Security News
Dymocks Booksellers is warning customers their personal information was exposed in a data breach after the company's database was shared on hacking forums.The company was informed that its customer data was stolen on September 6th, 2023, by Troy Hunt, the creator of the data breach notification service 'Have I Been Pwned', after a threat actor released it on a hacking forum.
State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho ManageEngine and Fortinet vulnerabilities, a joint advisory published by CISA, the FBI, and the United States Cyber Command revealed on Thursday. CISA was part of the incident response between February and April and said the hacking groups had been in the compromised aviation organization's network since at least January after hacking an Internet-exposed server running Zoho ManageEngine ServiceDesk Plus and a Fortinet firewall.
State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho and Fortinet vulnerabilities, a joint advisory published by CISA, the FBI, and the United States Cyber Command revealed on Thursday. CISA was part of the incident response between February and April and said the hacking groups had been in the compromised aviation organization's network since at least January after hacking an Internet-exposed server running Zoho ManageEngine ServiceDesk Plus and a Fortinet firewall.
Johnson & Johnson Health Care Systems has informed its CarePath customers that their sensitive information has been compromised in a third-party data breach involving IBM. IBM is a technology service provider for Janssen; specifically, it manages the CarePath application and database supporting its functions. IBM has published a separate announcement about the incident that says there are no indications the stolen data has been misused.
Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forging tokens to access Outlook by compromising an engineer's corporate account. "A consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process," the Microsoft Security Response Center said in a post-mortem report.
Freecycle, the charity aimed at recycling detritus that would otherwise be headed for landfill, has become the latest organization to suffer at the hands of cyber attackers and admit to a breach. Executive director Deron Beal said: "The data breach includes usernames, User IDs, email addresses and hashed passwords."
Northern Ireland's police chief, Simon Byrne, resigned last night after an emergency meeting of the Policing Board amid discontent in the rank and file over a data breach that exposed serving officers' info, as well as news he was considering appealing a court ruling linked to the Troubles. An armed police officer stands guard at a cordon point while army ammunition technical officers examine a suspected bomb in Belfast, Northern Ireland.
The average cost of a breach rose once again to $4.45 million, increasing 15% over the last three years. I can't make any promises regarding your bottom line, but I can offer some opinions on where I see risk reduction and potential cost savings in the event of a breach.
Freecycle, an online forum dedicated to exchanging used items rather than trashing them, confirmed a massive data breach that affected more than 7 million users. The nonprofit organization says it discovered the breach on Wednesday, weeks after a threat actor put the stolen data for sale on a hacking forum on May 30, warning affected people to switch passwords immediately.
Hackers are exploiting two recent MinIO vulnerabilities to breach object storage systems and access private information, execute arbitrary code, and potentially take over servers. MinIO is an open-source object storage service offering compatibility with Amazon S3 and the ability to store unstructured data, logs, backups, and container images of up to 50TB in size.