breach Archives - Cyber Security Minute

Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug

Issued by: Dark Reading

Concerns are high over a critical, recently disclosed remote code execution (RCE) vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java applications. Developers can use it to build modular Web applications based on what is known…

Application Security

Joe Sullivan: What’s a Breach? ‘It’s a Complicated Question’

Issued by: DataBreach Today

Trick question for CSOs: When does a security incident qualify as being a data breach, triggering notification or other regulatory rules? The answer is that it’s “a very complicated question” that cybersecurity leaders should leave to their legal team while they stay fully in the loop, said former Uber CSO Joe Sullivan, sharing lessons learned…

Malware & Threats

Breach Roundup: Johnson Controls Suffers Ransomware Attack

Issued by: DataBreach Today

Johnson Controls Suffers Ransomware Attack Global smart building and security systems maker Johnson Controls faces a major cybersecurity incident, it disclosed in a regulatory filing. “The incident has caused, and is expected to continue to cause, disruption to parts of the Company’s business operations,” it told the U.S. Securities and Exchange Commission. Bleeping Computer reports…

Malware & Threats

Health Data of 4M Stolen in Cl0p MOVEit Breach of Colorado Department

Issued by: Dark Reading

A government department in Colorado is the latest victim of a third-party attack by Russia’s Cl0p ransomware group in connection with the MOVEit Managed File Transfer platform. Department officials say that the group stole the personal health data of about 4 million members of state health programs from IBM-managed systems. On May 31, the Colorado…

Malware & Threats

Optus data breach “attacker” says sorry, it was a mistake

Issued by: Malwarebytes

Since Australian telecoms company Optus disclosed a security breach on September 22, 2022, a lot has been happening. Much of it reads like a movie script. Prologue A hacker acting under the pseudonym “optusdata” claims to have stolen the data of 10 million Optus customers. The information included home addresses, drivers’ licenses, Medicare numbers, and…

Malware & Threats

Insecure password leads to Mangatoon data breach

Issued by: Malwarebytes

The hugely popular Manga comics platform Mangatoon has fallen victim to a data breach. No fewer than 23 million user accounts could be at risk, thanks to a poorly secured database. Worse still, Mangatoon doesn’t seem to be responding to messages from the breacher, or people notifying it that the breach has taken place. A…

Vulnerabilities

Planned Parenthood LA Breach Compromises 400,000 Patients’ Data

Issued by: Dark Reading

A security incident at Planned Parenthood’s Los Angeles (PPLA) branch compromised personal data of about 400,000 patients, officials confirmed this week. News of the breach was confirmed in letters sent to affected patients. These state suspicious activity was detected on the PPLA network on Oct. 17, 2021. Following its discovery, PPLA took its systems offline,…

Malware & Threats

Acer Confirms Breach of Servers in Taiwan

Issued by: Security Week

Acer initially confirmed that some of its servers in India had been hacked after a group called Desorden claimed to have stolen more than 60 gigabytes of data from Acer India. The hackers claimed to have obtained information on millions of customers, login credentials used by thousands of retailers and distributors, and various corporate and…

Malware & Threats

Extortionist Hacker Group SnapMC Breaches Networks in Under 30 Minutes

Issued by: Security Week

Dubbed SnapMC, the hacking group attempts to exploit multiple vulnerabilities in webserver and VPN applications for initial access and typically compromises victim networks in under 30 minutes. The group then exfiltrates victim data to leverage it for extortion, but doesn’t use ransomware or other means of disrupting the victim’s operations. SnapMC threatens to publish the…