Angelica Mari reports: After receiving feedback from Experian over a massive data leak in Brazil, São Paulo state consumer rights foundation Procon described the company’s explanations as “insufficient” and said it is likely that the incident was initiated in a corporate environment. Procon notified the credit information multinational following the emergence of a leak that…
Month: February 2021
FireEye and Accellion provide more details on attack
Andrew Moore, Genevieve Stark, Isif Ibrahima, Van Ta of FireEye write: Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but starting in late January 2021, several organizations…
Sophisticated hackers snuck sleeper malware into nearly 30,000 Macs
Sean Hollister reports: There’s a popular stereotype that Apple’s computers are largely immune to malware. Not only is is that incorrect, it appears that sophisticated hacker(s) might have been toying with the idea of a heist or drop nasty enough they’d have needed to cover their tracks. As Ars Technica reports, security researchers at Malwarebytes and Red Canary discovered…
Watermark takes action after data security breach potentially affects people in 10 states
Kimberly Bonvissuto reports: Tucson, AZ-based Watermark Retirement Communities is the latest victim of a data security breach, in this case one that may have compromised the personal information of 208 residents and others. The company sent out a notice on Wednesday that it became aware of a “cyber intrusion” in September. The senior living operator…
Amber Group breaks silence on unsecured storage bucket; NatSec minister suggests TechCrunch reporter may have violated CyberCrime Act
The Gleaner reports a follow-up on an unsecured storage server exposing personal information and COVID-related information of travelers to Jamaica. The exposed bucket was first reported by Zack Whittaker of TechCrunch on February 17: The storage server, hosted on Amazon Web Services, was set to public. It’s not known for how long the data was…
NurseryCam discloses a breach
DataBreaches.net recently noted some research by SafetyDetective about whether baby cams were posing privacy and security risks. Today, BBC reports: A webcam system that lets parents drop in and watch their children while at nursery school has written to families to tell them of a data breach. NurseryCam said it did not believe the incident…