Sten Hankewitz reports: According to the Estonian Information System Authority – also known by its Estonian acronym, RIA – three Estonian ministries reported cybersecurity incidents in November that resulted in significant breaches of personal data. The three ministries were the economy ministry, the foreign ministry and the social affairs ministry. “The affected ministries have been…
Category: Non-U.S.
Intersport victim of cyberattack for a second time in 2020?
First it was a Magecart attack on their web sites in Slovenia, Croatia, Serbia, Bosnia and Hercegovina and Montenegro, as reported in June. Now it appears to be a ransomware attack by Conti threat actors, who dumped more than two dozen files as alleged proof of access and exfiltration from the international sporting goods retailer….
‘Apodis Pharma’ Leaked Over 1.7 TB of Confidential Data Online
Bill Toulas reports: The French digital supply chain management and software solutions provider ‘Apodis Pharma’ has misconfigured an ElasticSearch database for public access, essentially leaking over 1.7 TB of confidential business-related data. The client portfolio of ‘Apodis Pharma’ includes big pharmaceutical firms, so the particular data leak is considered a grave security event. Read more…
AU: Australia’s largest cryptocurrency exchange accidentally exposed the names and emails of 270,000 customers
Cam Wilson reports that an old-fashioned email goof by BTC Markets exposed members’ names and email addresses: Early on Tuesday morning, an Australian cryptocurrency exchange that bills itself as the largest in the country inadvertently exposed more than 270,000 of its members names and email addresses. Users posted to social platforms like Twitter and Reddit to complain…
Cayman Islands investment fund left entire filestore viewable by world+dog in unsecured Azure blob
Gareth Corfield reports: A Cayman Islands-based investment fund has exposed its entire backups to the internet after failing to properly configure a secure Microsoft Azure blob. Details of the fund’s register of members and correspondence with its investors could be freely read by anyone with the URL to its Azure blob, the Microsoft equivalent of…
Owner and Operator of India-Based Call Centers Sentenced To Prison for Scamming U.S. Victims Out Of Millions of Dollars
An Indian national was sentenced on November 30, 2020 to 20 years in prison followed by three years of supervised release in the Southern District of Texas for his role in operating and funding India-based call centers that defrauded U.S. victims out of millions of dollars between 2013 and 2016. Hitesh Madhubhai Patel, aka Hitesh…