Security News
Northern Ireland's Department of Health has temporarily halted its COVID-19 vaccine certification online service following a data exposure incident. Some users of the COVIDCert NI service were presented with data of other users, under certain circumstances, says the Department.
Northern Ireland's Department of Health has temporarily halted its COVID-19 vaccine certification online service following a data exposure incident. Some users of the COVIDCert NI service were presented with data of other users, under certain circumstances, says the Department.
As cloud adoption accelerates and the scale of cloud environments grows, engineering and security teams say that risks-and the costs of addressing them-are increasing. The survey of 300 cloud pros found that 36% of organizations suffered a serious cloud security data leak or a breach in the past 12 months, and eight out of ten are worried that they're vulnerable to a major data breach related to cloud misconfiguration.
The Ragnar Locker ransomware gang have published download links for more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA. A set of 13 archives, allegedly containing sensitive ADATA files, have been publicly available at a cloud-based storage service, at least for some time. On Saturday, the ransomware actor published on their leak site the download links to a new set of ADATA corporate documents, warning interested parties that the links would not survive for long.
The Marketo data theft marketplace is applying maximum pressure on victims by emailing their competitors and offering sample packs of the stolen data. The data sold on these sites are obtained through the marketplace's own attacks, from other threat actors, or by collecting data released in other attacks, such as ransomware or website data breaches.
Alibaba's Chinese shopping operation Taobao has suffered a data breach of over a billion data points including usernames and mobile phone numbers. Both reports state that a developer created a crawler that was able to reach beneath information available to the human eye on Taobao, and that the crawler operated for several months before Alibaba noticed the effort.
The Indonesian government is blocking access to the RaidForums hacking forum after the alleged personal information of Indonesian citizens was posted online. While the Indonesian government has not confirmed if the data is legitimate, they have performed a random investigation of 1 million records and believe a more thorough investigation needs to be conducted by the government's information technology and cybersecurity agencies.
The High Court of Ireland has issued an injunction against the Conti Ransomware gang, demanding that stolen HSE data be returned and not sold or published. Today, Conti released a decryptor for encrypted files but warned that they still intend to publish or sell data stolen during the attack on the HSE. To try and prevent the release of personal and potentially sensitive medical data, the HSE has received an injunction against the Conti ransomware again from the High Court of Ireland.
Cybercriminals are embracing data-theft extortion by creating dark web marketplaces that exist solely to sell stolen data. Using ransomware data leak sites, Maze warned victims that they would publicly leak stolen data if victims did not pay a ransom.
The Dutch government has temporarily disabled its coronavirus warning app amid data privacy concerns for people who have the app installed on phones using the Android operating system. Health Minister Hugo de Jonge announced late Wednesday that the CoronaMelder app will stop sending warnings for 48 hours while the government checks if users' data is secure.