BlockFi, a popular cryptocurrency lending platform, informed its customers on Tuesday that it had a “temporary” data breach, according to Finance Magnates. The breach happened on May 14 and lasted for over an hour before the root cause of the unauthorized intrusion was found and it was stopped, putting some client’s data at risk. However, the platform also stressed that no critical customer data – or funds – were compromised.
Author: Information Security Buzz Editorial Staff
Today, it is announced that an 8 million user records have been sold by a hacker on a dark web marketplace after breaching data from the US-based meal kit and food delivery service known as the Home Chef. And this database has been sold with a price of $2,500 and a sample is provided showcasing the information in the database table.
A new study from LearnBonds indicates that 68% of major organisations (public and private) plan to increase their cybersecurity spending as a response to the COVID-19 pandemic, given the intersection of increased Work From Home (WFH) and the growth of data breaches, phishing and ransomware attacks. Experts with appviewX, Byos, Inkscreen and Gurucul offer perspective.
As per Bleeping Computer report, the new Node.js based remote access trojan and password-stealing malware spreads via malicious emails. It pretends to be coming from the U.S. Department of the Treasury. And for that issue, a cybersecurity expert from Cerberus Sentinel offers perspective.
Caller ID spoofing represents a growing problem for organizations and individuals, with more than 13,000 people having been confirmed as victims of government impersonation attempts during 2019 alone. We spoke with Danny Thompson, SVP of market and product strategy at apexanalytix on this threat, who has extensive experience working with large companies to mitigate risks like business email compromise and vishing.
easyJet confirmed that it has been a victim of data breach, where the hacker gained access to nine million customers’ email addresses and travel details. Additionally, 2,208 credit-card details were also compromised. The company has yet to disclose when and how the breach occurred. It has alerted the UK’s Information Commissioner’s Office and National Cyber Security Centre (NCSC) as well as hired an expert to look into the breach.
Wide-ranging security flaws have been discovered in the coronavirus contact-tracing app being piloted in the Isle of Wight. The security researchers involved have warned the problems pose risks to users’ privacy and could be abused to prevent contagion alerts being sent. GCHQ’s National Cyber Security Centre (NCSC) has acknowledged the issues, promising to fix some and review others. But the researchers suggest a more fundamental rethink is required. Specifically, they call for new legal protections to prevent officials using the data for purposes other than identifying those at risk of being infected, or holding on to it indefinitely.
A group of children’s privacy advocates alleged in a recent FTC complaint that TikTok violated an agreement to protect children’s private data. The popular video-sharing app TikTok has landed in hot water again over privacy issues. On Thursday, a group of privacy advocates filed a complaint with the Federal Trade Commission (FTC) alleging the platform failed to adequately protect children’s privacy. https://twitter.com/nytimes/status/1260785348751360000
A data breach for the Illinois’ new system to process unemployment claims for contractors and gig workers exposed personal information for potentially thousands of people, but state officials said the error was fixed within an hour of learning of the issue. The Illinois Department of Employment Security confirmed one person who has filed claim for benefits through the Pandemic Unemployment Assistance program was able to access personal information for “a limited number of claimants” on Friday. Illinois State Rep. Terri Bryant (R-Murphysboro) said a constituent in her district made her aware of the data breach, after inadvertently accessing a spreadsheet with…
In a recent blog post, Microsoft has announced that it will share its knowledge of coronavirus-related cyberthreats in a bid to help security teams identify and address new threats. Processing trillions of signals each day across identities, endpoint, cloud, applications, and email, Microsoft gains a greater visibility into a broad range of COVID-19-themed attacks – and sharing this will allow the wider security community to detect, protect, and respond to these threats. This will be made available through the Malware Information Sharing Platform (MISP), Azure Sentinel GitHub and the Microsoft Graph Security API.
