Morgan Stanley confirms breach of customer SSNs via an exploit of vendor’s Accellion FTA vulnerability

• Post author:Frank Crast
• Post published:July 10, 2021
• Post category:Cybersecurity Attacks/Data Breach/Vulnerabilities & Exploits

Morgan Stanley has confirmed a data breach of some customer SSNs and other personal data via one if its vendor's vulnerable Accellion FTA systems.

Continue ReadingMorgan Stanley confirms breach of customer SSNs via an exploit of vendor’s Accellion FTA vulnerability

Threat actors breach South Korean atomic research institute via VPN vulnerability

• Post author:Frank Crast
• Post published:June 22, 2021
• Post category:Cybersecurity Attacks/Data Breach/Network Security/Vulnerabilities & Exploits

Threat actors from suspected North Korea APT group Kimsuky breached a South Korean atomic research institute via a VPN vulnerability.

Continue ReadingThreat actors breach South Korean atomic research institute via VPN vulnerability

Alibaba leaks billions of data points via Chinese web crawler

• Post author:Frank Crast
• Post published:June 17, 2021
• Post category:Cybersecurity Attacks/Data Breach/Data Privacy

Alibaba's Chinese online shopping platform Taobao has suffered a data breach of over a billion data points that include usernames and mobile phone numbers.

Continue ReadingAlibaba leaks billions of data points via Chinese web crawler

Personal data on 533 million Facebook users posted online

• Post author:Frank Crast
• Post published:April 5, 2021
• Post category:Cybersecurity Attacks/Data Breach/Data Privacy

A hacker has leaked personal data on an estimated 533 million Facebook users, to include phone numbers and Facebook account details. The data was leaked on a publicly accessible hacking forum.

Continue ReadingPersonal data on 533 million Facebook users posted online

Energy giant Shell latest victim in Accellion FTA cyberattacks

• Post author:Frank Crast
• Post published:March 24, 2021
• Post category:Cybersecurity Attacks/Data Breach/Security Updates & Patches/Vulnerabilities & Exploits/Zero-days

Energy giant Shell was the latest victim in a series of cyberattacks on customers of Accellion's legacy File Transfer Appliance (FTA) product used to transfer large files.

Continue ReadingEnergy giant Shell latest victim in Accellion FTA cyberattacks

Microsoft open sources CodeQL queries to scan for Solarwinds-like Solorigate activity

• Post author:Frank Crast
• Post published:February 26, 2021
• Post category:Application Security/Cybersecurity Attacks/Data Breach

Microsoft has open sourced CodeQL queries used to scan for Solorigate malware activity that matches the SolarWinds supply-chain attack.

Continue ReadingMicrosoft open sources CodeQL queries to scan for Solarwinds-like Solorigate activity

T-Mobile security incident exposed customer phone numbers and call records

• Post author:Frank Crast
• Post published:January 2, 2021
• Post category:Data Breach/Data Privacy

T-Mobile has disclosed a security incident that customer phone numbers and certain account information were breached.

Continue ReadingT-Mobile security incident exposed customer phone numbers and call records

DHS issues new emergency guidance on SolarWinds Orion Code compromise

• Post author:Frank Crast
• Post published:December 30, 2020
• Post category:Cybersecurity Articles/Cybersecurity Attacks/Data Breach/Security Updates & Patches/Third-Party Security

The Department of Homeland Security (DHS) has issued new emergency guidance on the SolarWinds Orion Code compromise and supply chain vulnerability.

Continue ReadingDHS issues new emergency guidance on SolarWinds Orion Code compromise

Whirlpool victim of Nefilim ransomware attack

• Post author:Frank Crast
• Post published:December 28, 2020
• Post category:Cybersecurity Attacks/Data Breach/Malware

Home appliance maker Whirlpool has fallen victim to a Nefilim ransomware attack.

Continue ReadingWhirlpool victim of Nefilim ransomware attack

DHS warns businesses of risks using Chinese tech and data services

• Post author:Frank Crast
• Post published:December 24, 2020
• Post category:Cybersecurity Articles/Data Breach/Data Privacy/Insider Threats/Regulations & Laws/Security Monitoring/Third-Party Security

The United States Department of Homeland Security (DHS) has published a new advisory warning businesses of the risks using tech and data services linked to the People’s Republic of China (PRC).

Continue ReadingDHS warns businesses of risks using Chinese tech and data services