Catalin Cimpanu reports: Several companies and large corporations from Israel have been breached and had their systems encrypted using a new strain of ransomware named Pay2Key, in what appears to be a targeted attack against Israeli networks. The first attacks were seen in late October but have now grown in numbers while also remaining contained…
Category: Business Sector
Deloitte’s ‘Test your Hacker IQ’ site fails itself after exposing database user name, password in config file
Thomas Claburn reports: Updated A website created for global consultancy Deloitte to quiz people on knowledge of hacking tactics has proven itself vulnerable to hacking. The site, found at the insecure non-HTTPS URL http://deloittehackeriq.com/, makes its YAML configuration file publicly accessible. And within the file, in cleartext, is the username and password for the site’s mySQL database….
Club Fitness Provides Notice of Data Security Incident
A press release discloses a breach involving Club Fitness Holdings, Inc. (“Club Fitness”): On June 18, 2020, Club Fitness discovered a data security event that prevented access to data and programs on its network. Upon learning this, Club Fitness immediately began an investigation, and took action to secure and restore access to its network. Club Fitness…
Another Indian pharmaceutical giant reports cybersecurity breach within two weeks of ransomware hack on Dr Reddy’s
Prabhjote Gill reports: Another leading Indian pharmaceutical, Lupin, has reported a cybersecurity attack on its IT systems within two weeks of a ransomware attack on Dr Reddy’s Laboratories. “We have recently experienced an information security incident that has affected several of our internal IT systems. This has not impacted our core systems and operations,” Lupin…
Id: Fintech Cermati data breach points to urgency for data protection law: Experts
Eisya A. Eloksari reports: A recent data breach case involving fintech aggregator platform Cermati.com, the fifth known this year, again highlights the vulnerability of user data on digital platforms and the urgency of a personal data protection bill, experts have said. Data on almost 3 million users from fintech aggregator platform Cermati.com was leaked and sold online…
Configuration snafu exposes passwords for two million marijuana growers
Catalin Cimpanu reports: GrowDiaries, an online community where marijuana growers can blog about their plants and interact with other farmers, has suffered a security breach in September this year. The breach occurred after the company left two Kibana apps exposed on the internet without administrative passwords. Read more on ZDNet. h/t, @Chum1ng0