Ross Robertson reports: Hackers have accessed users’ personal details in a cyber attack on Sunderland City Council’s library database. Council chiefs are warning users to be vigilant after a number of customers’ details were accessed during a cyber incident involving the library services customer database. This resulted in the unauthorised access to the details of…
Month: May 2019
Companies send confusing alerts about data breaches
Isn’t this what I’ve been saying for more than a decade now? Now there’s a study that agrees with me. Laurel Thomas-Michigan reports on a study called, “You `Might’ Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications” by Yixin Zou, Shawn Danino, Kaiwen Sun, Florian Schau. She reports: Building…
MuddyWater Hacking Group Upgrades Arsenal to Avoid Detection
Sergiu Gatlan reports: The MuddyWater threat group has been updating its tactics, techniques, and procedures (TTPs) to include a number of new anti-detection techniques designed to provide remote access to compromised systems while evading detection as part of a new campaign dubbed BlackWater. MuddyWater (also known as SeedWorm and TEMP.Zagros) is an advanced persistent threat (APT) group — or a…
Use of EternalBlue in attacks on the increase despite patch
Bradley Barth reports: Cyber-attacks leveraging the Windows Server Message Block exploit known as EternalBlue have reportedly reached historically high levels over the last few months, even though the vulnerability it affects was patched by Microsoft more than two years ago. In a 17 May blog post, ESET security evangelist Ondrej Kubovic said his company’s telemetry data…
Millions of Instagram influencers had their private contact data scraped and exposed
Zack Whittaker reports: A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online. The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but…
Louisville Regional Airport Authority hit by ‘ransomware’ attack
WDRB has only a short item on this, but reportedly no ransom has been paid and the airport is restoring from backup. Operations and security systems were reportedly not impacted.