It seems like litigation from one T-Mobile data breach is barely settled when we are reading about yet another T-Mobile breach. AP reports the carrier disclosed that an unidentified threat actor breached its network in late November and stole data on 37 million customers. The data stolen included addresses, phone numbers, and dates of birth….
Author: Dissent
Chinese, North Korean hackers continue exploiting zero-day vulnerabilities
Ionut Arghire reports that Chinese hackers exploited Fortinet FortiOS SSL-VPN vulnerability when it was still a zero-day. Mandiant tracks the bug as CVE-2022-42475 (CVSS score of 9.8), and described it as “a buffer overflow issue that could be exploited by remote, unauthenticated attackers to execute code or commands via crafted requests.” Read more at Security Week….
More than 19,000 records released in B.C. school district data breach
Stefan Labbé reports: A school district in B.C. said more than 19,000 personal records from students and staff were accessed in a privacy breach. In a statement Wednesday, School District 42 — which encompasses Maple Ridge and Pitt Meadows — said 19,126 records were publicly released in the afternoon of Jan. 17, 2023. The records…
UK: Students ‘outed without even knowing’ after SU self-id data ‘breach’
Caredig ap Tomos reports: Sensitive data relating to students’ self-identification continued to be shared with students running elections on Cambridge Students’ Union’s voting platform months after the issue was originally raised. Sources have told Varsity that countless students were “effectively outed without even knowing it” because of the ‘breach’ of sensitive data, which took nine months to…
Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner
Bill Toulas reports: Yum! Brands, the fast food brand operator of KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill fast-food restaurant chains, has been targeted by a ransomware attack that forced the closure of 300 locations in the United Kingdom. Read more at BleepingComputer.
ICE releases thousands of immigrants affected by data breach
Hamed Aleaziz reports: Immigration and Customs Enforcement officials have released nearly 3,000 immigrants whose personal information, including birth dates and detention locations, was inadvertently posted on the internet by the U.S. government, according to government officials. Officials accidentally posted the names, birth dates, nationalities and detention locations of more than 6,000 immigrants who claimed to…