Ax Sharma reports: Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack, with a malicious self-propagating payload to infect other packages. The coordinated worm-style campaign dubbed ‘Shai-Hulud’ started yesterday with the compromise of the @ctrl/tinycolor npm package, which receives over 2 million weekly downloads. Since then, the campaign has expanded significantly and…
Category: Business Sector
Jaguar Land Rover issues update on job safety after cyber attack
James Rodger reports: Jaguar Land Rover has issued an update on job security in the wake of the crippling cyber attack. JLR has extended its production shut down in the wake of the cyber attack, with the Birmingham car giant hit by a debilitating cyber security incident last month. JLR said: “Today we have informed colleagues,…
Update: Kering confirms Gucci and other brands hacked; claims no conversations with hackers?
On September 11, DataBreaches broke the story that customers of several high-end fashion brands owned by Paris-headquartered Kering had their personal information acquired by ShinyHunters as part of two Salesforce attacks. As we reported, a spokesperson for ShinyHunters claimed to have acquired more than 43 million customer records from Gucci and almost 13 million records…
Alphabet’s Verily covered up HIPAA violations, whistleblower says in lawsuit
Here’s another whistleblower suit recently filed. Ashley Capoot reports: Alphabet’s health tech subsidiary, Verily, used the health data of more than 25,000 patients without authorization and actively covered up those violations, a former company executive alleges. The executive, Ryan Sloan, claims Verily fired him after he discovered breaches of the Health Insurance Portability and Accountability Act, or…
Ex-WhatsApp cybersecurity executive says Meta endangered billions of users in new suit
The Guardian recently reported: A former top cybersecurity executive at WhatsApp filed a lawsuit on Monday alleging that parent company Meta disregarded internal flaws in the app’s digital defenses and exposed billions of its users. He says the company systematically violated cybersecurity regulations and retaliated against him for reporting the failures. Attaullah Baig, who served as the head of…
Union urges government intervention with 100,000 jobs at risk after JLR cyber attack
ITV News reports: Tens of thousands of employees who work in the Jaguar Land Rover supply chain are at risk of being laid off after the car manufacturer paused its production line following a cyber attack. The UK manufacturer was forced to shut down its systems on August 31 after becoming aware of a cyberattack…