Sergiu Gatlan reports: US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the…
California Pizza Kitchen spills over 100,000 employee Social Security numbers
Carly Page reports: California Pizza Kitchen (CPK) has revealed a data breach that exposed the Social Security numbers of more than 100,000 current and former employees. The U.S. pizza chain, which has more than 250 locations across 32 states, confirmed the incident in a data breach notification posted this week. The company said it learned of a…
Six million Sky routers exposed to takeover attacks for 17 months
Bill Toulas reports: Around six million Sky Broadband customer routers in the UK were affected by a critical vulnerability that took over 17 months to roll out a fix to customers. The disclosed vulnerability is a DNS rebinding flaw that threat actors could easily exploit if the user had not changed the default admin password, or a threat…
Indonesia probe police hack in latest cyber breach
Stanley Widianto reports: Indonesian police are investigating claims by a hacker who said this week they have stolen personal data of thousands of police officers, the latest in a spate of cyber attacks that has highlighted the country’s digital vulnerabilities. Using a now suspended Twitter handle, a hacker who said they were from Brazil claimed…
Brussels health authorities deny data violation on vaccination platform
Lauren Walker reports: A legal analysis has shown Brussels’ vaccination platform Bru-Vax respects personal data, Brussels health authorities’ have announced, following criticism of a data leak regarding people’s vaccination status. Earlier this week, it was reported that people, for example, employers, insurers or banks, could find out if a Brussels resident had been vaccinated by simply entering…
[Conti] Ransomware Group In-Depth Analysis
PRODAFT Threat Intelligence (PTI) Team has obtained valuable insights on the inner workings of the Conti ransomware group. The PTI team accessed Conti’s infrastructure and identified the real IP addresses of the servers in question. This report provides unprecedented detail into the way the Conti ransomware gang works, how they select their targets, how many…