Over the Fourth of July holiday weekend, SHI was the target of a coordinated and professional malware attack. Thanks to the quick reactions of the security and IT teams at SHI, the incident was swiftly identified and measures were enacted to minimize the impact on SHI’s systems and operations. These preventative measures included taking some…
Category: Business Sector
No need to hack, when it’s leaking, Wednesday edition: WeWork India, Proud Makatizen in Philippines
Two large leaks involving personal information discovered by researchers. First up, Zack Whittaker reports: WeWork India has fixed a security lapse that exposed the personal information and selfies of tens of thousands of people who visited WeWork India’s coworking spaces. Security researcher Sandeep Hodkasia found visitor data spilling from the check-in app on WeWork India’s website, used…
NPM supply-chain attack impacts hundreds of websites and apps
Sergiu Gatlan reports: An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As researchers at supply chain security firm ReversingLabs discovered, the threat actors behind this campaign (known as IconBurst) used typosquatting to infect developers looking for very popular…
Claire’s data breach $350K class action settlement
Top Class Actions reports that there is a settlement in litigation stemming from a data breach involving customer information in a 2020 breach that affected some customers of Claire’s accessories stores. For approximately two months in 2020, malware compromised payments made on the retailer’s website. The case is Julia Rossi, et al v. Claire’s Stores,…
EXCLUSIVE: Marriott hacked again? Yes. Here’s what we know.
On June 28, DataBreaches received a message from an unrecognized sender. The subject was: “Breach of Marriott hotels! Very Important!” DataBreaches’ first thought was, “Seriously? Is this yet another breach involving Marriott or are some kids just trying to leak old data?” As it turned out, this was, in fact, a new breach. But how…
Verified Twitter accounts hacked to send fake suspension notices
Lawrence Abrams reports: Threat actors are hacking verified Twitter accounts to send fake but well-written suspension messages that attempt to steal other verified users’ credentials. Read more at BleepingComputer about how they tested the phishing scam and found that it was using Twitter’s API to verify that they user was actually inputting their true/accurate credentials….