Security News

The Philadelphia Inquirer has punched back at the Cuba ransomware gang after the criminals leaked what they said were files stolen from the newspaper. While The Inquirer confirmed Cuba had claimed responsibility for the break-in, it insisted that any documents posted by the gang on the dark web were not swiped from the newspaper.

In Brief More than 40 percent of surveyed IT security professionals say they've been told to keep network breaches under wraps despite laws and common decency requiring disclosure. To further complicate matters, 40 percent of IT infosec folk polled said they were told to not report security incidents, and that climbs to 70.7 percent in the US, far higher than any other country.

The actor emerged on Telegram in late 2021 and has been associated with the RansomHouse ransomware operation and the data leak platform, KelvinSecurity, and the network access group Adrastea. ARES Group manages its own site with database leaks and a forum, which may fill the void left by the now defunct Breached forum.

Microsoft unveils AI-powered Security Copilot analysis toolMicrosoft has unveiled Security Copilot, an AI-powered analysis tool that aims to simplify, augment and accelerate security operations professionals' work. Prioritizing data security amid workforce disruptionsIn this Help Net Security video, Chris Wey, President of Data Modernization at Rocket Software, discusses the risks organizations face and the steps they can take to mitigate disruption.

Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid. They have also impersonated some ransomware and data extortion gangs in emails and claimed to be the authors of the intrusion, stealing hundreds of gigabytes of important data.

OpenAI says a Redis client open-source library bug was behind Monday's ChatGPT outage and data leak, where users saw other users' personal information and chat queries.OpenAI took ChatGPT offline to investigate an issue but did not provide details as to what caused the outage.

In a separate incident, another 766,846 burger-buyers whose data should have been destroyed after a retention period expired also saw their info leak, attracting a ₩10 million wrist slap. The company therefore coughed up info about 1,540 customers, and earned ₩40 million in fines.

Latitude Financial has blamed a supplier for leaking creds that caused vast PII leak Australian outfit Latitude Financial has taken itself offline, and even stopped serving customers, while it tries to clean up an attack on its systems. Latitude said the attack on the vendor exposed credentials of its staff, which were used to log on to two other service providers it uses for matter such as identity verification.

Scandinavian Airlines has posted a notice warning passengers that a recent multi-hour outage of its website and mobile app was caused by a cyberattack that also exposed customer data. The cyberattack caused some form of a malfunction on the airline's online system, causing passenger data to become visible to other passengers.

Atlassian suffered a data leak after threat actors used stolen employee credentials to steal data from a third-party vendor. Atlassian confirmed to BleepingComputer that the compromised data was from third-party vendor Envoy which they use for in-office functions.