Security News

Joe Sullivan, the former Chief Security Officer of Uber, has been convicted of obstruction of proceedings of the Federal Trade Commission and misprision of felony in connection with the attempted cover-up of the hack Uber suffered in 2016. "In the wake of that disclosure, the FTC's Division of Privacy and Identity Protection embarked on an investigation of Uber's data security program and practices. In May 2015, the month after Sullivan was hired, the FTC served a detailed Civil Investigative Demand on Uber, which demanded both extensive information about any other instances of unauthorized access to user personal information, and information regarding Uber's broader data security program and practices."

A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. "We expect those companies to protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission and took steps to prevent the hackers from being caught."

The City of Tucson, Arizona, has disclosed a data breach affecting the personal information of more than 125,000 individuals.As revealed in a notice of data breach sent to affected people, an attacker breached the city's network and exfiltrated an undisclosed number of files containing sensitive information.

Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of its own. "There has been no breach of Telstra's systems," Narelle Devine, the company's chief information security officer for the Asia Pacific region, said.

Hard-to-control collaboration, complex SaaS permissions, and risky misconfigurations - such as admin accounts without multi-factor authentication - have left a dangerous amount of cloud data exposed to insider threats and cyberattacks, according to Varonis. For the report, researchers analyzed nearly 10 billion cloud objects across a random sample of data risk assessments performed at more than 700 companies worldwide.

Optus confirmed yesterday that 2.1 million customers had government identification numbers compromised during a cyberattack last month. In an investigation, Optus confirmed that a total of 2.1 million customers had valid or expired ID document numbers exposed to the hackers.

TD Bank has disclosed a data breach affecting an undisclosed number of customers whose personal information was stolen by a former employee and used to conduct financial fraud.TD Bank is one of the largest banks in the United States by deposits, operating 1,220 branches and employing over 26,000 people.

All of it I've never spent more than 10 seconds authorising myself to get into something when multifactor has popped up, and I can spare 10 seconds for the safety and security of not just my company's data, but our employees and our customers data. CHET. Well, the precise law in the United States, the Computer Fraud and Abuse Act, is very specific about the fact that you're breaching that Act when you exceed your authority or you have unauthorised access to a system.

A threat actor by the name of LeakBase has shared a database containing personal information allegedly affecting 16 million users of Swachh City, an Indian complaint redressal platform. Leaked details include usernames, email addresses, password hashes, mobile numbers, one-time passwords, last logged-in times, and IP addresses, among others, according to a report shared by security firm CloudSEK with The Hacker News.

Critical ManageEngine RCE flaw is being exploitedThe US Cybersecurity and Infrastructure Security Agency has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities Catalog. 3 free Linux security training courses you can take right nowLearning how to effectively navigate and interact with Linux can be an important part of your learning journey in cybersecurity.