Security News
The BlackCat ransomware gang is behind a February cyberattack on Reddit, where the threat actors claim to have stolen 80GB of data from the company. On February 9th, Reddit disclosed that its systems were hacked on February 5th after an employee fell victim to a phishing attack.
Threat actors behind a recently surfaced ransomware operation known as Rhysida have leaked online what they claim to be documents stolen from the network of the Chilean Army.The leak comes after the Chilean Army confirmed on May 29 that its systems were impacted in a security incident detected over the weekend on May 27, according to a statement shared by Chilean cybersecurity firm CronUp.
The WooCommerce Stripe Gateway plugin for WordPress was found to be vulnerable to a bug that allows any unauthenticated user to view order details placed through the plugin. WooCommerce Stripe Payment is a payment gateway for WordPress e-commerce sites, which currently has 900,000 active installations.
India's tech minister Rajeev Chandrasekhar confirmed "A Telegram Bot was throwing up Co-WIN app details upon entry of phone numbers," but claimed the data came from a previous breach unrelated to Co-WIN. India's Ministry of Health and Family Welfare later denied any breach, writing "It is clarified that all such reports are without any basis and mischievous in nature." "Union Health Ministry has requested the Indian Computer Emergency Response Team to look into this issue and submit a report. In addition, an internal exercise has been initiated to review the existing security measures of Co-WIN," states a Ministerial announcement.
The Swiss government has disclosed that a recent ransomware attack on an IT supplier might have impacted its data, while today, it warns that it is now targeted in DDoS attacks. Last Tuesday, the Swiss government disclosed that they were impacted by a ransomware attack on Xplain, a Swiss technology provider supplying various government departments, administrative units, and even the country's military force with software solutions.
A UK agency for freelance doctors has potentially exposed personal details relating to 3,200 individuals via unsecured S3 buckets, which one expert said could be used to launch ID theft attacks or blackmail. In the process, it discovered the Lantum S3 bucket, which was accessible and indexed on some IoT search engines.
Feature The world got a first glimpse into the US government's far-reaching surveillance of American citizens' communications - namely, their Verizon telephone calls - 10 years ago this week when Edward Snowden's initial leaks hit the press. Wyden was one of two US senators who had sounded the alarm about the Obama administration's surveillance programs even before the Snowden leaks came to light.
Because the data includes the identity fraud goldmine of the victims' names and social security numbers, one of the lawsuits claims the danger to those affected could continue throughout "Their lives." According to the data breach notice by Mercer University in Macon, Georgia, 93,512 people were affected.
Infosec in brief Japanese automaker Toyota is again apologizing for spilling customer records online due to a misconfigured cloud environment - the same explanation it gave when the same thing happened a couple of weeks ago. Toyota said it had no evidence the data had been misused, and that it discovered the misconfigured cloud system while performing a wider investigation of Toyota Connected Corporation's cloud systems.
A database for the notorious RaidForums hacking forums has been leaked online, allowing threat actors and security researchers insight into the people who frequented the forum. RaidForums was a very popular and notorious hacking and data leak forum known for hosting, leaking, and selling data stolen from breached organizations.