There were two incidents concerning New Zealand leaks or breaches in my news feed this morning. One of them caught my attention because the story didn’t seem accurate — and not because the reporters weren’t reporting accurately, but because the entity may not have been fully transparent or accurate about the incident. First: Mandy Te,…
Category: Business Sector
Walmart Sued Under CCPA After Data Breach
Phil Muncaster reports: Walmart has become the latest big-name brand accused of violating California’s new data breach regulations. The retail giant is the subject of a new complaint alleging that customers now face “significant injuries and damage” after an unspecified incident. Customer names, addresses, financial and other information were among the haul for attackers, according…
A hacker used Twitter’s own ‘admin’ tool to spread cryptocurrency scam
Zack Whittaker reports: A hacker allegedly behind a spate of Twitter account hacks on Wednesday gained access to a Twitter “admin” tool on the company’s network that allowed them to hijack high-profile Twitter accounts to spread a cryptocurrency scam, according to a person with direct knowledge of the incident. The account hijacks hit some of the most prominent…
No-Log VPNs Exposed Users’ Logs and Personal Details for All to See
Ugh. vpnMentor reports: A group of free VPN (virtual private network) apps left their server completely open and accessible, exposing private user data for anyone to see. ….. Each of these VPNs claims that their services are “no-log” VPNs, which means that they don’t record any user activity on their respective apps. However, we found multiple…
Citrix denies dark web claim of network compromise and ransomware attack
Simon Sharwood reports: Citrix has taken the unusual step of rebutting dark web discourse that alleges its networks have been compromised. A Wednesday post penned by CISO Fermin J. Serna says the company is aware of “threat intelligence report circulated concerning claims made on the dark web by a threat actor alleging compromise of the Citrix network,…
Russian BEC Gang Targets Hundreds of Multinational Companies
Akshaya Asokan reports: A newly uncovered Russia-based business email compromise gang has been targeting hundreds of large, multinational corporations in over 40 countries since 2019, according to the security firm Agari. The gang, which Agari calls Cosmic Lynx, uses a combination of social engineering techniques and well-crafted email messages designed to target the upper echelon of…