#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

data breach | Breaking Cybersecurity News | The Hacker News

Australian Health Insurer Medibank Suffers Breach Exposing 3.9 Million Customers' Data

Australian Health Insurer Medibank Suffers Breach Exposing 3.9 Million Customers' Data

Oct 27, 2022
Australian health insurance firm Medibank on Wednesday disclosed that the personal information of all of its customers had been unauthorizedly accessed following a recent ransomware attack. In an update to its ongoing investigation into the incident, the firm  said  the attackers had access to "significant amounts of health claims data" as well as personal data belonging to its  ahm health insurance subsidiary  and international students. Medibank, which is one of the largest Australian private health insurance providers,  serves about 3.9 million customers  across the country. "We have evidence that the criminal has removed some of this data and it is now likely that the criminal has stolen further personal and health claims data," the company further added. "As a result, we expect that the number of affected customers could grow substantially." The company also said it's continuing its probe to determine what specific data has been stolen in th
CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware

CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware

Oct 24, 2022
U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the  Daixin Team  primarily targeting the healthcare sector in the country. "The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022," the agencies  said . The alert was published Friday by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS). Over the past four months, the group has been linked to multiple ransomware incidents in the Healthcare and Public Health (HPH) sector, encrypting servers related to electronic health records, diagnostics, imaging, and intranet services. It's also said to have exfiltrated personal identifiable information (PII) and patient health information (PHI) as part of a double extortion scheme to se
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak

Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak

Oct 21, 2022
Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication. "This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft  said  in an alert. Microsoft also emphasized that the B2B leak was "caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability." The misconfiguration of the Azure Blob Storage was spotted on September 24, 2022, by cybersecurity company SOCRadar, which termed the leak  BlueBleed . Microsoft said it's in the process of directly notifying impacted customers. The Win
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Omnicell Healthcare Company Confirms Ransomware Incident

Omnicell Healthcare Company Confirms Ransomware Incident

Oct 12, 2022
In a US SEC (Securities and Exchange Commission)  8-K filing , Omnicell, the healthcare technology provider, revealed that some of its products, services, and internal systems were affected by ransomware.  Upon detecting the incident, the medication management systems provider took immediate action to contain the attack and ensure continued operation. In its  10-Q form  filing, Omnicell disclosed that cyber-attacks or data breaches disrupted its business.  Will you be the next victim? If you overlook the importance of data protection, attackers can get you in no time.  Explore the  impact of the data breach  on the healthcare sector and what preventive measures can be taken against such attacks. Omnicell Announced Data Breach  Founded in 1992, Omnicell is a leading provider of medication management solutions for hospitals, long-term care facilities, and retail pharmacies.  On May 4, 2022 , Omnicell's IT systems and third-party cloud services were affected by ransomware attac
19-Year-Old Teen Arrested for Using Leaked Optus Breach Data in SMS Scam

19-Year-Old Teen Arrested for Using Leaked Optus Breach Data in SMS Scam

Oct 06, 2022
The Australian Federal Police (AFP) has arrested a 19-year-old teen from Sydney for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims. The suspect is said to have carried out a text message blackmail scam, demanding that the recipients transfer $2,000 to a bank account or risk getting their personal information misused for fraudulent activities. The source of the data, the agency said, was a sample database of 10,200 records that was posted briefly on a cybercrime forum accessible on the clearnet by an actor named "optusdata," before taking it down. Details of the scam were  previously shared  by 9News Australia reporter Chris O'Keefe on September 27, 2022. The AFP further said it executed a search warrant at the home of the offender, leading to the seizure of a mobile phone used to send the text messages to about 93 Optus customers. "At this stage it appears none of the individuals who received t
Former Uber Security Chief Found Guilty of Data Breach Coverup

Former Uber Security Chief Found Guilty of Data Breach Coverup

Oct 06, 2022
A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. Sullivan has been convicted on two counts: One for obstructing justice by not reporting the incident and another for misprision. He faces a maximum of five years in prison for the obstruction charge, and a maximum of three years for the latter. "Technology companies in the Northern District of California collect and store vast amounts of data from users," U.S. Attorney Stephanie M. Hinds  said  in a press statement. "We expect those companies to protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission and took steps to prevent the hackers from being caught." The 2016 breach of Uber occurred as a result of two hackers
Telstra Telecom Suffers Data Breach Potentially Exposing Employee Information

Telstra Telecom Suffers Data Breach Potentially Exposing Employee Information

Oct 05, 2022
Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of its own. "There has been no breach of Telstra's systems," Narelle Devine, the company's chief information security officer for the Asia Pacific region,  said . "And no customer account data was involved." It said the breach targeted a third-party platform called  Work Life NAB  that's no longer actively used by the company, and that the leaked data posted on the internet concerned a "now-obsolete Telstra employee rewards program." Telstra also noted it became aware of the breach last week, adding the information included first and last names and the email addresses used to sign up for the program. It further clarified that the data posted was from 2017. The data was "basic in nature," Devine said.  The company did not reveal how many employees wer
Optus Hack Exposes Data of Nearly 2.1 Million Australian Telecom Customers

Optus Hack Exposes Data of Nearly 2.1 Million Australian Telecom Customers

Oct 04, 2022
Australian telecom giant Optus on Monday confirmed that nearly 2.1 million of its current and former customers suffered a leak of their personal information and at least one form of identification number as a result of a  data breach  late last month. The company also  said  it has engaged the services of Deloitte to conduct an external forensic assessment of the attack to "understand how it occurred and how we can prevent it from occurring again." Optus is fully owned by Singaporean telecommunications conglomerate Singtel, which also has a significant stake in Bharti Airtel, the second largest carrier in India. "Approximately 1.2 million customers have had at least one number from a current and valid form of identification, and personal information, compromised," Singtel  said  in an announcement made on its website. It also said the breach affected expired IDs and personal information of about 900,000 additional customers. It further emphasized that the expo
Five Steps to Mitigate the Risk of Credential Exposure

Five Steps to Mitigate the Risk of Credential Exposure

Sep 29, 2022
Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft.  While CISOs are aware of growing identity threats and have multiple tools in their arsenal to help reduce the potential risk, the reality is that existing methodologies have proven largely ineffective. According to the  2022 Verizon Data Breach Investigations Report , over 60% of breaches involve compromised credentials.  Attackers use techniques such as social engineering, brute force, and purchasing leaked credentials on the dark web to compromise legitimate identities and gain unauthorized access to victim organizations' systems and resources.  Adversaries often leverage the fact that some passwords are shared among different users, making it easier to breach multiple accounts in the same organization. Some emp
Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme

Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme

Sep 27, 2022
The Australian Federal Police (AFP) on Monday disclosed it's working to gather "crucial evidence" and that it's collaborating with overseas law enforcement authorities following the hack of telecom provider Optus. "Operation Hurricane has been launched to identify the criminals behind the alleged breach and to help shield Australians from identity fraud," the AFP  said  in a statement. The development comes after Optus, Australia's second-largest wireless carrier,  disclosed  on September 22, 2022, that it was a victim of a cyberattack. It claimed it "immediately shut down the attack" as soon as it came to light. The threat actor behind the breach also briefly released a sample of 10,200 records from the breach – putting those users at heightened risk of fraud – in addition to asking for $1 million as part of an extortion demand. The dataset has since been taken down, with the attacker also claiming to have deleted the only copy of the sto
London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches

London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches

Sep 24, 2022
The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. "On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency  said , adding "he remains in police custody." The department said the arrest was made as part of an investigation in partnership with the U.K. National Crime Agency's cyber crime unit. No further details about the nature of the investigation were disclosed, although it's suspected that the law enforcement action may have something to do with the recent string of high-profile hacks aimed at  Uber  and  Rockstar Games . Both the intrusions are alleged to have been committed by the same threat actor, who goes by the name Tea Pot (aka teapotuberhacker). Uber, for its part, has pinned the breach on an attacker (or attackers) that it believes is associated with the LAPSUS$ extortion
Rockstar Games Confirms Hacker Stole Early Grand Theft Auto VI Footage

Rockstar Games Confirms Hacker Stole Early Grand Theft Auto VI Footage

Sep 19, 2022
American video game publisher Rockstar Games on Monday revealed it was a victim of a "network intrusion" that allowed an unauthorized party to illegally download early footage for the Grand Theft Auto VI. "At this time, we do not anticipate any disruption to our live game services nor any long-term effect on the development of our ongoing projects," the company  said  in a notice shared on its social media handles. The company said that the third-party accessed "confidential information from our systems," although it's not immediately clear if it involved any other data beyond the game footage. The trove of data, contains some 90 videos of clips from the game, leaked over the weekend on  GTAForums  by a user with an alias "teapotuberhacker," hinting that the party is also the same person responsible for the  recent Uber breach . The Uber hacker, who is going by the name  Tea Pot , is believed to be an 18-year-old teenager. No other de
Uber Claims No Sensitive Data Exposed in Latest Breach… But There's More to This

Uber Claims No Sensitive Data Exposed in Latest Breach… But There's More to This

Sep 17, 2022
Uber, in an update, said there is "no evidence" that users' private information was compromised in a breach of its internal computer systems that was discovered late Thursday. "We have no evidence that the incident involved access to sensitive user data (like trip history)," the company  said . "All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational." The ride-hailing company also said it's brought back online all the internal software tools it took down previously as a precaution, reiterating it's notified law enforcement of the matter. It's not immediately clear if the incident resulted in the theft of any other information or how long the intruder was inside Uber's network. Uber has not provided more specifics of how the incident played out beyond saying its investigation and response efforts are ongoing. But independent security researcher Bill Demirkapi characterized the company
TikTok Denies Data Breach Reportedly Exposing Over 2 Billion Users' Information

TikTok Denies Data Breach Reportedly Exposing Over 2 Billion Users' Information

Sep 05, 2022
Popular short-form social video service TikTok denied reports that it was breached by a hacking group, after it claimed to have gained access to an insecure cloud server. "TikTok prioritizes the privacy and security of our users' data," the ByteDance-owned company told The Hacker News. "Our security team investigated these claims and found no evidence of a security breach." The denial follows alleged reports of a hack that surfaced on the Breach Forums message board on September 3, with the threat actor noting that the server holds 2.05 billion records in a humongous 790GB database. "Who would have thought that TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?," the hacking group known as BlueHornet (aka  AgainstTheWest )  tweeted  over the weekend. Bob Diachenko, threat intelligence researcher at Security Discovery,  said  the breach is "real" and that the data i
India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information

India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information

Aug 30, 2022
Akasa Air, India's newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. According to security researcher Ashutosh Barot , the issue is rooted in the account registration process, leading to the exposure of details such as names, gender, email addresses, and phone numbers. The bug was identified on August 7, 2022, the same day the low-cost airline commenced its operations in the country. "I found an HTTP request which gave my name, email, phone number, gender, etc. in JSON format," Barot  said  in a write-up. "I immediately changed some parameters in [the] request and I was able to see other user's PII. It took around ~30 minutes to find this issue." Upon receiving the report, the company  said  it temporarily shut down parts of its system to incorporate additional security guardrails. It has also reported the incident to the Indian Computer Emergency Response Team (
Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer

Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer

Aug 14, 2022
Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. The 29-year-old individual is "suspected of involvement in concealing criminal financial flows and facilitating money laundering" through the service, the Dutch Fiscal Information and Investigation Service (FIOD)  said  in a statement. Although FIOD didn't reveal the name of the Tornado Cash engineer, The Block  identified  him as Alexey Pertsev, citing confirmation from his wife. "My husband didn't do anything illegal," she was quoted as saying. FIOD also alleged that "Tornado Cash has been used to conceal large-scale criminal money flows, including from (online) thefts of cryptocurrencies (so-called crypto hacks and scams)." The agency, which initiated an investigation into Tornado Cash in June 2022, further hinted it may make more arrests
Overview of Top Mobile Security Threats in 2022

Overview of Top Mobile Security Threats in 2022

Jun 28, 2022
Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be.  Consider the recent  discovery by Oversecured , a security startup. These experts observed the dynamic code loading and its potential dangers. Why is this a problem? Well, the Google app uses code that does not come integrated with the app itself. Okay, this might sound confusing, but it all works in favor of optimizing certain processes. Thus, Google exploits code libraries pre-installed on Android phones to reduce their download size. In fact, many Android apps use this trick to optimize the storage space needed to run.  As revealed by Oversecured, perpetrators could compromise this retrieval of code from libraries. Instead of Google obtaining code from a reliable source, it could be tricked into taking code from malicious apps operating on the devic
Former Amazon Employee Found Guilty in 2019 Capital One Data Breach

Former Amazon Employee Found Guilty in 2019 Capital One Data Breach

Jun 21, 2022
A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in the  2019 Capital One breach . Paige Thompson , who operated under the online alias "erratic" and worked for the tech giant till 2016, was found guilty of wire fraud, five counts of unauthorized access to a protected computer, and damaging a protected computer. The seven-day trial saw the jury acquitted her of other charges, including access device fraud and aggravated identity theft. She is scheduled for sentencing on September 15, 2022. Cumulatively, the offenses are punishable by up to 25 years in prison. "Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,"  said  U.S. Attorney Nick Brown. "Far from being an ethical hacker trying to help companies with their computer s
Cybersecurity Resources