REPORT BREACH

The Breach News

Data Vigilante Exposes 8 Million Employee Records from Amazon, HP, and More

Data Vigilante Exposes 8 Million Employee Records in MOVEit Vulnerability Breach In a significant breach linked to the vulnerabilities of the MOVEit file transfer software, a self-styled “Data Vigilante” identified as Nam3L3ss has leaked approximately 8 million employee records from prominent corporations, including Amazon, 3M, HP, and Delta. The MOVEit…

Read MoreData Vigilante Exposes 8 Million Employee Records from Amazon, HP, and More

Massive Data Breach at Hot Topic Exposes Information of 57 Million Customers

Recent reports indicate a significant data breach affecting multiple prominent lifestyle retail brands, with an estimated 57 million customers potentially impacted. The breach appears to involve customer data from Hot Topic, Box Lunch, and Torrid, raising serious cybersecurity concerns amongst business owners and organizations handling sensitive consumer information. The compromised…

Read MoreMassive Data Breach at Hot Topic Exposes Information of 57 Million Customers

New SEC Regulations Mandate U.S. Companies Disclose Cyber Attacks Within 4 Days The U.S. Securities and Exchange Commission (SEC) recently approved regulations requiring publicly traded companies to disclose details about cyber attacks within four days of determining that the incident has a “material” impact on their financials. This marks a significant change in the way data breaches are reported. SEC Chair Gary Gensler stated, “Whether a company loses a factory in a fire or millions of files in a cybersecurity incident, it may be material to investors.” He emphasized that while many public companies currently offer cybersecurity disclosures, there would be greater benefits from a more consistent, comparable, and useful approach. The new rules stipulate that companies must share information regarding the incident’s nature, scope, and timing, along with its financial impact. However, companies may request a postponement of up to 60 days for such disclosures if it is deemed necessary.

New SEC Regulations Mandate Prompt Disclosure of Cyber Incidents by Public Companies On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) enacted new regulations requiring publicly traded companies to disclose significant cyber attacks within four days of recognizing their potential impact on financial performance. This development signifies a…

Read MoreNew SEC Regulations Mandate U.S. Companies Disclose Cyber Attacks Within 4 Days The U.S. Securities and Exchange Commission (SEC) recently approved regulations requiring publicly traded companies to disclose details about cyber attacks within four days of determining that the incident has a “material” impact on their financials. This marks a significant change in the way data breaches are reported. SEC Chair Gary Gensler stated, “Whether a company loses a factory in a fire or millions of files in a cybersecurity incident, it may be material to investors.” He emphasized that while many public companies currently offer cybersecurity disclosures, there would be greater benefits from a more consistent, comparable, and useful approach. The new rules stipulate that companies must share information regarding the incident’s nature, scope, and timing, along with its financial impact. However, companies may request a postponement of up to 60 days for such disclosures if it is deemed necessary.

The WIRED Handbook for Safeguarding Against Government Surveillance

Maintaining Privacy in a Connected World: Strategies and Considerations In an era where digital tracking is increasingly prevalent, many individuals seek ways to maintain their privacy. According to cybersecurity expert Sandvik, one of the most straightforward methods to evade tracking is to forgo the use of mobile phones altogether. “Leave…

Read MoreThe WIRED Handbook for Safeguarding Against Government Surveillance

UK Seniors Urged to Stay Vigilant Against SMS Scams Related to Winter Heating Payments

Since 1958, the UK government has provided Winter Fuel Payments to support pensioners and senior citizens in maintaining warmth during the winter months. Managed by the Department for Work and Pensions (DWP), these payments typically appear as direct deposits into eligible recipients’ bank accounts. However, access to these funds is…

Read MoreUK Seniors Urged to Stay Vigilant Against SMS Scams Related to Winter Heating Payments

Snyk Acquires Probely to Enhance API Security for AI Applications

Snyk Acquires Probely to Enhance API Security Amid Rising Demand Snyk, a Boston-based security company, has announced its acquisition of Probely, a dynamic application security testing firm based in Porto, Portugal. This strategic move comes in response to the escalating demand for secure API functionalities, particularly as companies increasingly adopt…

Read MoreSnyk Acquires Probely to Enhance API Security for AI Applications

MOVEit Data Breach Reveals Employee Information from Amazon, HSBC, and Others – Key Details You Should Know

Recent MOVEit Data Breach Exposes Sensitive Information of Major Corporations A significant new wave of data breaches has emerged, linked to the well-known MOVEit vulnerability, shaking the cybersecurity community. This incident, distinct from the Cl0p ransomware attacks of the previous year, is attributed to a different threat actor known as…

Read MoreMOVEit Data Breach Reveals Employee Information from Amazon, HSBC, and Others – Key Details You Should Know

BlueBravo Targets European Diplomats with GraphicalProton Backdoor July 28, 2023 Cyber Espionage / Malware The Russian state-sponsored group known as BlueBravo has been detected attacking diplomatic entities in Eastern Europe with the intent of deploying a new backdoor malware dubbed GraphicalProton. This move highlights the ongoing evolution of cyber threats, according to a recent report from Recorded Future. The phishing campaign, active from March to May 2023, employs legitimate internet services (LIS) to obscure command-and-control (C2) activities. BlueBravo, also referred to as APT29, Cloaked Ursa, and Midnight Blizzard (formerly Nobelium), is linked to Russia’s Foreign Intelligence Service (SVR) and has historically utilized platforms like Dropbox, Firebase, Google Drive, Notion, and Trello to bypass detection and maintain covert communication with compromised systems. GraphicalProton marks the latest in a series of malware targeting diplomatic organizations, following GraphicalNeutrino (SNOWYAMBER), HALFRIG, and QUARTERRIG.

BlueBravo Deploys GraphicalProton Backdoor Targeting European Diplomatic Entities On July 28, 2023, reports emerged detailing a sophisticated cyber espionage campaign orchestrated by the Russian state-sponsored group known as BlueBravo. This threat actor has turned its focus towards diplomatic institutions located in Eastern Europe, utilizing a newly developed backdoor named GraphicalProton.…

Read MoreBlueBravo Targets European Diplomats with GraphicalProton Backdoor July 28, 2023 Cyber Espionage / Malware The Russian state-sponsored group known as BlueBravo has been detected attacking diplomatic entities in Eastern Europe with the intent of deploying a new backdoor malware dubbed GraphicalProton. This move highlights the ongoing evolution of cyber threats, according to a recent report from Recorded Future. The phishing campaign, active from March to May 2023, employs legitimate internet services (LIS) to obscure command-and-control (C2) activities. BlueBravo, also referred to as APT29, Cloaked Ursa, and Midnight Blizzard (formerly Nobelium), is linked to Russia’s Foreign Intelligence Service (SVR) and has historically utilized platforms like Dropbox, Firebase, Google Drive, Notion, and Trello to bypass detection and maintain covert communication with compromised systems. GraphicalProton marks the latest in a series of malware targeting diplomatic organizations, following GraphicalNeutrino (SNOWYAMBER), HALFRIG, and QUARTERRIG.

Escalating Risks of Malware and DDoS Attacks Targeting Government Agencies

In July 2024, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued stark warnings regarding a surge in Distributed Denial of Service (DDoS) attacks on election-related infrastructure. SonicWall, a cybersecurity firm, reports a significant escalation in such attacks throughout the year, forecasting a 32% increase in incidents compared…

Read MoreEscalating Risks of Malware and DDoS Attacks Targeting Government Agencies