It was announced today that Drizly, an alcohol delivery startup, experienced a data breach. In an email to customers obtained by TechCrunch, the company said that a hacker “obtained” some customer data. The hacker took customer email addresses, date-of-birth, hashed passwords, and in some cases delivery addresses.Drizly did not say when the hack occurred or how many accounts were affected, but did advise users to change their passwords.
ISBuzz Team
The IBM security and Ponemon Institute release report that cyberattacks are costing companies nearly $4 million per breach. The report provides in-depth look at the financial implications of small-, medium- and large-sized breaches after interviewing more than 3,000 people working for 524 organizations experiencing data breaches between August 2019 and April 2020. Cybersecurity experts provide an insight on this report below.
Identity thieves who specialise in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic – a particularly aggressive business ID theft ring that’s spent years targeting small businesses across the country is now pivoting toward using that access for pandemic assistance loans and unemployment benefits. More on that story here: https://krebsonsecurity.com/2020/07/business-id-theft-soars-amid-covid-closures/
Promo.com, an Israeli-based video marketing creation site, disclosed a data breach at the hands of an undisclosed third-party supplier that compromised the records of 22M users. The breach came to light after Promo.com found its data being given away for free on a hacker forum. Cybersecurity experts commented below on the importance of vetting third-party partners.
News of another cyberattack on the financial industry, this one is ransomware against a third party vendor of SEI Investments. Reported by the Wall Street Journal, the ransomware attack against a vendor of SEI Investments Co. The ransomware is detected in May which exposed personal information for roughly 100 investors. The cybersecurity expert commented below on the danger of ransomware and what is the best strategy to protect against such attacks.
WhatsApp has confirmed that a leading pro-independence politician in Catalonia was the target of a phone-hacking described by experts as a possible act of “domestic espionage”. The Facebook-owned messaging service has sent a letter to Roger Torrent, the speaker of the Catalan parliament, confirming that his WhatsApp account was “targeted in an attempt to gain unauthorised access to data and communications on the device”, The Guardian reports. The phones of at least two other pro-independence supporters are also believed to have been attacked. “By ‘targeted’ we are referring to the fact that the attackers attempted to inject malicious code into Mr. Torrent’s WhatsApp application,” said…
A new report from Nozomi Networks Labs finds cyber threats against Operational Technology (OT) and IoT infrastructure continued to grow in number and impact in the first half of 2020. OT-reliant organisations are increasingly embracing IoT devices, and COVID-19 has forced a global shift to remote work. Unfortunately, threat actors appear to be capitalising on these trends. In the first six months of this year, hackers used IoT botnets and shifting ransomware tactics as their weapons of choice for targeting OT and IoT networks. Nozomi Networks’ “OT/IoT Security Report,” gives an overview of the most active OT and IoT threats seen…
Malware distribution network Emotet has been hacked by a potential threat actor of unknown origin, substituting malware for humorous GIFs. As a result, instead of being hit with malware, users who click on malicious links from Emotet spam have been seeing images of James Franco and others such as “Hackerman” from the 2015 film “Kung Fury.” Members of “Cryptolaemus,” an informal group of security researchers who track Emotet, noted on Twitter last Friday that Emotet activity had suddenly declined and that the “Hackerman” GIF was loading instead of malware in around 25% of the cases. While this may seem a…
Researchers with Area 1 Security have published findings in “Phishing Election Administrators” assessing the depth of email security controls used by more than 10,000 U.S. state and local election administrators. Among key findings: The majority of state and local election administrators have only rudimentary or non-standard technologies to protect themselves from phishing; less than 3 out of 10 have basic controls to prevent phishing, and fewer than 2 out of 10 have implemented advanced anti-phishing cybersecurity controls.
Digital banking app and tech unicorn Dave.com confirmed the security breach in a blog post affecting 7,516,625 users on a public forum. Dave said this breach is due to their former business partner, Waydev, an analytics platform used by engineering teams.