3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
Business communication solutions provider 3CX has confirmed that it's investigating a security breach, as the cybersecurity community is sharing more information on what appears to be a sophisticated supply chain attack.The attack seems to impact 3CXDesktopApp, an enterprise voice and video conferencing software.
Mr. Cooper hit with consumer class-action lawsuits over cyberattack
Mr. Cooper Group has become the target of at least four consumer class-action lawsuits following a cyberattack that compromised customer information.
Customers claim that Mr. Cooper Group failed to comply with industry standards to protect personally identifiable information and seek disclosure of the compromised information and improved security practices.
The lawsuits allege negligence, breach of contract, and violations of consumer protection laws. [ more ]
Western Digital Confirms Ransomware Group Stole Customer Information
Western Digital confirmed on Friday that cybercriminals have stolen customer and other information after breaching its systems.According to the digital storage giant, a security breach was discovered on March 26.In early April, the company shut down some services as part of its incident response activities and informed customers about a cyberattack, but has not shared any updates until May 5. Western Digital's second public statement comes just days after a ransomware group known as Alphv/BlackCat started publishing screenshots showing the extent of their access.
Bitmarck shuts down systems, services after cyberattack
German IT services provider Bitmarck has shut down all of its customer and internal systems, including entire datacenters in some cases, following a cyberattack.The company, one of the largest service providers for German health insurers, said no customer, patient, or insured individuals' data had been accessed in the security breach - at least not according to "the current state of knowledge," according to an April 30 update posted on its temporary website.
PURPOSE This policy from TechRepublic Premium provides guidelines for the reporting of information security incidents by company employees.The goal is to facilitate the security response and remediation process to ensure the least amount of potential damage to systems, networks, customers and business reputation.
Rishi Sunak stands by Dominic Raab after deputy PM accused of bullying
Rishi Sunak has come out in defence of Dominic Raab after the Deputy Prime Minister was accused of rude and demeaning behaviour towards civil servants.The Prime Minister said he did not recognise that characterisation of his deputy and denied knowing about any formal complaints against him.Mr Sunak is facing further questions over his judgment as allegations of bullying emerged from Mr Raab's previous stint as Justice Secretary with staff reportedly offered a route out of his department when he was reinstated in October.
Migrant crisis is down to failed policies not Albanians, says nation's PM
The prime minister of Albania said Britain is becoming like a madhouse with a culture of finding scapegoats during the migration crisis when failed policies are to blame.Edi Rama, who said he was disgusted, commented on Home Secretary Suella Braverman's choice of language in a combative Commons debate this week in which she claimed there is an invasion of England by migrants crossing the Channel.
Colorful web forum Reddit has revealed it has suffered a security breach.In a post titled " We had a security incident.Here's what we know" Reddit's founding engineer and CTO "KeyserSosa" - aka Christopher Slowe - explained that late on February 5 "we became aware of a sophisticated phishing campaign that targeted Reddit employees."
Get a lifetime privacy upgrade with KeepSolid Private Browser for $29
Protect your iOS or Android mobile device with military-grade encryption every time you go online.From your accounting software to your team chat, running a business today involves connecting to a variety of online apps.Unfortunately, this leaves you vulnerable to attacks - unless you're using something like the KeepSolid Private Browser.
The New York Post is the latest news outlet to get hacked | Engadget
Spencer Platt/Getty Images Fast Company isn't the only news outlet to suffer a recent, high-profile security breach.As CNBC reports, The New York Post has confirmed it was the victim of a hack.The perpetrators briefly defaced both the newspaper's website and Twitter account with racist and sexist headlines, including ones targeting New York City Mayor Eric Adams and House Representative Alexandria Ocasio-Cortez.
Pepsi distributor blames info-stealing malware for breach
Crooks have breached Pepsi Bottling Ventures' network and, after deploying info-stealing malware, made off with sensitive personal and financial information according to a notification sent to consumers.The breach happened on or around December 23, 2022.However, Pepsi Bottling Ventures - America's largest manufacturer and distributor of Pepsi-Cola beverages - didn't discover the unauthorized activity until January 10, we're told.
LastPass data was stolen by hacking an employee's home computer
LastPass says that a threat actor was able to steal corporate and customer data by hacking an employee's personal computer and installing keylogger malware, which let them gain access to the company's cloud storage.The update provides more information about how the series of hacks happened last year that resulted in the popular password manager's source code and customer vault data being stolen by an unauthorized third party.
UK politicians demand probe into Liz Truss phone hack claim
LONDON (AP) The British government insisted Sunday it has robust cybersecurity for government officials, after a newspaper reported that former Prime Minister Liz Truss' phone was hacked while she was U.K. foreign minister.The Mail on Sunday said that the hack was discovered when Truss was running to become Conservative Party leader and prime minister in the summer.
UK politicians demand probe into Liz Truss phone hack claim
The British government insisted Sunday it has robust cybersecurity for government officials, after a newspaper reported that former Prime Minister Liz Truss' phone was hacked while she was U.K. foreign minister.The Mail on Sunday said that the hack was discovered when Truss was running to become Conservative Party leader and prime minister in the summer.
UK politicians demand probe into Liz Truss phone hack claim
LONDON - The British government insisted Sunday it has robust cybersecurity for government officials, after a newspaper reported that former Prime Minister Liz Truss' phone was hacked while she was U.K. foreign minister.Are you on Telegram?Subscribe to our channel for the latest updates on Russia's war in Ukraine.
T-Mobile US to cough up $550m after info stolen on 77m users
T-Mobile US has agreed to pay about $550 million to end legal action against it and improve its security after crooks infiltrated the self-described Un-carrier last summer and harvested personal data belonging to almost 77 million customers.
Ransomware gang threatens 1m-plus medical record leak
Two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs.
Plex breach exposes usernames, emails, and encrypted passwords
Streaming media platform Plex sent out an email to its customers earlier today notifying them of a security breach that may have compromised account information, including usernames, email addresses and passwords.
1.9m patients' medical data exposed in PFC ransomware attack
Professional Finance Company, a Colorado-based debt collector whose customers include hundreds of US hospitals, medical clinics, and dental groups, recently disclosed that more than 1.9 million people's private data - including names, addresses, social security numbers and health records - was exposed during a ransomware infection.
Shadowy Strava users spy on Israeli military with fake routes in bases
Unidentified operatives have been using the fitness tracking app Strava to spy on members of the Israeli military, tracking their movements across secret bases around the country and potentially observing them as they travel the world on official business.
Russia-Ukraine war live updates: Putin links territorial aims to Russia's imperial past; Ukraine losing up to 200 fighters daily
Here's what else to know
A top U.S. energy security official said the spike in global energy prices could mean Russia is making more money from its fossil fuel exports despite Western sanctions.
LastPass will finally enforce a 12-character minimum master password
LastPass is imposing a 12-character minimum for master passwords after a high-profile security breach in 2022.
The company will also start checking new or reset master passwords against a database of credential breaches to alert users if the password matches exposed login information. [ more ]
Man joins VIP convoy, hugs German chancellor; security breach under investigation
German police have been left red-faced after a member of the public was able to slip into a VIP convoy for Chancellor Olaf Scholz and then give him a hearty hug as he prepared to board a plane at Frankfurt Airport.Tabloid newspaper Bild reported Friday that Scholz's bodyguards only realized their mistake later, and chased the man down.
Western Digital: Customer info stolen in March IT attack
Customer information was stolen from the IT systems of Western Digital in that March IT security breach, forcing the storage manufacturer to shut down its online store until at least next week.Western Digital (WD) first disclosed the intrusion in early April, saying that in late March its engineers discovered someone had broken into "a number" of the biz's systems.
T-Mobile has experienced another data breach, reporting that personal information belonging to hundreds of account holders was exposed in an attack between late February and March 2023.The company disclosed in notification letters issued to impacted customers on April 28th that a hacker managed to access information such as full names, dates of birth, addresses, contact information, government IDs, social security numbers, and T-Mobile account pins.
Reddit was hacked in a phishing attack targeting its employees | Engadget
SOPA Images via Getty Images A Reddit employee's credentials were stolen in a targeted phishing attack, an administrator for the website has revealed, and hackers were able to infiltrate its systems on February 5th.Apparently, Reddit employees had been receiving "plausible-sounding prompts," which lead to a website that mimic the looks and behavior of its intranet gateway, designed as such to steal people's logins and second-factor tokens.
FBI says it's contained an 'isolated' IT security breach
The FBI claims it has dealt with a cybersecurity "incident" that reportedly involved computer systems being used to investigate child sexual exploitation."The FBI is aware of the incident and is working to gain additional information," a spokesperson said in a statement to The Register.
Jennifer Barlow from Brick, New Jersey, as Khonshu, an ancient Egyptian moon good in Marvel's "Moon Knight."Katsucon is an annual event that celebrates anime.Over the course of three days, the convention helps a largely online community meet with friends and make new connections.It is also an opportunity to dress up as the characters that bring them together, leading to an impressive demonstration of imagination and craftsmanship.
Indigo hit by 'cybersecurity incident' impacting sales online and in-store | CBC News
Indigo Books & Music Inc. is dealing with what it calls a "cybersecurity incident" that has affected customer orders in-store and online.It started at the Toronto-based retailer on Wednesday.As of Friday afternoon, Indigo's website was still offline."We are working with third-party experts to investigate and resolve the situation," the company said in a message posted on its website.
LastPass says hackers broke into an employee PC to steal the company's password vault | Engadget
LastPass has posted an update on its investigation regarding a couple of security incidents that took place last year, and they're sounding graver than previously thought.Apparently, the bad actors involved in those incidents also infiltrated a company DevOps engineer's home computer by exploiting a third-party media software package.
Colorado election denier Tina Peters found guilty of obstructing government operation
Tina Peters the former clerk of Mesa County, Colorado, and her state's most prominent 2020 election denier was found guilty Friday of misdemeanor obstruction of a government operation, according to Mesa County's court clerk.Peters was acquitted of obstructing a peace officer, Mesa County Court Clerk Ann Brigham said.
IT management software firm GoTo on Tuesday said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach that also affected its LastPass affiliate.GoTo chief executive Paddy Srinivasan confirmed the security breach was far worse than originally reported and included the theft of account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information.
LastPass owner GoTo shares more bad news about November's security breach
GoTo, the remote collaboration and IT software company that owns LastPass, has confirmed that, along with LastPass' password vaults, it had customer data taken by attackers during a November 2022 security breach ( via TechCrunch).The company, which was formerly known as LogMeIn, is updating its blog post about the breach for the first time since November 30th, when GoTo confirmed "unusual activity" within its development environment and cloud storage service.
Medibank IT systems will go offline over the weekend
Australian health insurance company Medibank will take all of its IT systems offline and close its branches over the weekend as part of its ongoing efforts to improve security and recover from a massive data security breach in October.The planned outage, dubbed Operation Safeguard, begins at 2030 Sydney time on Friday, December 9.
LastPass reveals another security breach | Engadget
Techa Tungateja via Getty Images LastPass CEO Karim Toubba has revealed that the password manager has been breached again.Toubba said the company detected an unusual activity within a third-party cloud storage service that it shares with its parent company GoTo, which was formerly known as LogMeIn.
Leaked survey shows Raab staff reported bullying or harassment at work
Eight people working in Dominic Raab's private office during his tenure as foreign secretary claimed to have been bullied or harassed at work, according to a leaked survey.The poll, carried out in the latter part of 2019, also showed that 15 staff reported witnessing another person being bullied or treated unfairly.
Tory MPs defend Raab against claims he created culture of fear'
Tory MPs have come out in defence of Dominic Raab after the deputy prime minister was accused of being rude and aggressive towards civil servants.Rishi Sunak is facing further questions over his judgment as allegations emerged about Mr Raab's behaviour during his previous stint as justice secretary with staff reportedly offered a route out of his department when he was reinstated in October.
Tory MPs defend Raab against claims he created culture of fear'
Tory MPs have come out in defence of Dominic Raab after the Deputy Prime Minister was accused of being rude and aggressive towards civil servants.Rishi Sunak is facing further questions over his judgment as allegations emerged about Mr Raab's behaviour during his previous stint as Justice Secretary with staff reportedly offered a route out of his department when he was reinstated in October.
Fixated' Buckingham Palace intruder who trespassed on grounds twice spared jail
A man who trespassed on Buckingham Palace grounds twice has been spared prison.Daniel Brydges scaled two fences to gain access to the Palace gardens on December 18 last year and was also found stooped behind a Land Rover near The Royal Mews gate four days later, Westminster Magistrates' Court heard.
It's pretty bad, isn't it?' Moment Liz Truss realised she had to quit as PM revealed
Liz Truss had accepted she would have to quit even before being told how many Tory MPs had submitted letters of no confidence in her, the chairman of the group of backbenchers has revealed.Sir Graham Brady suggested the then-prime minister knew her time in No 10 was doomed and that she had decided not to fight on before he explained how unhappy backbenchers were all of which made his job easier.
Charities outrage at Suella Braverman's child migrant X-ray plans
Embattled home secretary Suella Braverman is to push ahead with controversial plans that risk forcing vulnerable child refugees to undergo X-rays to prove they are not lying about their age.Ms Braverman has been accused of using shameful and inflammatory language that put migrants in danger after she claimed the UK was facing an invasion on its south coast.
Suella Braverman criticised for invasion' claim amid asylum centre crisis
Suella Braverman has come under fire after she claimed the UK was facing the "invasion of our southern coast" as she defended her handling of the Kent asylum centre crisis.The embattled home secretary also insisted she had never blocked the procurement of hotels to ease the pressure on the centre.
Revealed: Bravermans office demanded article rewrite' while pledging free speech
Embattled home secretary Suella Braverman is facing further questions about her judgement after it emerged that her officials demanded a 120-year-old magazine for solicitors remove an opinion piece because they did not like what it said.They told the Law Society Gazette that the article should not have been published in the form that it has.
Government has robust' system to protect ministers' data, says No10
Downing Street on Monday did not comment on reports that Liz Truss's personal mobile phone was hacked by Russian agents while she was foreign secretary, insisting only that a robust approach is taken to protect ministers' data.The story emerged in the Mail on Sunday, prompting concerns about information security and questions about the use of personal mobile phones by ministers.
Suella Braverman is first-rate' politician whom I admire, says Michael Gove
Rishi Sunak was right to re-appoint first-rate politician Suella Braverman as home secretary, cabinet minister Michael Gove has said.The levelling up secretary defended the prime minister's controversial decision to bring Ms Braverman into cabinet only six days after she was sacked for a security breach.
Sunak suggests Braverman raised' breach during talks on Cabinet return
Rishi Sunak has suggested Suella Braverman raised the issue of her security breach with him while he discussed reappointing her as Home Secretary, in an apparent clarification of the account he gave to MPs.Mr Sunak sparked a backlash by bringing Ms Braverman back into the Cabinet despite she fact she had quit only days before, having been caught sending a Tory backbencher a sensitive document from a personal email account, twice breaching the ministerial code.
Foreign secretary denies Rishi Sunak did deal to bring back scandal-hit Braverman
The foreign secretary has denied Rishi Sunak did a deal with scandal-hit Suella Braverman to bring her back as home secretary prompting a claim he is insulting the intelligence of the public.The new prime minister is under fire for the shock return of Ms Braverman just six days after she was sacked for a security breach in apparent payback for her backing his leadership campaign.
Sunak's crisis cabinet': what the papers say after prime minister's reshuffle
Rishi Sunak's sudden return to the top of British politics and the unveiling of his new cabinet dominates the UK front pages on Wednesday.The Guardian headlines PM's reshuffle gamble on first day in charge and leads with an image of Rishi Sunak meeting King Charles at Buckingham Palace on Tuesday.The paper writes that Sunak pledged to bring integrity and accountability' but gambled by restoring Suella Braverman to the Home Office less than a week after she was sacked for a security breach.
Michael Gove back in cabinet just two months after calling time on career
Michael Gove has secured an astonishing return to the cabinet in Rishi Sunak's reshuffle just two months after calling time on his political career.The most trusted fixer of problem departments in the Tory ranks returns to the job of levelling up secretary, the post Boris Johnson sacked him from in his dying days in office in July.
Analysis | With Liz Truss Flailing, Jeremy Hunt Must Lead
Although UK Prime Minister Liz Truss been making a desperate effort to restore confidence in her leadership, she has so far failed comprehensively.Her government needs a broader rethink.
How publishers can prevent cyberattacks after Fast Company's hack
"The way that data applications and users interact with other services has all changed.They used to be in data centers; they used to be in offices.Here are some notable tactics, from conversations with current and former media company CTOs and IT directors.The challenge: small teams, and remote work
Internal IT teams at media companies - especially smaller ones - are usually stretched thin.The event should be taken as a warning sign to other publishers to take cybersecurity seriously, three current and former heads of technology at media companies told Digiday.
London police arrest teen hacking suspect but won't confirm GTA 6, Uber links
The City of London police report they've arrested a 17-year-old in Oxfordshire on suspicion of hacking and said he remains in custody, without releasing any other details.
TikTok denies security breach after hackers claim to have records of more than a billion users | Engadget
TikTok has denied a security breach after posts on hacking forums claimed to have compromised the app's source code, as well as account details of potentially billions of people.
TikTok is denying reports that it was breached after a hacking group posted images of what they claim is a TikTok database that contains the platform's source code and user information ( via Bleeping Computer).
Microsoft finds TikTok vulnerability that allowed one-click account compromises
Deeplinks must be declared in an app's manifest for use outside of the app so, for example, someone who clicks on a TikTok link in a browser has the content automatically opened in the TikTok app.
...
Normally, the TikTok app will allow content from tiktok.com to be loaded into its WebView component but forbid WebView from loading content from other domains.
Ransomware has become a popular weapon in the hands of malicious actors who try to harm governments, businesses, and individuals daily.Ransomware is the final stage of a more complex attack.
T-Mobile agrees to $350 million settlement over its massive 2021 data breach
T-Mobile has agreed to pay $500 million to settle a class-action lawsuit stemming from the 2021 hack that it says exposed around 76.6 million US residents' data.
Neopets security breach: users' data reportedly stolen
The popular virtual pet website Neopets says it has launched an investigation after a hacker breached its databases, with one website claiming the personal data of up to 69 million users may have been stolen.
1.5m people's info stolen from Flagstar Bank in cyberattack
A US bank has said at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December.