Dan Goodin reports: Hackers sponsored by the Russian and North Korean governments have been targeting companies directly involved in researching vaccines and treatments for COVID-19, and in some cases, the attacks have succeeded, Microsoft said on Friday. In all, there are seven prominent companies that have been targeted, Microsoft Corporate VP for Customer Security &…
How hackers collected sensitive data from the Land Transportation Office
Earlier this week, I noted a probe of a data leak involving the Land Transportation Office in Manila. There’s more reported today. Art Samaniego reports: The country’s transportation agency is now on a hot seat as thousands of personal information of drivers and vehicle owners were processed and saved by a website pretending to be…
Hosting Provider Exposed 63M Records incl. WP & Magento
I missed this report from Jeremiah Fowler the other day: On October 5th I discovered a non-password protected database that contained a large amount of monitoring and system logs. There were records indicating data backups, monitoring, error logging, and more. Upon further research, the database appeared to belong to the Texas-based cloud application hosting provider,…
Microsoft urges users to stop using phone-based multi-factor authentication
Catalin Cimpanu reports Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys. The warning comes from Alex Weinert, Director of Identity Security at Microsoft. For the past year, Weinert has been…
400 patient records lost after cabinet at Hong Kong’s Queen Mary Hospital mistakenly removed by contractor
Zoe Low reports: A filing cabinet containing more than 400 patient records was suspected to have been mistakenly disposed of by a contractor at Hong Kong’s Queen Mary Hospital last Friday. The locked four-drawer steel cabinet was used to store the service records of 442 elderly patients who had received “integrated care and discharge support”…
Ticketmaster UK Limited Fined by ICO
From the Information Commissioner’s Office: The Information Commissioner’s Office (ICO) has fined Ticketmaster UK Limited £1.25million for failing to keep its customers’ personal data secure. The ICO found that the company failed to put appropriate security measures in place to prevent a cyber-attack on a chat-bot installed on its online payment page. Ticketmaster’s failure to protect…