Times Now reports: The special task force of the Uttar Pradesh police has arrested four persons for allegedly stealing the credit card data of 50,000 users. The victims include both police and army officers some of whom were duped. The accused have been identified as Sanjit alias Sandeep, Baldev, Tapeshwar and and Gajendra, all of…
Google says it stored some G Suite passwords in unhashed form for 14 years
Catalin Cimpanu reports: Google today revealed that a bug in an old G Suite tool has resulted in the company storing customer passwords in an unhashed — but encrypted — form for nearly 14 years, between 2005 and 2019. The company said that only G Suite enterprise customers were impacted, but not regular Gmail accounts….
Open Enrollment: How HCL Exposed Employee Passwords and Project Data
UpGuard reports: In the course of performing data leaks investigation on behalf of an UpGuard client, a member of the UpGuard Data Breach Research team discovered publicly accessible information belonging to technology services provider HCL. The public data included personal information and plaintext passwords for new hires, reports on installations of customer infrastructure, and web…
UK: Cyber attack on Sunderland City Council database: Investigation after personal data accessed by hackers
Ross Robertson reports: Hackers have accessed users’ personal details in a cyber attack on Sunderland City Council’s library database. Council chiefs are warning users to be vigilant after a number of customers’ details were accessed during a cyber incident involving the library services customer database. This resulted in the unauthorised access to the details of…
Companies send confusing alerts about data breaches
Isn’t this what I’ve been saying for more than a decade now? Now there’s a study that agrees with me. Laurel Thomas-Michigan reports on a study called, “You `Might’ Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications” by Yixin Zou, Shawn Danino, Kaiwen Sun, Florian Schau. She reports: Building…
MuddyWater Hacking Group Upgrades Arsenal to Avoid Detection
Sergiu Gatlan reports: The MuddyWater threat group has been updating its tactics, techniques, and procedures (TTPs) to include a number of new anti-detection techniques designed to provide remote access to compromised systems while evading detection as part of a new campaign dubbed BlackWater. MuddyWater (also known as SeedWorm and TEMP.Zagros) is an advanced persistent threat (APT) group — or a…