The US Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee. "This allowed the threat actor to successfully authenticate to an internal virtual private network (VPN) access point," the agency said in a joint advisory published 15 February 2024 alongside the Multi-State Information Sharing and Analysis Center (MS-ISAC). "The threat actor
breach (13)
If you used the investing app Robinhood, you could qualify for part of a $20 million class action settlement resolving allegations that the investment app's negligence led to personal information being leaked. Robinhood's cybersecurity system "lacks simple and almost universal security measures used by other broker-dealer online systems, such as verifying changes in bank account links," according to a February 2021 complaint.
If your Robinhood account was accessed by unauthorized users between
Mortgage servicing firm LoanCare https://myloancare.com has started informing more than 1.3 million individuals of a data breach impacting their personal information. A subsidiary of Fidelity National Financial (FNF), LoanCare provides loan sub-servicing for mortgage loaners, including banks, credit unions, and mortgage firms. The data breach resulted from a cyberattack on FNF’s internal systems, LoanCare says in a notification letter sent to the impacted individuals, a copy of which was submi
Recently, it was announced that the Clorox company’s CISO has stepped down from her position. Her departure comes as the company is still recovering from a devastating cyberattack that paralyzed its order fulfillment facilities for more than a month, leading to a 20% decline in net revenue in the first quarter of the fiscal year.
The reasons behind her departure have not been publicly disclosed. Still, her decision to step down during such a critical time for Clorox's cybersecurity efforts has
A known ransomware group on 21 August 2023 started publishing data allegedly stolen from the systems of Japanese watchmaking company Seiko https://www.seikowatches.com. Seiko revealed on 10 August 2023 that it had identified a possible data breach on 28 July 2023, with someone gaining access to at least one server. An investigation showed that some information may have been compromised. “The Company and all our Group companies kindly ask our customers and business partners to contact us imm
Google’s malware scanning platform VirusTotal published an recent apology after hundreds of individuals working for defense and intelligence agencies globally had their names and email addresses accidentally exposed by an employee.
In a public statement, VirusTotal said it apologized “for any concern or confusion” the exposure may have caused and said it took place on 29 June, when the employee accidentally uploaded a CSV file to the platform.[1] “This CSV file contained limited information of
In early September of 2022, we reported on a security incident that occurred at LastPass in late August. As a reminder, LastPass is a password manager, which is software intended to facilitate encrypted password storage with easy retrieval. Other popular password managers include BitWarden, Dashlane, and 1Password. LastPass is very possible among the more well-known password managers and has had several security incidents even before the incident we reported on in September. Unfortunately, t
The Japanese auto company Nissan has sent out breach notification letters to thousands of customers to inform them of a leak of personal information (pii) through a third-party vendor. The car company said it was notified on 21 June 2022 that names, dates of birth, and account numbers for Nissan Motor Acceptance Corporation, an indirect lender that helps people finance or lease Nissan vehicles, were exposed after it provided the customer information to an unnamed third party “for software testi
This past week, the Australian telecoms company Optus is coming under fire for a breach of customer data. Optus’ initial press release regarding this breach went out on 21 September 2022, informing customers that services were not affected and that they were investigating a possible breach [1]. Optus has subsequently release further updates, including informing customers that they will be contacted if their data was compromised. In addition, Optus will be offering the Equifax Protect servi
At its core, LastPass is a password manager. A password manager is a software service that allows users to store encrypted passwords so they can be accessed easily when they are needed. LastPass is indeed very popular, but it is only one of many widely known password managers, each with their own features, advantages, and disadvantages. Other commonly known password managers include BitWarden, Dashlane, 1Password.
The apparent necessity for password managers has been prompted by the fact that
On 5 October 2021, an anonymous user on the 4chan technology board posted claiming to have a large data breach of Twitch proprietary code. Watch our REDSHORT Webinar. The user called out Twitch for being a “toxic community,” ending its post with #DoBetterTwitch (a variation of the trending TwitchDoBetter hashtag responding to the ‘Twitch Hate Raids’).
The post briefly describes content found in leak data, including source code for Twitch and other products and Streamer payout data.
Twitch r
With approximately 90% of all finished and bulk products traveling through maritime ports, it is a bit unnerving that a major US port network was breached. The US Coast Guard recently reported that a suspected foreign government-backed hackers breached a computer network at the Port of Houston, one of the largest ports on the US Gulf Coast. Early detection of the incident last month resulted in the cyber criminals stopping any disruption of shipping operations.
The incident at the Port of Hou
From Script Kiddies hackers and sophisticated Cybercriminals, to at times even State sponsored professional hackers; all are bent on the failure of consumers and companies to properly protect themselves. Different motives, but all the same outcome of network disruption and financial ruin. Weak passwords, vulnerabilities in software and systems, exposed sensitive information, all of these can lead a hacker to compromise your accounts and data. Recent reporting from our Red Sky Alliance securit
