Tag: z.bleepingComputer

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in June. In a ‘Notice of Data Incident’ published on the CDHE website, the Department says they suffered a ransomware attack on June 19th, 2023. “On June 19, 2023, CDHE became aware it was the victim of…

Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices. Ubuntu is one of the most widely used Linux distributions, especially popular in the U.S., having an approximate user base of over 40 million. Two recent flaws tracked as CVE-2023-32629 and CVE-2023-2640 discovered by Wiz’s…

NATO has confirmed that its IT team is investigating claims about an alleged data-theft hack on the Communities of Interest (COI) Cooperation Portal by a hacking group known as SiegedSec. The COI Cooperation Portal (dnbl.ncia.nato.int) is the military alliance’s unclassified information-sharing and collaboration environment, dedicated to supporting NATO organizations and member nations. Yesterday, the hacking group ‘SiegedSec’ posted on Telegram…

The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they’re material incidents. According to the Wall Street watchdog, material incidents are those that a public company’s shareholders would consider important. The SEC also adopted new regulations mandating foreign private issuers to provide equivalent disclosures following cybersecurity…

The U.S. Justice Department and the Federal Trade Commission (FTC) announced that Amazon has agreed to pay a $25 million fine to settle alleged children’s privacy laws violations related to the company’s Alexa voice assistant service. Amazon has offered Alexa voice-activated products and services targeted at children under 13 years old since May 2018. In May 2023, the Federal Trade…

A threat actor referred to as ‘RomCom’ has been targeting organizations supporting Ukraine and guests of the upcoming NATO Summit set to start tomorrow in Vilnius, Lithuania. BlackBerry’s research and intelligence team recently discovered two malicious documents that impersonated the Ukranian World Congress organization and topics related to the NATO Summit to lure selected targets. The attackers used a replica of the…

The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY) has fined two companies with 12.3 million SEK (€1 million/$1.1 million) for using Google Analytics and warned two others about the same practice. In a decision published yesterday, the agency explains that by using Google Analytics to generate web statistics the firms were breaching European Union’s General Data Protection Regulation (GDPR)….

Microsoft has denied the claims of the so-called hacktivists “Anonymous Sudan” that they breached the company’s servers and stole credentials for 30 million customer accounts. Anonymous Sudan is known for debilitating distributed denial-of-service (DDoS) attacks against Western entities in recent months. The group has confirmed their affiliation with pro-Russian hacktivists like Killnet. Last month, Microsoft admitted that Anonymous Sudan was responsible…

Petro-Canada gas stations across Canada are impacted by technical problems preventing customers from paying with credit card or rewards points as its parent company, Suncor Energy, discloses they suffered a cyberattack. Suncor Energy is the 48th-largest public company in the world, and one of Canada’s largest synthetic crude producers, having an annual revenue of $31 billion. The company says it…

A Florida man has pleaded guilty to importing and selling counterfeit Cisco networking equipment to various organizations, including education, government agencies, healthcare, and the military. The 39-year-old resident of Florida, Onur Aksoy, conducted the scheme through 19 companies formed in New Jersey and Florida and in several online storefronts, collectively known as ‘Pro Network Entities,’  Aksoy had a criminal complaint…

CISA warned of a recently patched zero-day vulnerability exploited last week to hack into Barracuda Email Security Gateway (ESG) appliances. Barracuda says its security solutions are used by more than 200,000 organizations worldwide, including high-profile companies like Samsung, Mitsubishi, Kraft Heinz, and Delta Airlines. The U.S. cybersecurity agency also added the bug (CVE-2023-2868) to its catalog of security flaws exploited…

Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, since at least mid-2021. Their victims span a wide range of critical sectors, including government, maritime, communications, manufacturing, information technology, utilities, transportation, construction, and education. “Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing…

Apple’s App Store team prevented more than $2 billion in transactions tagged as potentially fraudulent and blocked almost 1.7 million app submissions for privacy, security, and content policy violations in 2022. As part of its ongoing efforts to fend off account fraud, the company also terminated 428,000 developer accounts for potentially fraudulent activity, deactivated 282 million fraudulent customer accounts, and blocked…

Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers.

PharMerica is a pharmacy services provider in 50 U.S. states, operating 180 local and 70,000 backup pharmacies, and serving 3,100 medical facilities nationwide.

According to a data breach notification submitted to the Office of the Maine Attorney General, hackers breached PharMerica’s system on March 12th, 2023, stealing the full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of 5,815,591 people.

The firm discovered the intrusion on March 14th, 2023, and its investigation determined on March 21st that client data had been stolen. However, notices of a data breach were sent to impacted individuals only last Friday, May 12th, 2023.

airBaltic, Latvia’s flag carrier has acknowledged that a ‘technical error’ exposed reservation details of some of its passengers to other airBaltic passengers. Passengers also reported receiving unexpected emails which addressed them by the name of another customer. The Riga-based airline, incorporated as AS Air Baltic Corporation operates flights to 80 destinations and is 97% government-owned. Although the air carrier says the…