Security News

Cybercriminals are embracing data-theft extortion by creating dark web marketplaces that exist solely to sell stolen data. Using ransomware data leak sites, Maze warned victims that they would publicly leak stolen data if victims did not pay a ransom.

The Dutch government has temporarily disabled its coronavirus warning app amid data privacy concerns for people who have the app installed on phones using the Android operating system. Health Minister Hugo de Jonge announced late Wednesday that the CoronaMelder app will stop sending warnings for 48 hours while the government checks if users' data is secure.

A researcher is claiming that the credit scores of almost every American were exposed through an API tool used by the Experian credit bureau, that he said was left open on a lender site without even basic security protections. Demirkapi was surprised and decided to take a peek at the code, which showed that an connection to an Experian API was behind the tool, he said.

The ransomware gang identified as DoppelPaymer has leaked a substantial collection of files from the Illinois Office of the Attorney General on a server controlled by the cybercriminal group. The move came after ransom negotiations between the two parties broke down following a ransomware attack earlier this month, on April 10.

The vast majority of ransomware attacks now include the theft of corporate data, Coveware says, but victims of data exfiltration extortion have very little to gain by paying a cyber criminal. The data may be published before a victim can respond to an extortion attempt, and the threat actors may not provide complete records of what was taken even if the victim pays up.

Digital Ocean on Wednesday said someone was able to snoop on some of its cloud subscribers' billing information via a now-patched vulnerability. In an email to affected customers seen by The Register - and full disclosure, your Register vulture is a customer - the rent-a-server biz said that two days ago it confirmed a miscreant had gained unauthorized access to some people's account records.

Box delivered more advanced security features to prevent accidental data leaks and protect content in the cloud. "With today's announcements, we are extending the power of Box Shield, along with our core security product, by implementing new and enhanced features to the Box Content Cloud and providing businesses with one secure platform for managing and securing all of their information in the cloud."

The Metropolitan Police Department of the District of Columbia has become the latest high-profile government agency to fall victim to a ransomware attack. The Babuk Locker gang claimed in a post on the dark web that they had compromised the DC Police's networks and stolen 250 GB of unencrypted files.

The Metropolitan Police Department has confirmed that they suffered a cyberattack after the Babuk ransomware gang leaked screenshots of stolen data. The Metropolitan Police Department, also known as the DC Police or MPD, is the primary law enforcement agency for Washington, DC, the US capital.

The REvil ransomware gang has mysteriously removed Apple's schematics from their data leak site after privately warning Quanta that they would leak drawings for the new iPad and new Apple logos. Earlier this month, the ransomware gang conducted an attack on Quanta, a Taiwan-based original design manufacturer that helps manufacture the Apple Watch, Apple Macbook Air, and the Apple Macbook Pro.