Zach Whittaker reports: India-based technology startup Salesken.ai has secured an exposed server that was spilling private and sensitive data on one of its customers, Byju’s, an education technology giant and India’s most valuable startup. The server was left unprotected since at least June 14, according to historical data provided by Shodan, a search engine for exposed…
Author: Dissent
Hackers use zero-day to mass-wipe My Book Live devices
Lawrence Abrams reports that preliminary reports attributing a mass-wipe to a CVE from 2018 were not quite the whole story. Western Digital had originally told BleepingComputer that the attacks were being conducted through a 2018 vulnerability tracked as CVE-2018-18472, which was not fixed as the device has been out of support since 2015. It turns out that…
Bucks County behavioral health and substance abuse nonprofit struck in cyberattack, urges clients to check their information
Anthony Salamone reports: The records of an unspecified number of clients of an Upper Bucks County behavioral-health and substance abuse nonprofit, which serves the Lehigh Valley, might have been stolen as part of a ransomware attack on the agency earlier this year. Penn Foundation in West Rockhill Township said it informed clients Tuesday of the…
New charges filed against Capital One hacker, trial postponed to 2022
Catalin Cimpanu reports: The US government has filed a superseding indictment against Paige A. Thompson, a former Amazon engineer accused of hacking Capital One and stealing the personal data of more than 100 million Americans. According to court documents filed earlier this month and obtained by The Record, the US Department of Justice has added seven new charges…
Morningstar data breach reveals KPMG deal maker lists
Liam Walsh and Edmund Tadros report: A software glitch has exposed the key companies garnering the interest of big four advisory group KPMG’s deal makers and restructuring experts. The flaw in an alert system, run by US financial research firm Morningstar, for ASX-listed companies meant third parties could even view project names KPMG had assigned. That included…
University Medical Center of Southern Nevada attacked by REvil threat actors
See update at bottom of this post for statement from UMCSN. They do confirm that there was a breach. The University Medical Center of Southern Nevada, who proudly proclaims itself the official healthcare provider for the Vegas Golden Knights, has allegedly been the victim of a cyberattack by REvil (Sodinokibi) threat actors. The well-known ransomware…