It has been reported that the San Francisco Employees’ Retirement System (SFERS) said it suffered a data breach after an unauthorised person gained access to a database hosted in a test environment. In a data breach notification filed yesterday, SFERS stated that one of their vendors had set up a test environment that included a database containing the information for approximately 74,000 SFERS members. While SFERS states that no Social Security Numbers or bank account information was contained in the breach, there was enough personal information exposed that could be used by threat actors in attacks. The leaked information for all members includes a member’s name, address, date of birth, and…
ISBuzz Team
The operators of the DopplePaymer ransomware have congratulated SpaceX and NASA for their first human-operated rocket launch and then immediately announced that they infected the network of one of NASA’s IT contractors. In a blog post published today, the DopplePaymer ransomware gang said it successfully breached the network of Digital Management Inc. (DMI), a Maryland-based company that provides managed IT and cyber-security services on demand. According to the company’s press releases, DMI’s customer list includes several Fortune 100 companies and many government agencies, among them NASA. It is unclear how deep inside DMI’s network the DopplePaymer gang made it during their breach, and how many customer networks they managed to breach.
The operators of the REvil ransomware have launched a new auction site used to sell victim’s stolen data to the highest bidder. REvil, otherwise known as Sodinokibi, is a ransomware operation that breaches corporate networks using exposed remote desktop services, spam, exploits, and hacked Managed Service Providers. Once established on a network, they quietly spread laterally through the company while stealing unencrypted data from workstations and exposed servers.
Ransomware groups are joining forces to share advice, tactics, and a centralized data leak platform, so that ransomware operations can focus more on creating more sophisticated attacks and successful extortion attempts.
Google has been sued in the US over claims it illegally invades the privacy of users by tracking people even when they are browsing in “private mode”, BBC News reports. Many internet users assume their search history isn’t being tracked when they view in private mode, but Google says this isn’t the case – denying that it is illegal and saying they are upfront about the data they collect in this mode. Incognito mode within Google’s Chrome browser gives users the choice to search the internet without their activity being saved to the browser or device, but the websites visited can…
MOT tests may soon introduce the clause when driverless cars hit the road to ensure safety and quality standards are maintained for road users. The new safety standard known as CAV PASS, will help minimise defects ahead of testing and wider deployment of autonomous cars on UK roads. The new measures will first focus on enabling trialling for self driving vehicles but the aim is to asssure security for cars when they are finally sold to the public. The scheme is part of an ongoing project to build the first code of practice for automated vehicle trials so scientists can build…
It has been announced this morning that a major data breach at mobile payment app Bharat Interface for Money (BHIM) has exposed the personal and financial data of millions of Indians.
Cybercrime generates over $1.5 trillion in annual revenue, outpacing BigTech earners like Apple and Amazon. Our new report explores key trends in the dark web marketplaces and underground cybercriminal forums providing a look into the past, the present and future. Trend Micro has found that the cybercriminal underground is not as separated by language as much as it was five years ago. Cybercriminals have adopted a more global view and found that advertising in multiple language forums is a must if they wanted to earn more money. Still, the cybercriminal underground economy remains diverse, and different markets carry unique goods…
Amtrak, the public transportation unit, announced that it suffered a data breach causing Amtrak to reset user passwords after the Guest Rewards data breach. The data obtained from this breach of consumer’s personal information.
The government-backed online cyber security training programme, which has seen more than 65,000 students take part in recent years, is to begin its fourth year early to capitalise on the thousands of young people who are currently unable to attend school. Led by the Department for Digital, Culture, Media and Sport (DCMS) and delivered by global IT security training organisation SANS Institute, Cyber Discovery was first launched in the school year 2017/18 and aims to help close the UK’s cyber security skills gap by inspiring teenagers to pursue a career in the industry. The programme is comprised of four phases: an initial assessment stage called CyberStart…