Zack Whittaker reports: Snowflake’s security problems following a recent spate of customer data thefts are, for want of a better word, snowballing. After Ticketmaster was the first company to link its recent data breach to the cloud data company Snowflake, loan comparison site LendingTree has now confirmed its QuoteWizard subsidiary had data stolen from Snowflake. “We…
Category: Commentaries and Analyses
PruittHealth was hacked back in November. Here’s what we STILL don’t know.
What happens when threat actors leak data on the dark web but the victim entity doesn’t access it in time to figure out what was leaked? That’s what happened to PruittHealth in Georgia last year. How many people are they notifying because they can’t figure out what was accessed, acquired, or leaked? In November 2023,…
HC3: Analyst Note: Healthcare Sector DDoS Guide
May 30, 2024 HC3: Analyst Note TLP:CLEAR Report: 20240530120 Executive Summary A Distributed-Denial-of-Service (DDoS) attack is a type of cyber attack in which an attacker uses multiple systems, often referred to as a botnet, to send a high volume of traffic or requests to a targeted network or system, overwhelming it and making it unavailable…
RansomHub Actors Exploit ZeroLogon Vuln in Recent Ransomware Attacks
Jai Vijayan reports: In recent attacks involving the ominously growing RansomHub ransomware, attackers have exploited the so-called ZeroLogon flaw in the Windows Netlogon Remote Protocol from 2020 (CVE-2020-1472) to gain initial access to a victim’s environment. Prior to deploying the ransomware, the attackers have used several dual-use tools, including remote access products from companies like Atera…
Google Database Reveals Thousands of Privacy Incidents
Joseph Cox reports: Google has accidentally collected childrens’ voice data, leaked the trips and home addresses of car pool users, and made YouTube recommendations based on users’ deleted watch history, among thousands of other employee-reported privacy incidents, according to a copy of an internal Google database which tracks six years worth of potential privacy and…
Snowflake data breach claims spark war of words over culpability; researchers may have been trolled
Solomon Klappholz reports: Snowflake has pinned the blame on a series of high-profile data breaches in recent days on customers failing to adequately secure production environments by using two-factor authentication. In a statement on 2 June 2024, Snowflake CISO Brad Jones pushed back on claims that major data breaches involving Ticketmaster and Santander were caused by a vulnerability or misconfiguration in Snowflake’s platform. […] Cyber crime intelligence…