Jonathan Stempel reports: Yahoo has struck a revised $117.5 million settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history. The proposed class-action settlement made public on Tuesday was designed to address criticisms of U.S. District Judge Lucy Koh in San Jose, California. She…
Category: Business Sector
Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
From a recent report by Brendan McKeague, Van Ta, Ben Fedore, Geoff Ackerman, Alex Pennino, Andrew Thompson, Douglas Bienstock of FireEye: Recently, FireEye Managed Defense detected and responded to a FIN6 intrusion at a customer within the engineering industry, which seemed out of character due to FIN6’s historical targeting of payment card data. The intent…
Senate Permanent Subcommittee on Investigations Rips Into Equifax Over Its Massive 2017 Data Breach.
So the Congressional report on Equifax’s massive 2017 databreach was released. The title gives you a clue as to what you can expect to read in it: HOW EQUIFAX NEGLECTED CYBERSECURITY AND SUFFERED A DEVASTATING DATA BREACH STAFF REPORT PERMANENT SUBCOMMITTEE ON INVESTIGATIONS UNITED STATES SENATE The report is 71 pages, and the following is…
UK: Law Firm Launches $6.5 Million Action Against Ticketmaster Over Data Breach
Richard Smirke reports: A British law firm has launched a £5 million ($6.5 million) legal action against Ticketmaster following last year’s security breach, which is believed to have affected up to 40,000 U.K. customers. […] The U.K. arm of Ticketmaster detected a major security breach on June 23, 2018 when it identified malicious software on…
Chinese companies have leaked over 590 million resumes via open databases
Catalin Cimpanu reports: Chinese companies have leaked a whopping 590 million resumes in the first three months of the year, ZDNet has learned from multiple security researchers. Most of the resume leaks have occurred because of poorly secured MongoDB databases and ElasticSearch servers that have been left exposed online without a password, or have ended up online…
AeroGarden maker says hackers stole months of credit card data
Zack Whittaker reports: Bad news for home gardeners: criminals might have your credit card data. AeroGrow, the maker of the at-home garden kit AeroGarden, said in a letter to customers that its website had credit card scraping malware for more than four months. The company said anyone who bought something through its website between October…