Data Breach | SC Media

Data Breach

VSkimmer trojan steals card data on point-of-sale systems

2M credit cards exposed in Buca di Beppo, Earl of Sandwich, Planet Hollywood parent company breach

A point-of-sale data breach allegedly discovered a month ago and just now admitted, exposed two million credit cards belonging to diners of Earl Enterprises restaurants. KrebsOnSecurity claims to have contacted the Italian restaurant chain that owns Buca di Beppo, Earl of Sandwich, Planet Hollywood and other restaurant brands, on Feb. 21, 2019, after finding evidence…

github_1439470

Paper: Leaked authentication secrets rampant across GitHub

An academic study of GitHub found that more than 100,000 of the web service’s code repositories contain publicly accessible authentication secrets such as API and cryptographic keys, while thousands of new secrets are leaked each day. North Carolina State University researchers Michael Meli, Matthew McNiece (also from Cisco Systems) and Bradley Reaves detail their findings…

Phishing scam stings Oregon Dept. of Human Services, compromises emails containing resident data

The Oregon Department of Human Services (DHS) was the victim of a phishing campaign earlier this year, resulting in a data breach that reportedly involves the records of up to 1.6 million state residents. According to a March 21 Oregon DHS press release, the incident took place last Jan. 8, when nine separate agency employees…

Report: Chinese e-retailer Gearbest leaves database exposed, endangering 1.5 million records

The parent company of Chinese e-retailing giant Gearbest has been operating a completely unsecured corporate database, leaving roughly 1.5 million customer records unencrypted and exposed to the public, a new report warns. Led by white-hat hacker Noam Rotem, researchers from VPNMentor revealed the security issue after discovering they were able to access Gearbest’s customer, order,…

Senate building

Senators propose they too should report when breached

Senators Ron Wyden, D-Ore., and Tom Cotton, R-Ark., are calling for senators to report if they have been hacked at the end of each year. The duo pointed out that the Senate is considered a “prime target” for cyber breaches noting that several high profile cyberattacks have already been carried out against government agencies including…

EU GDPR gavel thinkstock

Companies unable to meet stringent GDPR data breach reporting requirements

The first anniversary of GDPR going into effect is on the horizon, but one study has found that companies are rarely able to meet the reporting demands set by the legislation. A report by the cybersecurity firm Redscan, based on data received through a Freedom of Information request in the UK, found neither breach detection…

leakplumbing_863980

Dozens of high-profile Box accounts found leaking sensitive data

Adversis researchers have discovered that dozens of companies have leaked sensitive data as a result of misconfigured Box accounts. Box is a cloud based “content management platform” primarily used to share files and folders and similar to AWS S3 buckets. The files can be shared to anyone with the link, restricted to those within a…

Next post in Security News