Yesterday, Gemini Advisory released a report on some of its research into what they are calling the “Keeper” Magecart Group. Their findings are simultaneously impressive and concerning. From their report, this summary of their key findings: Gemini discovered that the “Keeper” Magecart group, which consists of an interconnected network of 64 attacker domains and 73…
Category: Breach Incidents
University of Michigan: Leaked emails, passwords were from ‘3rd-party data breaches’
Nisa Khan reports: University of Michigan students got a scare Friday night: warnings circulating on social media about an apparent data breach leaking their U-M email addresses and passwords. On Saturday, the University of Michigan released a statement saying the information was from older “third-party data breaches, such as Chegg, Zynga, LinkedIn” where users used their student emails to sign…
NY Employment Nonprofit Client Data Potentially Exposed
Rick Moriarity reports: A data breach at CNY Works may have exposed the names and Social Security numbers of 56,000 people who have used the nonprofit agency’s services to find jobs. Clients potentially impacted by the breach began receiving letters from the agency this week warning that files targeted by a suspected ransomware attack on the agency’s…
Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities
Catalin Cimpanu reports: A hacker has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password, a number that accounts for roughly 47% of all MongoDB databases accessible online, ZDNet has learned today. The hacker is using an automated script to scan for misconfigured MongoDB databases, wiping their content, and leaving a…
8 U.S. City Websites Targeted in Magecart Attacks
Lindsey O’Donnell reports: Researchers believe that Click2Gov, municipal payment software, may be at the heart of this most recent government security incident Researchers are warning that the websites of eight U.S. cities – across three states – have been compromised with payment card-stealing Magecart skimmers. The websites all utilize Click2Gov municipality payment software, which was previously…
CHI St. Luke’s Health Memorial Lufkin notifies patients of April security incident
June 22 — CHI St. Luke’s Health-Memorial Lufkin announced today that it has taken action after becoming aware of an incident that took place on April 23, 2020 in which an unapproved third party gained access to patient information. Though we have no evidence to confirm that information was actually viewed or obtained by the…