Gemini Advisory reports: Gemini Advisory’s analysts uncovered a September 14, 2020 post on a Russian-language dark web forum by a cybercriminal group operating under the moniker “LockBit,” in which they advertised starting their own blog under the same name. LockBit is a Russian-language ransomware team, alongside “REvil”/”Sodinokibi” and “Maze,” that advertises its services on Russian-language dark web…
Category: Business Sector
NY Attorney General James Gets Dunkin’ to Fill Holes in Security, Reimburse Hacked Customers
New York Attorney General Letitia James today announced a settlement with Dunkin’ Brands, Inc. (Dunkin’) — franchisor of Dunkin’ Donuts — resolving a lawsuit over the company’s failure to respond to successful cyberattacks that compromised tens of thousands of customers’ online accounts. The settlement requires the company to notify customers impacted in the attacks, reset those customers’…
Magento online stores hacked in largest campaign to date
Catalin Cimpanu reports: More than 2,000 Magento online stores have been hacked over the weekend in what security researchers have described as the “largest campaign ever.” The attacks were a typical Magecart scheme where hackers breached sites and then planted malicious scripts inside the stores’ source code, code that logged payment card details that shoppers…
Singapore Says Grab’s Fourth Privacy Breach Is Concerning
Ameya Karve and Yoolim Lee report: Singapore’s privacy regulator imposed a S$10,000 ($7,311) penalty on ride-hailing company GrabCar Pte for a personal-data breach incident last year and raised the alarm on repeated violations by the unit of Grab Holdings Inc. In August 2019, an update of Grab’s mobile application exposed the personal data of more than…
Secure Data Technologies Sues Ex-Employee for Breach of Contract
Christina Tabacco reports: On Thursday, Secure Data Technologies, Inc. sued a former employee for hacking the company’s email system and removing confidential and proprietary information. The Eastern District of Missouri lawsuit states seven claims for relief under various Missouri and Illinois business tort and computer fraud statutes. According to the filing, Secure Data is an Illinois corporation,…
Razer Gaming Fans Caught Up in Data Leak
Tara Seals reports: An estimated 100,000 customers of Razer, a purveyor of high-end gaming gear ranging from laptops to apparel, have had their private info exposed, according to a researcher. Security consultant Bob Diachenko ran across a misconfigured Elasticsearch cloud cluster that exposed a segment of Razer’s infrastructure to the public internet, for anyone to…