Al Restar writes: Two popular cashback services have leaked nearly two terabytes worth of personally identifiable information (PII) and account data in an unprotected Elastic database. The two cashback websites have been operating mostly in the United Kingdom and India. Cybersecurity experts from the Security Detectives (sic) Research team discovered an unprotected Elasticsearch database containing at…
Phorpiex botnet made $115,000 in five months just from mass-spamming sextortion emails
Catalin Cimpanu reports: Researchers at cyber-security firm Check Point say they’ve tracked one of the sources of the recent rise in sextortion emails to a good ol’ friend — the Phorpiex spam botnet, also known as Trik. Check Point says that since April, they’ve seen the botnet send out multiple spam campaigns with a “sextortion” lure —…
Montgomery County Public Schools forces password reset after Naviance hacked
Update: It was a Maryland student who did it. Brad Shear forwarded a notice he received yesterday concerning a breach impacting students of the Montgomery County Public School District. The cover email, from Luana Zimmerman of college career service Naviance began: Due to a recent data security incident in Naviance that affected one of our…
French TV channel M6 and Pitney Bowes both report ransomware attacks
Catalin Cimpanu reports that M6, one of France’s biggest TV channels, was hit by ransomware: The M6 Group, France’s largest privately-owned multimedia group, was the victim of ransomware over the weekend, but none of the company’s TV and radio channels suffered any downtime. The incident took place on Saturday morning, according to a message the…
Equifax data breach FAQ: What happened, who was affected, what was the impact?
We spent a good amount of time in the cybersecurity forum today talking about the Equifax breach. Here’s a summary of some of their key failures, reported by Josh Fruhlinger and based on A U.S. General Accounting Office’s report, and an in-depth analysis from Bloomberg Businessweek. Here are just two of the findings, as reported by Fruhlinger:…
Report: MCMC ends contract with company after massive 2017 phone data leak
Azril Annuar reports: The Malaysian Communications and Multimedia Commission (MCMC) has terminated the services of a firm hired back in 2017 to protect the personal data of mobile phone users. Thus comes after the personal data of the users, including details such as MyKad numbers were reportedly leaked by the same company. Online portal Malaysiakini reported that…