Jim Wilson of Safety Detectives reports: High-flying and rapidly growing Chinese social media management company Socialarks has suffered a huge data leak leading to the exposure of over 400GB of personal data including several high-profile celebrities and social media influencers. The company’s unsecured ElasticSearch database contained personally identifiable information (PII) from at least 214 million…
From the frying pan into the fire: Thai business angers hackers
DataBreaches.net seems to be the only site willing to report on certain breaches in Thailand these days. First it was the hack of Country Group Securities (CGSEC) by hackers calling themselves ALTDOS. And now this week, this site reported a second attack by the same threat actors that involved MONO Next Public Company. As previously…
“Without Undue Delay,” Part 2
If you follow the news on how lucrative ransomware attacks are, you have probably read how the Ryuk threat actors have made an estimated $150 million, and how Egregor threat actors are also doing a lot of damage. Neither group focuses solely on the healthcare sector, but recent reports by Check Point and Fortified Health…
OH: Court dates set in Middletown skydiving data theft case
Ed Richter reports: One former Middletown city employee has been arraigned on charges in Middletown Municipal Court in connection with the alleged hacking, corporate economic espionage and illegal recordings of Start Skydiving at the Middletown Regional Airport. Former airport manager Daniel Dickten, 67, of Goshen, was arraigned Dec. 31 on charges of unauthorized use of…
United Nations data breach exposed over 100k UNEP staff records
Ax Sharma reports: Today, researchers have responsibly disclosed a security vulnerability by exploiting which they could access over 100,000 private employee records of United Nations Environmental Programme (UNEP). The data breach stemmed from exposed Git directories and credentials, which allowed the researchers to clone Git repositories and gather a large amount of personally identifiable information (PII) associated…
Ransomware attack hits short line rail operator OmniTRAX
Nate Tabak reports: Colorado-based short line rail operator and logistics provider OmniTRAX was hit by a recent ransomware attack and data theft that targeted its corporate parent, Broe Group. OmniTRAX confirmed to FreightWaves that the cyberattack had occurred after the Conti ransomware gang posted stolen data from a leak site. The company, however, provided no…