Lawrence Abrams; Comic reading platform Mangatoon has suffered a data breach that exposed information belonging to 23 million user accounts after a hacker stole it from an unsecured Elasticsearch database. Mangatoon is also a very popular iOS and Android app used by millions of users to read online Manga comics. Read more at BleepingComputer. Interestingly,…
Category: Business Sector
Graff paid £6m ransom fee to Conti, now sues Travelers for refusing to reimburse
Sam Lewis reports: It has been revealed that high-end British jeweller Graff paid out a ransom fee topping £6 million in a well-publicised cyber attack last year. It emerged in November 2021 that Graff had been the target of Russian hackers who had gained possession of data pertaining to many of Graff’s high-profile customers. The incident is…
Pt: Hacker targets Lisbon hotel clients
The Portugal News reports: A hacker has infiltrated the Booking account of the Marino Boutique Hotel in Lisbon, and has managed to steal almost half a million euros in false bookings. According to CNN Portugal, the hacker established direct contact with hundreds of customers between 12 and 16 June, leaving the hotel without being able…
Recent Security Incident: Statement from SHI
Over the Fourth of July holiday weekend, SHI was the target of a coordinated and professional malware attack. Thanks to the quick reactions of the security and IT teams at SHI, the incident was swiftly identified and measures were enacted to minimize the impact on SHI’s systems and operations. These preventative measures included taking some…
No need to hack, when it’s leaking, Wednesday edition: WeWork India, Proud Makatizen in Philippines
Two large leaks involving personal information discovered by researchers. First up, Zack Whittaker reports: WeWork India has fixed a security lapse that exposed the personal information and selfies of tens of thousands of people who visited WeWork India’s coworking spaces. Security researcher Sandeep Hodkasia found visitor data spilling from the check-in app on WeWork India’s website, used…
NPM supply-chain attack impacts hundreds of websites and apps
Sergiu Gatlan reports: An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As researchers at supply chain security firm ReversingLabs discovered, the threat actors behind this campaign (known as IconBurst) used typosquatting to infect developers looking for very popular…