of PII and possibly access to Nintendo store accounts. The gaming company reported that starting in early April accounts were accessed through the Nintendo Network ID (NNID), which is primarily used for Switch gaming, Nintendo online store accounts and grants access to…

Paay open database exposes 2.5M transactions, challenges PCI compliance

The start-up payment processing firm Paay that promotes itself as providing extra security to online transactions called that claim into question when it misconfigured a payment card database, exposing 2.5 million credit card transactions and raising concerns over PCI compliance. New York-based Paay was exposed by security researcher Anurag Sen who found transaction information that…

Online leak undermines Torrance’s claim that no personal data was affected by cyberattack

A new online post by the DoppelPaymer gang further suggests that a cyberattack experienced by Torrance, California in late February-early March was a case of ransomware — one that appears to have affected personal data, despite the Los Angeles-area city’s claims otherwise. Brett Callow, threat analyst at Emsisoft, shared several examples of sensitive data published…

Next post in Cybercrime