Jeremiah Fowler reports: On October 28th I discovered a non-password protected database that contained millions of log files. Upon further research, the records all contained information that identified PrankDial.com as the owner of the data. I immediately sent a responsible disclosure notice and the database was closed for public access shortly after. According to their…
Category: Business Sector
Mexico’s Pemex Oil Suffers Ransomware Attack, $4.9 Million Demanded
Lawrence Abrams reports: Mexico’s state-owned oil company, Pemex, has suffered a DoppelPaymer ransomware attack that demanded $4.9 million USD in order to decrypt their files. On Sunday, November 10th, Pemex was hit with a ransomware attack that the company states affected less than 5% of their computers. Workers reported, though, that internal memos told them not to initially…
Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin
Brian Krebs reports: Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. Orvis says the exposure was…
Major ASP.NET hosting provider recovering from ransomware attack
Catalin Cimpanu recently reported: SmarterASP.NET, an ASP.NET hosting provider with more than 440,000 customers, was hit yesterday by ransomware. The company is the third major web hosting firm this year that went down because hackers breached their network and encrypted data on customer servers. Read more on ZDNet. In an update yesterday, Duncan Riley reported…
Attempted sextortion leads to call for stricter phone porting rules
Thomas Daigle reports: When Randall Baran-Chong received a notification on his smartphone late one night last week indicating the device was no longer in service, it was the first sign of trouble. […] In the hours that followed, the 33-year-old Toronto businessman says someone locked down his laptop, purchased an Xbox video game gift card…
A leak report quietly disappears, leaving questions in its wake
On October 8, Jeremiah Fowler reported that he had discovered a non-password protected database that contained what appeared to be information regarding healthcare workers and traveling nurses. If you had read the report on Security Discovery at the time, you would have read that almost one million people were potentially affected. Based on that reporting,…