Threat actors known as ALTDOS continue to romp their way through attacks on ASEAN entities, garnering very little media attention as they acquire and dump millions of consumer records and proprietary information on businesses. The majority of the victims whose data they have dumped appear to be from Singapore and Thailand, but they do have…
Category: Breach Incidents
EventBuilder misconfiguration exposed event registrants’ information
If you ever used EventBuilder to register as an attendee at an event, then you may be among those whose personal information has been exposed in a leak estimated to have affected more than 100,000 people. The leak was spotted by Bob Diachenko and responsibly disclosed by Diachenko and Clario Tech according to a new report…
Getting caught up: Conti domains seized by Irish Garda
A story by Stephen Breen inThe Irish Sun yesterday included reference to an update on the HSE attack by Conti: Earlier this month, cops seized several websites belonging to the Russian gang behind the attack in a major “disruption operation”. If anyone logs on to the sites they will see a screen warning the site…
PA: Horizon House notifying patients of ransomware attack in March
I do not recall ever seeing Horizon House in Philadelphia listed on any dedicated leak site used by ransomware groups, but according to a press release issued last week, Horizon House experienced a ransomware attack in March 2 and March 5 of this year that encrypted their files and allowed the unknown threat actor to…
Two more ransomware attacks on medical entities impact 56,000 patients in Florida and Texas
DataBreaches.net notes two more ransomware attacks on U.S. medical entities. Neither of the incidents below, which impact approximately 56,000 patients in Florida and Texas, have appeared on any dedicated leak site affiliated with ransomware groups or markets – at least not as of the time of this publication. And neither incident has as yet shown…
Exposed Payment Integration API Keys Imperil Millions of Users’ Transaction Details and PII
Arshit Jain and Sai Ahladini Tripathy report some findings concerning the risk of unauthorized access to API keys enabling acquisition of sensitive or critical data. A recent investigation by CloudSEK found that a range of companies have mobile apps with API keys that are hardcoded in the app packages. “These keys could be easily discovered…