Danny Palmer reports: The average ransom paid to cyber criminals following a ransomware attack is falling as more companies become reluctant to give into extortion demands. Analysis by cybersecurity company Coveware has found that the average ransom payment paid following a ransomware attack decreased by a third in the final quarter of 2020, dropping to $154,108 from $233,817…
Wind River Security Incident Affects SSNs, Passport Numbers
Lindsey O’Donnell reports: Wind River Systems, which develops embedded system software, on Friday warned of a “security incident” that had exposed personnel records. One or more files were downloaded from the company’s network on or around September 29, it said. Affected data included information maintained within the company’s personnel records – including critical data like…
Personal Data of 3 Million+ People Exposed In DriveSure Hack
Once again, breaches are discovered when security firms read forums where data are shared or posted for sale. Risk Based Security discusses what they found involving DriveSure: In a lengthy post to prove the databases’ high quality, the threat actor detailed the leaked files and the user information. Typically, hackers only share valuable segments or…
Report: American Cable and Internet Giant Comcast Exposed Development Database Online
This is a leak that deserves its own post. Website Planet reports: On December 1st, 2020 the WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained over 1.5 billion records. There were references to Comcast throughout the database including multiple subdomains, urls, and internal IP addresses. The publicly visible…
Leaks, leaks, leaks….
A small roundup of leak or breach reports from various sources and places in the world… Pakistan Bykea, a Pakistani vehicle-for-hire and parcel delivery company was found leaking its production server with more than 200GB of data containing more than 400 million records. Exposed customer PII included names, phone numbers, and email addresses, while Bykea…
FTC Gives Final Approval to Settlement with Zoom over Allegations the Company Misled Consumers about Its Data Security Practices
The Federal Trade Commission finalized a settlement with Zoom Video Communications, Inc., over allegations it misled consumers about the level of security it provided for its Zoom meetings and compromised the security of some Mac users. The final order requires Zoom to implement a comprehensive security program, review any software updates for security flaws prior to release and ensure…