UpGuard reports: In the course of performing data leaks investigation on behalf of an UpGuard client, a member of the UpGuard Data Breach Research team discovered publicly accessible information belonging to technology services provider HCL. The public data included personal information and plaintext passwords for new hires, reports on installations of customer infrastructure, and web […]
Ross Robertson reports: Hackers have accessed users’ personal details in a cyber attack on Sunderland City Council’s library database. Council chiefs are warning users to be vigilant after a number of customers’ details were accessed during a cyber incident involving the library services customer database. This resulted in the unauthorised access to the details of […]
Isn’t this what I’ve been saying for more than a decade now? Now there’s a study that agrees with me. Laurel Thomas-Michigan reports on a study called, “You `Might’ Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications” by Yixin Zou, Shawn Danino, Kaiwen Sun, Florian Schau. She reports: Building […]
Sergiu Gatlan reports: The MuddyWater threat group has been updating its tactics, techniques, and procedures (TTPs) to include a number of new anti-detection techniques designed to provide remote access to compromised systems while evading detection as part of a new campaign dubbed BlackWater. MuddyWater (also known as SeedWorm and TEMP.Zagros) is an advanced persistent threat (APT) group — or a […]
Bradley Barth reports: Cyber-attacks leveraging the Windows Server Message Block exploit known as EternalBlue have reportedly reached historically high levels over the last few months, even though the vulnerability it affects was patched by Microsoft more than two years ago. In a 17 May blog post, ESET security evangelist Ondrej Kubovic said his company’s telemetry data […]