Security News

Hacking group used ProxyLogon exploits to breach hotels worldwide
2021-09-23 19:50

A newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies. Slovakian internet security firm ESET spotted the hacking group and described it as an "Advanced persistent threat."

MyRepublic Data Breach Raises Data-Protection Questions
2021-09-10 20:17

Almost 79,400 MyRepublic mobile subscribers have been caught up in a data breach that exposed a range of personal information, the company has confirmed. The intrusion in question was aimed at a third-party data storage platform used to store the personal data of MyRepublic's mobile customers, the firm noted, in a Friday website notice.

MyRepublic discloses data breach exposing government ID cards
2021-09-10 18:47

MyRepublic Singapore has disclosed a data breach exposing the personal information of approximately 80,000 mobile subscribers. MyRepublic an Asia-Pacific telecommunications carrier and Internet service provider with operations in Singapore, New Zealand, and Australia.

Guntrader breach perp: I don't think it's a crime to dump 111k people's details online in Google Earth format
2021-09-07 10:01

The person who reformatted the Guntrader hack data as a Google Earth-compatible CSV has said they are prepared to go to prison - while denying their actions amounted to a criminal offence. The pseudonymous person spoke to The Register by email late last week after dumping the personal data of 111,000 UK firearm and shotgun certificate owners online in a CSV formatted for ease of importing into Google Earth, pinpointing gun owners' homes.

Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server
2021-09-07 03:05

The maintainers of Jenkins-a popular open-source automation server software-have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The "Successful attack," which is believed to have occurred last week, was mounted against its Confluence service that had been deprecated since October 2019, leading the team to take the server offline, rotate privileged credentials, and reset passwords for developer accounts.

Excellent Write-up of the SolarWinds Security Breach
2021-08-30 11:24

Robert Chesney wrote up the Solar Winds story as a case study, and it’s a really good summary.

Details of the Recent T-Mobile Breach
2021-08-27 13:37

Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security. I’ve lost count of how many times T-Mobile has been hacked.

Nokia subsidiary discloses data breach after Conti ransomware attack
2021-08-23 16:16

Image: Kabiur Rahman Riyad. SAC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems. Attack detected after Conti ransomware encrypted systems.

T-Mobile data breach just got worse — now at 54 million customers
2021-08-20 16:30

The T-Mobile data breach keeps getting worse as an update to their investigation now reveals that cyberattack exposed over 54 million individuals' data. The hacker said that the stolen database contains the data for approximately 100 million T-Mobile customers.

AT&T denies data breach after hacker auctions 70 million user database
2021-08-20 13:43

AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. The hacker states that they are willing to sell it immediately for $1 million.