Security News

The Canadian government says two of its contractors have been hacked, exposing sensitive information belonging to an undisclosed number of government employees. These breaches occurred last month and impacted Brookfield Global Relocation Services and SIRVA Worldwide Relocation & Moving Services, both providers of relocation services to Canadian government employees.

The UK division of Samsung Electronics has allegedly alerted customers of a year-long data breach - the third such incident the South Korean giant has experienced around the world in the past two years. An email to customers, shared on social media by web security consultant and Have I Been Pwned creator Troy Hunt, detailed that the breach exposing data of customers who made purchases between July 1, 2019 and June 30, 2020 was discovered on November 13.

Toyota Financial Services has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company. Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers.

The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack. Hackers snitch to the SEC. According to DataBreaches.net, the ALPHV ransomware gang said they breached MeridianLink's network on November 7 and stole company data without encrypting systems.

Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. The company says that the cyberattack impacted only customers who made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020.

Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. The company says that the cyberattack impacted only customers who made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020.

Postmeds, doing business as 'Truepill,' is sending notifications of a data breach informing recipients that threat actors accessed their sensitive personal information. Truepill is a B2B-focused pharmacy platform that uses APIs for order fulfillment and delivery services for direct-to-consumer brands, digital health companies, and other healthcare organizations across all 50 states in the U.S. Regarding the number of impacted individuals, According to the U.S. Department of Health and Human Services Office for Civil Rights breach portal the incident incident impacts 2,364,359 people.

Aqua Trivy open-source security scanner now finds Kubernetes security risksThe Aqua Trivy open-source scanner now supports vulnerability scanning for Kubernetes components and Kubernetes Bill of Materials generation. Sumo Logic discloses potential breach via compromised AWS credentialCloud-native big data and security analytics firm Sumo Logic is investigating a potential security incident within their platform, the company revealed on Tuesday.

Mr. Cooper, the largest home loan servicer in the United States, says it found evidence of customer data exposed during a cyberattack disclosed last week, on October 31. The mortgage loan giant's notice says it's still investigating the nature of the compromised data and will provide affected customers with more information over the coming weeks.

Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool. [...]