Security News

Popular athleisure clothing brand Halara is investigating a data breach after the alleged data of almost 950,000 customers was leaked on a hacking forum. Halara told BleepingComputer that it is aware that customer data was allegedly stolen and leaked online and is investigating a potential breach.

The LockBit ransomware operation has claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow. The LockBit ransomware gang has now claimed responsibility for the attack on Capital Health by listing the healthcare company on its data leak extortion portal yesterday.

The U.S. division of Xerox Business Solutions has been compromised by hackers with a limited amount of personal information possibly exposed, according to a statement by the parent company, Xerox Corporation. INC Ransom ransomware gang added the corporation to its extortion portal on December 29, claiming to have stolen sensitive data and confidential documents from its systems.

Cybercrime actor DragonForce which claimed responsibility for the attack has also leaked 95 GB of data that it states, belongs to the company. In a statement to BleepingComputer, Yakult Australia confirmed it was investigating a cyber incident that occurred in mid-December.

Kurtaj who is 18 years of age and autistic is among the primary Lapsus$ threat actors, and was involved in the leak of assets associated with the video game, Grand Theft Auto VI. Sentenced to life in a 'secure hospital'. Arion Kurtaj, a member of the Lapsus$ cybercrime group, was sentenced indefinitely to a "Secure hospital" by a British judge, according to a BBC report.

OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL. According to the researcher who discovered the flaw, the mitigation isn't perfect, so attackers can still exploit it under certain conditions. Security researcher Johann Rehberger discovered a technique to exfiltrate data from ChatGPT and reported it to OpenAI in April 2023.

The US Air Force reached that conclusion in an August report [PDF] made public yesterday into the actions of Airman 1st Class Jack Teixeira, who was arrested in April on suspicion that he had stolen and shared classified military documents on a private Discord server that later found their way to the wider internet - and, presumably, into the hands of foreign governments. Per the USAF report, Teixeira "Was observed viewing intelligence content on TS-SCI websites" in August 2022, and while his supervisor was informed, the incident wasn't otherwise documented.

Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense and the Department of Homeland Security confirmed that it suffered a cyberattack and is currently investigating the impact of the incident. Earlier today, the Hunters International ransomware and data extortion group claimed to have breached Austal USA and leaked some information as proof of the intrusion.

The Rhysida ransomware group has published most of the data it claimed to have stolen from the British Library a month after the attack was disclosed. The Register has not examined any of the data posted online, but a cursory perusal of the file trees leaked to Rhysida's website appears to show data related to various British Library departments, functions, and stakeholders.

Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. Rosaviatsia is the agency responsible for overseeing the civil aviation industry in Russia, keeping records of flight or emergency incidents.