Security News

Infosec boffins at the University of Kent have developed a "Comprehensive playbook" for companies who, having suffered a computer security breach, want to know how to shrug off the public consequences and pretend everything's fine. In a new paper titled "A framework for effective corporate communication after cyber security incidents," Kent's Dr Jason Nurse, along with Richard Knight of the University of Warwick, devised a framework for companies figuring out how to publicly respond to data security breaches and similar incidents where servers are hacked and customer records end up in the hands of criminals.

German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment. As a consequence, systems gradually crashed and the hospital wasn't able to access data; emergency patients were taken elsewhere and operations postponed.

Thousands of Magento-powered online stores have been hacked over the past few days as part of a skimming campaign that has been described as the "Largest ever." Sansec on Monday reported seeing nearly 2,000 Magento stores that have been compromised as part of this campaign since Friday - over 1,000 stores were hacked on Saturday, more than 600 on Sunday, and over 200 so far on Monday.

Virginia's largest school system has been hacked and the attackers are seeking a ransom payment to keep them from disclosing stolen personal information. The school system confirmed the hack and said it is investigating and working with law enforcement.

"We want to reassure everyone that this event won't stop our journey. After the security audit of renowned global companies, our operations will continue. We will announce the date of the reopening of the ETERBASE Exchange platform as soon as possible." If you're running Multi-Factor Authentication or Palo Alto's Captive Portal interface, an attacker can exploit a buffer overflow to ultimately gain code execution as root.

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Dealing with compromised customer accounts is a constant challenge for any organization doing business online today, and certainly Sendgrid is not the only email marketing platform dealing with this problem.

Researchers have once again demonstrated that many printers can be hacked remotely, by hijacking 28,000 devices and instructing them to print out a printer security guide. The researchers said the document was printed by nearly 28,000 of those devices, which suggests that 56% of exposed printers can be hijacked.

The Maze hacker gang claims it has infected computer memory maker SK hynix with ransomware and leaked some of the files it stole. For what it's worth, the Maze crew doesn't tend to need to fib about these sort of things.

Chinese hackers infiltrated at least 10 Taiwan government agencies and gained access to around 6,000 email accounts in an attempt to steal data, officials said Wednesday. The damage done was "Not small", according to a top Taiwan cyber official, who said the full impact was still being assessed.

Carnival Corp. says it was the victim of a ransomware attack that likely got some personal information about the cruise company's guests and employees. The attack accessed an encrypted portion of technology systems for one of the cruise line's brands and certain data files were downloaded, the company said in a filing with the U.S. Securities and Exchange Commission.