Security News

Game publishing giant Bandai Namco has confirmed that they suffered a cyberattack that may have resulted in the theft of customers' personal data. This past Monday, the BlackCat ransomware operation claimed to have breached Bandai Namco and stolen corporate data during the attack.

Microsoft announced today the general availability of tenant-wide idle session timeout for Microsoft 365 web apps to protect confidential data on shared or non-company devices left unattended. After an IT admin such as a Microsoft 365 or Office 365 global admin enables this new feature, users who have reached the configured period of inactivity will be notified that they're going to be automatically signed out.

The Conti ransomware operation has finally shut down its last public-facing infrastructure, consisting of two Tor servers used to leak data and negotiate with victims, closing the final chapter of the notorious cybercrime brand. Conti left one member behind to continue leaking data and taunting Costa Rica to create a facade of a running operation while its members quietly moved to other ransomware gangs.

Several U.S. federal agencies warned organizations today against paying ransom demands made by the Karakurt gang since that will not prevent their stolen data from being sold to others. Karakurt, the data extortion arm of the Conti ransomware gang and cybercrime syndicate, is focused on stealing data from companies since at least June 2021 and forcing them into paying ransoms under the threat of publishing the information online.

The UK Ministry of Defence has suspended online application and support services for the British Army's Capita-run Defence Recruitment System and confirmed to us that digital intruders compromised some data held on would-be soldiers. The extent and method of the attack remains under investigation by the MoD and Capita.

Adafruit has disclosed a data leak that occurred due to a publicly-viewable GitHub repository. On Friday, March 4th, Adafruit announced that a publicly-accessible GitHub repository contained a data set comprising information on some user accounts.

CybelAngel published a research revealing that data leaks and shadow assets are the greatest source of exposure to cyberattacks faced by large organizations across the globe. Based on data from a sample group of customers, the research report reveals that data leak incidents increased, overall, by 63% and vulnerable shadow assets exposure grew by 40% in 2021.

Just under two weeks ago, we wrote about an Apple Safari bug that could allow rogue website operators to track you even if they gave every impression of not doing so, and even if you had strict privacy protection turned on. That vulnerability, now known as CVE-2022-22594, showed up in Safari because of a bug in WebKit, the "Browser rendering engine", as these things are generally known, on which the Safari app is based.

Humanitarian organization the International Red Cross disclosed this week that it has fallen foul of a cyberattack that saw the data of over 515,000 "Highly vulnerable people" exposed to an unknown entity. The target of the attack was the organisation's Restoring Family Links operation, which strives to find missing persons and reunite those separated from their families due to armed conflict, migration, disaster, detention and other catastrophic events.

The St. Louis Post-Dispatch newspaper recently found a huge security blunder: The Missouri educational agency's site was displaying 100,000+ clearly visible Social-Security numbers for school teachers, administrators and counselors in its HTML source code. Through a multi-step process, an individual took the records of at least three educators, decoded the HTML source code, and viewed the SSN of those specific educators.