Security News

Syniverse, a service provider for most telecommunications companies, disclosed that hackers had access to its databases over the past five years and compromised login credentials belonging to hundreds of customers. Self-described as "The world's most connected company," Syniverse provides text messaging routing services to over 300 mobile operators, among them Vodafone, AT&T, T-Mobile, Verizon, America Movil, Telefonica, and China Mobile.

Neiman Marcus, the Texas-based luxury department stores chain, is sending notices of a data breach to roughly 4.3 million customers. According to the letter, which has been shared with Maine's Attorney General's office, the data breach unfolded back in May 2020 when a cyber-intruder gained access to a large number of online account credentials and used them to access private customer information.

Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees' personal information. An SEC filing by Forward Air states that the company lost $7.5 million of less than load freight revenue "Primarily because of the Company's need to temporarily suspend its electronic data interfaces with its customers."

Cyentia Institute and RiskRecon released a research that quantifies how a multi-party data breach impacts many organizations in today's interconnected digital world. The impact of multi-party data breach events 897 multi-party data breach incidents, also referred to as ripple events, have been observed since 2008.

A newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies. Slovakian internet security firm ESET spotted the hacking group and described it as an "Advanced persistent threat."

Almost 79,400 MyRepublic mobile subscribers have been caught up in a data breach that exposed a range of personal information, the company has confirmed. The intrusion in question was aimed at a third-party data storage platform used to store the personal data of MyRepublic's mobile customers, the firm noted, in a Friday website notice.

MyRepublic Singapore has disclosed a data breach exposing the personal information of approximately 80,000 mobile subscribers. MyRepublic an Asia-Pacific telecommunications carrier and Internet service provider with operations in Singapore, New Zealand, and Australia.

The person who reformatted the Guntrader hack data as a Google Earth-compatible CSV has said they are prepared to go to prison - while denying their actions amounted to a criminal offence. The pseudonymous person spoke to The Register by email late last week after dumping the personal data of 111,000 UK firearm and shotgun certificate owners online in a CSV formatted for ease of importing into Google Earth, pinpointing gun owners' homes.

The maintainers of Jenkins-a popular open-source automation server software-have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The "Successful attack," which is believed to have occurred last week, was mounted against its Confluence service that had been deprecated since October 2019, leading the team to take the server offline, rotate privileged credentials, and reset passwords for developer accounts.

Robert Chesney wrote up the Solar Winds story as a case study, and it’s a really good summary.