Education giant Pearson fined $1M for downplaying data breach

The US Securities and Exchange Commission (SEC) announced today that Pearson, a British multinational educational publishing and services company, has settled charges of mishandling the disclosure process for a 2018 data breach discovered in March 2019. [...]

https://www.bleepingcomputer.com/news/security/education-giant-pearson-fined-1m-for-downplaying-data-breach/

Malware dev infects own PC and data ends up on intel platform

A malware developer unleashed their creation on their system to try out new features and the data ended up on a cybercrime intelligence platform, exposing a glimpse of the cybercriminal endeavor. [...]

https://www.bleepingcomputer.com/news/security/malware-dev-infects-own-pc-and-data-ends-up-on-intel-platform/

T-Mobile confirms servers were hacked, investigates data breach

​T-Mobile has confirmed that threat actors hacked their servers in a recent cyber attack but still investigate whether customer data was stolen. [...]

https://www.bleepingcomputer.com/news/security/t-mobile-confirms-servers-were-hacked-investigates-data-breach/

Hive ransomware attacks Memorial Health System, steals patient data

In what appears to be an attack from the Hive ransomware gang, computers of the non-profit Memorial Health System have been encrypted, forcing staff to work with paper charts. [...]

https://www.bleepingcomputer.com/news/security/hive-ransomware-attacks-memorial-health-system-steals-patient-data/

Chase bank accidentally leaked customer info to other customers

Chase Bank has admitted to the presence of a technical bug on its online banking website and app that allowed accidental leakage of customer banking information to other customers. [...]

https://www.bleepingcomputer.com/news/security/chase-bank-accidentally-leaked-customer-info-to-other-customers/

Fortinet patches bug letting attackers takeover servers remotely

Fortinet has released security updates to address a command injection vulnerability that can let attackers take complete control of servers running vulnerable FortiWeb web application firewall (WAF) installations. [...]

https://www.bleepingcomputer.com/news/security/fortinet-patches-bug-letting-attackers-takeover-servers-remotely/

Critical bug impacting millions of IoT devices lets hackers spy on you

Security researchers are sounding the alarm on a critical vulnerability affecting tens of millions of devices worldwide connected via ThroughTek's Kalay IoT cloud platform. [...]

https://www.bleepingcomputer.com/news/security/critical-bug-impacting-millions-of-iot-devices-lets-hackers-spy-on-you/

Brazilian government discloses National Treasury ransomware attack

The Brazilian Ministry of Economy has disclosed a ransomware attack that hit some of National Treasury's computing systems on Friday night, right before the start of the weekend. [...]

https://www.bleepingcomputer.com/news/security/brazilian-government-discloses-national-treasury-ransomware-attack/

Malware campaign uses clever 'captcha' to bypass browser warning

A malware campaign uses a clever captcha prompt to trick users into bypassing browsers warnings to download the Ursnif (aka Gozi) banking trojan. [...]

https://www.bleepingcomputer.com/news/security/malware-campaign-uses-clever-captcha-to-bypass-browser-warning/

Pharmacist faces 120 years in prison for selling vaccination cards on eBay

An Illionois pharmacist arrested today faces 120 years in prison for allegedly selling dozens of authentic COVID-19 vaccination record cards issued by the Center for Disease Control and Prevention (CDC). [...]

https://www.bleepingcomputer.com/news/security/pharmacist-faces-120-years-in-prison-for-selling-vaccination-cards-on-ebay/

CISA: BadAlloc impacts critical infrastructure using BlackBerry QNX

CISA today warned that IoT and OT security flaws known as BadAlloc impact BlackBerry's QNX Real Time Operating System (RTOS) used by critical infrastructure organizations. [...]

https://www.bleepingcomputer.com/news/security/cisa-badalloc-impacts-critical-infrastructure-using-blackberry-qnx/

Conti ransomware prioritizes revenue and cyberinsurance data theft

Training material used by Conti ransomware affiliates was leaked online this month, allowing an inside look at how attackers abuse legitimate software seek out cyber insurance policies. [...]

https://www.bleepingcomputer.com/news/security/conti-ransomware-prioritizes-revenue-and-cyberinsurance-data-theft/

Govt hackers impersonate HR employees to hit Israeli targets

Hackers associated with the Iranian government have focused attack efforts on IT and communication companies in Israel, likely in an attempt to pivot to their real targets. [...]

https://www.bleepingcomputer.com/news/security/govt-hackers-impersonate-hr-employees-to-hit-israeli-targets/

T-Mobile says hackers stole personal info of 7.8 million customers

T-Mobile has confirmed that attackers who recently breached its servers stole files containing the personal information of almost 8 million current customers. [...]

https://www.bleepingcomputer.com/news/security/t-mobile-says-hackers-stole-personal-info-of-78-million-customers/

Diavol ransomware sample shows stronger connection to TrickBot gang

A new analysis of a Diavol ransomware sample shows a more clear connection with the gang behind the TrickBot botnet and the evolution of the malware. [...]

https://www.bleepingcomputer.com/news/security/diavol-ransomware-sample-shows-stronger-connection-to-trickbot-gang/

Japanese insurer Tokio Marine discloses ransomware attack

Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/japanese-insurer-tokio-marine-discloses-ransomware-attack/

Microsoft begins final phase of Internet Explorer's demise

Microsoft's Internet Explorer browser is barely usable after Microsoft officially ends support for the browser in Microsoft 365. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-begins-final-phase-of-internet-explorers-demise/

GitHub urges users to enable 2FA after going passwordless

GitHub is urging its user base to toggle on two-factor authentication (2FA) after deprecating password-based authentication for Git operations. [...]

https://www.bleepingcomputer.com/news/security/github-urges-users-to-enable-2fa-after-going-passwordless/

New Windows 10 21H2 build comes with improved WiFi security

Microsoft has released Windows 10 21H2 19044.1200 with the awaited new Windows Hello security feature, WPA3 HPE support, and GPU computing in the Windows Subsystem for Linux. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-10-21h2-build-comes-with-improved-wifi-security/

Bitcoin mixer owner pleads guilty to laundering over $300 million

Larry Dean Harmon, the owner of a dark web cryptocurrency laundering service known as Helix, pleaded guilty today of laundering over $300 million worth of bitcoins between 2014 and 2017. [...]

https://www.bleepingcomputer.com/news/security/bitcoin-mixer-owner-pleads-guilty-to-laundering-over-300-million/

US Census Bureau hacked in January 2020 using Citrix exploit

US Census Bureau servers were breached on January 11, 2020, by hackers after exploiting an unpatched Citrix ADC zero-day vulnerability as the US Office of Inspector General (OIG) disclosed in a recent report. [...]

https://www.bleepingcomputer.com/news/security/us-census-bureau-hacked-in-january-2020-using-citrix-exploit/