Catalin Cimpanu reports: In mid-July this year, Texas-based software provider SolarWinds released an emergency security update to patch a zero-day in its Serv-U file transferring technology that was being exploited in the wild. At the time, SolarWinds did not share any details about the attacks and only said that it learned of the bug from…
Category: Business Sector
Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role
Jordan Robertson reports: Days before Christmas in 2015, Juniper Networks Inc. alerted users that it had been breached. In a brief statement, the company said it had discovered “unauthorized code” in one of its network security products, allowing hackers to decipher encrypted communications and gain high-level access to customers’ computer systems. Further details were scant,…
SEC fines three companies over hacked employee email accounts
Catalin Cimpanu reports: The US Securities and Exchange Commission has fined three brokerage firms on Monday for neglecting to secure employee accounts, incidents that led to the exposure of their customers’ data. Cetera Advisor Networks LLC, Cetera Investment Services LLC, Cetera Financial Specialists LLC, Cetera Advisors LLC, and Cetera Investment Advisers LLC (collectively, the Cetera entities); Cambridge…
Career Group, Inc. notifies more than 49,000 after paying ransom to threat actors
I haven’t seen any mention of this in news or on their web site, but Career Group Inc. suffered a ransomware attack recently and is notifying those impacted. In a copy of the notification submitted to the Maine Attorney General’s Office, they report that on July 2, Career Group Companies detected potential unauthorized access to…
Wawa paying $9-million in cash, gift cards in data breach settlement; Nov. deadline to file claim
WPVI reports an update to the 2019 WaWa breach covered on this site in a number of posts: Wawa is paying out up to $9-million in cash and gift cards related to a data breach that exposed customers’ credit and debit card numbers and names. The breach happened between March 4, 2019 and December 12, 2019….
Beaumont Health notifies patients of Accellion breach
Friday, August 27, 2021 On February 5, 2021, Goodwin Procter LLP (“Goodwin”) notified Beaumont Health (“Beaumont”) of a security incident at Accellion, a third-party vendor whose File Transfer software was used by Goodwin for large file transfers on behalf of clients, including Beaumont. Goodwin received some personal and protected health information from Beaumont in connection…