Security News

The Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members. The most sensitive information in the breach is a member's username, email address, billing address, salted and hashed password, and Discord ID. "This information is not private and can be obtained by anyone sharing a server with you. Its inclusion in the breach does mean that other people might be able to link your Discord account to a given email address," Discord.io explained about the leaking of Discord IDs.

The Colorado Department of Health Care Policy & Financing is alerting more than four million individuals of a data breach that impacted their personal and health information. The data breach was possible after Clop ransomware exploited the MOVEit Transfer zero-day in a hacking campaign that impacted hundreds of organizations worldwide.

Deception technology further strengthens both paradigms. Deception strategies can be tailored according to different goals and adversaries, whether they aim to obtain Tactics, Techniques, and Procedures, or to enable true positives early alert for the Security Operations Center.

Infosec in brief The July breach of Microsoft Exchange Online by suspected Chinese hackers is the next topic up for review by the Department of Homeland Security's Cyber Safety Review Board. The decision to investigate the July Outlook intrusion, and cloud security more broadly, was welcomed by senator Ron Wyden, who last week blamed Microsoft for its failure to protect cloud accounts belonging to US government officials and called for the CSRB to investigate the incident.

Missouri's Department of Social Services warns that protected Medicaid healthcare information was exposed in a data breach after IBM suffered a MOVEit data theft attack. Yesterday, the Missouri Department of Social Services disclosed a data breach that exposed health information related to Medicaid services in the state.

The U.K. Electoral Commission on Tuesday disclosed a "Complex" cyber attack on its systems that went undetected for over a year, allowing the threat actors to access years worth of voter data belonging to 40 million people. The intrusion enabled unauthorized access to the Commission's servers hosting email, control systems, and copies of the electoral registers it maintains for research purposes.

The UK Electoral Commission disclosed a massive data breach exposing the personal information of anyone who registered to vote in the United Kingdom between 2014 and 2022. The disclosure comes ten months after the Commission first detected the breach and two years after the initial breach occurred, raising questions about why it took so long to report the incident to the public.

The Colorado Department of Higher Education discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in June. "On June 19, 2023, CDHE became aware it was the victim of a cybersecurity ransomware incident that impacted its network systems," explains the data breach notification.

The root of the problem is that shared CPU components, like the internal memory system, combine attacker data and data from any other application, resulting in a combined leakage signal in the power consumption. Whether just suffering a ransomware attack is inevitably enough to be a material data breach.

Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach after attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer server. "On June 30, 2023, Serco was made aware that our third-party benefits administration provider, CBIZ, experienced a ransomware attack and data breach," the company explained.