Security News

Taiwanese networking equipment manufacturer D-Link has confirmed a data breach that led to the exposure of what it said is "low-sensitivity and semi-public information." "The data was confirmed...

Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month. The attacker claims to have stolen source code for D-Link's D-View network management software, along with millions of entries containing personal information of customers and employees, including details on the company's CEO. The stolen data allegedly includes names, emails, addresses, phone numbers, account registration dates, and the users' last sign-in dates.

Infosec in brief The fallout from the exploitation of bugs in Progress Software's MOVEit file transfer software continues, with the US Securities and Exchange Commission now investigating the matter, and lots of affected parties seeking compensation. Per the disclosure, it received a subpoena from the SEC on October 2, in which the Commission asked for "Various documents and information relating to the MOVEit Vulnerability."

The UK's Financial Conduct Authority has fined Equifax a smidge over £11 million for severe failings that put millions of consumers at risk of financial crime.The two companies involved here are Equifax Ltd and Equifax Inc. There are key differences between the two that are important in fully understanding the case.

Shadow PC, a provider of high-end cloud computing services, is warning customers of a data breach that exposed customers' private information, as a threat actor claims to be selling the stolen data for over 500,000 customers. According to multiple tips sent to BleepingComputer yesterday from Shadow customers, the company has begun sending data breach notifications following a successful social engineering attack targeting its employees.

The BianLian extortion group claims to have stolen 210GB of data after breaching the network of Air Canada, the country's largest airline and a founding member of Star Alliance. BianLian claims to have exfiltrated technical and operational data spanning from 2008 to 2023, including details about the company's technical and security challenges, SQL backups, personal information of employees, data regarding vendors and suppliers, confidential documents, and archives from company databases.

Spanish airline Air Europa, the country's third-largest airline and a member of the SkyTeam alliance, warned customers on Monday to cancel their credit cards after attackers accessed their card information in a recent data breach. The credit card details exposed in the breach include card numbers, expiration dates, and the 3-digit CVV code on the back of the payment cards.

Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider. A data breach notification sent to impacted customers explains that Flagstar was indirectly impacted by Fiserv, a vendor it uses for payment processing and mobile banking services.

Cloud computing provider Blackbaud reached a $49.5 million agreement with attorneys general from 49 U.S. states to settle a multi-state investigation of a May 2020 ransomware attack and the resulting data breach. In the breach disclosed by Blackbaud in July 2020, the highly sensitive data belonging to over 13,000 Blackbaud business customers and their clients from the U.S., Canada, the U.K., and the Netherlands was compromised, impacting millions of individuals.

Sony Interactive Entertainment has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.According to the data breach notification, the compromise happened on May 28, three days before Sony learned from Progress Software about the flaw, but it was discovered in early June.