Security News
The 2022 Medibank data breach / extortion attack perpetrated by the REvil ransomware group started by the attackers leveraging login credentials stolen from a private computer of an employee of a Medibank's IT contractor. According to a statement by the Australian Information Commissioner filed with the Federal Court of Australia, the credentials were stolen by way of infostealer malware, after that employee "Saved his Medibank username and password for a number of Medibank accounts to his personal internet browser profile on the work computer he used to provide IT services to Medibank", and then signed into his internet browser profile on his personal computer.
PCBA manufacturing giant Keytronic is warning it suffered a data breach after the Black Basta ransomware gang leaked 530GB of the company's stolen data two weeks ago. While Keytronic didn't attribute the attack to a specific threat group, the Black Basta ransomware operation claimed the attack two weeks ago, leaking what they claim is 100% of the stolen data.
American financial services holding company Globe Life says attackers may have accessed consumer and policyholder data after breaching one of its web portals.The insurance company believes that taking down the affected web portal will not significantly impact its operations.
Leading U.S. commercial bank Truist confirmed its systems were breached in an October 2023 cyberattack after a threat actor posted some of the company's data for sale on a hacking forum. While BleepingComputer could not independently verify these claims, the data also allegedly contains bank transactions with names, account numbers, balances, and IVR funds transfer source code.
The New York Times notified an undisclosed number of contributors that some of their sensitive personal information was stolen and leaked after its GitHub repositories were breached in January 2024. "The New York Times recently communicated to some of our contributors regarding an incident that resulted in the exposure of some of their personal information," a Times spokesperson told BleepingComputer.
U.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack. In breach notification letters filed with the Office of California's Attorney General, Panera said it detected what it describes as a "Security incident," took measures to contain the breach, hired external cybersecurity experts to investigate the incident, and notified law enforcement.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
"Similar to many other companies, Life360 recently became the victim of a criminal extortion attempt. We received emails from an unknown actor claiming to possess Tile customer information," Life360 CEO Chris Hulls said. The exposed data "Does not include more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers, because the Tile customer support platform did not contain these information types," Hulls added.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
The TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems. TellYouThePass ransomware is known for quickly jumping on public exploits for vulnerabilities with a wide impact.