Security News

French professional basketball team LDLC ASVEL has confirmed that data was stolen after the NoEscape ransomware gang claimed to have attacked the club. "Alerted on October 12 through the press and having immediately contacted companies specializing in the field of cybersecurity, LDLC ASVEL is unfortunately today able to confirm that it has indeed been the victim of a violation of its computer system, with data exfiltration," reads a press statement from ASVEL. The threat actors claimed to have stolen 32 GB of data, including the personal data of players, passports and ID cards, and many documents relating to finance, taxation, and legal matters.

Following in the footsteps of BeyondTrust and CloudFlare, 1Password has revealed that it has been affected by the Okta Support System breach. David Bradbury, Chief Security Officer at Okta, disclosed last Friday that an attacker has "Leveraged access to a stolen credential to access Okta's support case management system" and "View files uploaded by certain Okta customers as part of recent support cases."

Popular password management solution 1Password said it detected suspicious activity on its Okta instance on September 29 following the support system breach, but reiterated that no user data was...

1Password, a popular password management platform used by over 100,000 businesses, suffered a security breach after hackers gained access to its Okta ID management tenant. "We detected suspicious activity on our Okta instance related to their Support System incident. After a thorough investigation, we concluded that no 1Password user data was accessed," reads a very brief security incident notification from 1Password CTO Pedro Canahuati.

The City of Philadelphia is investigating a data breach after attackers "May have gained access" to City email accounts containing personal and protected health information five months ago, in May. While officials discovered the incident on May 24 following suspicious activity in the City's email environment, the investigation found that the threat actors may have accessed emails in the compromised email accounts for at least two months after the City became aware of the incident. "However, to date, the investigation determined that between May 26, 2023 and July 28, 2023, an unauthorized actor may have gained access to certain City email accounts and certain information contained therein," the breach notice says.

Identity services provider Okta on Friday disclosed a new security incident that allowed unidentified threat actors to leverage stolen credentials to access its support case management system....

Microsoft is extending Purview Audit log retention as promised after the Chinese Storm-0558 hacking group breached dozens of Exchange and Microsoft 365 corporate and government accounts in July.The changes to audit logging retention announced today will roll out to Microsoft Purview Audit customers with Standard licenses in the coming weeks, starting with enterprise tenants this month and government customers in November.

Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform. Casio detected the incident on Wednesday, October 11, following the failure of a ClassPad database within the company's development environment.

Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. In September, TeamCity fixed a critical 9.8/10 vulnerability tracked as CVE-2023-42793 that allowed unauthenticated attackers to remotely execute code.

On October 1, word of a data breach spread after a post on a hacking forum claimed to be selling 3 million lines of customer information as well as D-View source code for a one-time $500 fee. D-Link's public disclosure confirmed it became aware of the incident on October 2 and with the help of investigators called in from Trend Micro, the company determined the actual number of stolen records to be around the 700 mark - substantially off the previously advertised total.