Danny Palmer reports: The business of cybersecurity companies is to keep users safe from hackers and cyber attacks but almost all cybersecurity providers have themselves had data leaked or stolen and published on dark web forums. Research by application security company Immuniweb found that nearly all of the top cybersecurity companies have had corporate data…
Category: Commentaries and Analyses
Singapore Says Grab’s Fourth Privacy Breach Is Concerning
Ameya Karve and Yoolim Lee report: Singapore’s privacy regulator imposed a S$10,000 ($7,311) penalty on ride-hailing company GrabCar Pte for a personal-data breach incident last year and raised the alarm on repeated violations by the unit of Grab Holdings Inc. In August 2019, an update of Grab’s mobile application exposed the personal data of more than…
NorthShore health system reports 348,000 affected by Blackbaud breach
Ugh. I’ve been so busy adding Blackbaud incident-related reports to my worksheets that I maintain for my research with Protenus for Breach Barometer that I forgot to post some incidents here. Thankfully, a kind reader gave me a gentle poke to let you know that Lisa Schenker reported that NorthShore University HealthSystem is notifying approximately 348,000…
Meet the Middlemen Who Connect Cybercriminals With Victims
Kelly Sheridan reports: Ransomware operators looking for victims can find them on the Dark Web, where initial access brokers publish listings containing vague descriptions of businesses they’ve managed to breach. Initial access brokers, the “middlemen” of ransomware attacks, have noticed demand for their services surge as ransomware-as-a-service (RaaS) gains popularity. Their listings have steadily increased…
Paytm Mall sends legal notice to Cyble after Cyble reports an alleged breach
I’ve covered data security concerns involving digital payment services Paytm in the past, but I didn’t pick up a recent claim by Cyble because their post relied on a tip from “KelvinSec” about “John Wick.” And although Cyble provided a couple of redacted screenshots to support a claim that there had been some incident, Cyble…
FBI issues second alert about ProLock ransomware stealing data
Sergiu Gatlan reports: The FBI issued a second warning this week to alert US companies of ProLock ransomware operators stealing data from compromised networks before encrypting their victims’ systems. The 20200901-001 Private Industry Notification seen by BleepingComputer on September 1st comes after the MI-000125-MW Flash Alert on the same subject issued by the FBI four months ago, on…