Sergiu Gatlan reports: GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April 12, 2022, the threat actor has already accessed and stolen data from dozens of victim organizations using Heroku and Travis-CI-maintained OAuth apps, including…
Category: Hack
Contra Costa County Employee Email Accounts Hacked In Data Breach
Be forewarned: the news story misspells”breach” as “breech.” I couldn’t bring myself to use their headline so fixed that, but am leaving this: Contra Costa County officials have begun sending out letters this week to potential victims of the “unauthorized access to certain county employee email accounts” in a computer breech between July to August…
Big Coral Gables mortgage servicer hit by data breach, exposing clients’ personal information
Andres Viglucci reports: One of the country’s largest mortgage servicers, a company based in Coral Gables, has reported what appears to be a significant data breach to customers three months after discovering it, prompting two separate federal lawsuits. In a letter to customers dated March 18, Lakeview Loan Servicing said it had uncovered “a security…
Spanish football federation reports data stolen by hackers
The Sun reports: The Spanish football federation (RFEF) said on Thursday it was victim of a hacking attack which resulted in the loss of data belonging to president Luis Rubiales. General secretary Andreu Camps also had text and audio data stolen, the RFEF said, and the loss had been reported to the police. Read more…
Newman Regional Health notifies 52,224 patients after long-running breach of employee email accounts
Newman Regional Health (NRH) is notifying more than 52,000 patients after an investigation revealed unauthorized access to a limited number of their employee e-mail accounts between January 26, 2021 and November 23, 2021. NRH is not a large hospital. According to their site, the Kansas hospital is a not-for-profit 25-bed critical access hospital, owned by…
North Korean hackers behind $600 million crypto heist – FBI; spying on South Korean chemical sector firms – Symantec
Ameya Paleja reports: Cyber actors such as the Lazarus Group and APT38, from North Korea, have been confirmed by the Federal Bureau of Investigation (FBI) to be involved in the $600-million crypto-heist that took place last month, the investigation agency said in a press release. Earlier this year, we had reported that North Korean cybercriminals made…