Security News

The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts. "SCO has notified the employee's contacts who may have received a potentially malicious email from the unauthorized user. SCO team members have identified all personal information included in the compromised email account and begun the process of notifying affected parties. The Controller is going over and beyond the notification requirements in law by providing both actual mailed notification and substitute notification in an effort to ensure the broadest possible notification."

Energy giant Shell has disclosed a data breach after attackers compromised the company's secure file-sharing system powered by Accellion's File Transfer Appliance. Shell disclosed the attack in a public statement published on the company's website last week and said that the incident only affected the Accellion FTA appliance used to transfer large data files securely.

Thanks to a new plea deal with the Florida State Attorney's Office, the 18-year-old behind last summer's breach of Twitter's high-profile accounts will not be charged as an adult, and instead will serve his sentence in juvenile detention. Graham Ivan Clark was arrested seven months ago, and has accepted responsibility the July "Bit-Con" Twitter breach.

The now-defunct WeLeakInfo data breach site has suffered its own data breach after a threat actor leaked the service's payment information and customer info. Last Thursday, a threat actor released an archive of payment processing data used by WeLeakInfo when processing payments through Stripe.

The now-defunct WeLeakInfo data breach site has suffered its own data breach after a threat actor leaked the service's payment information and customer info. Last Thursday, a threat actor released an archive of payment processing data used by WeLeakInfo when processing payments through Stripe.

The now-defunct WeLeakInfo data breach site has suffered its own data breach after a threat actor leaked the service's payment information and customer info. Last Thursday, a threat actor released an archive of payment processing data used by WeLeakInfo when processing payments through Stripe.

A medical practice management firm that provides support to Tacoma-based MultiCare Health System has alerted over 200,000 patients, providers and staff that their personal information may have been exposed. Woodcreek Provider Services announced Tuesday that after a ransomware attack of its tech vendor, the information was retrieved upon paying an undisclosed ransom, The News Tribune reported.

A CCTV camera biz which left an admin account username and password exposed on the World Wide Web has, you guessed it, been targeted by hacktivists. Those cameras belonged to a whole host of organisations, according to the Bloomberg financial newswire, including: Tesla; Cloudflare; hospitals; police stations; prisons and, allegedly, more.

Hackers claim to have breached Silicon Valley startup Verkada to gain unauthorized access to live feeds of 150,000 security cameras. The breach represents a broad vision of the privacy and security violations that can occur if video surveillance footage falls into the wrong hands.

A US hacker collective on Tuesday claimed to have tapped into footage from 150,000 security cameras at banks, jails, schools, carmaker Tesla and other sites to expose "The surveillance state." Images captured from hacked surveillance video were posted on Twitter with an #OperationPanopticon hashtag.