100,000 Impacted by Jewish Home Lifecare Data Breach
Jewish Home Lifecare, now known as The New Jewish Home, experienced a data breach affecting over 100,000 individuals due to a BlackCat ransomware attack. The breach exposed sensitive personal and medical information, including Social Security numbers and financial details. While no evidence suggests misuse of the stolen data, the organization is offering complimentary credit monitoring services to those affected.
Oregon Zoo Ticketing Service Hack Impacts 118,000
Hackers compromised the Oregon Zoo’s ticketing service, impacting approximately 118,000 individuals. The breach, which targeted third-party vendor Aspire, exposed personal information such as names, payment details, and emails. Security professionals should note the importance of vendor risk management and the potential for supply chain vulnerabilities to affect sensitive customer data.
Computer Engineer Hacks Own Employer, Demands $750K Ransom
A core infrastructure engineer at a US-based industrial firm, Daniel Rhyne, exploited his privileged access to create a hidden virtual machine on his employer’s network, launching a ransomware attack demanding $750,000 in Bitcoin. Rhyne locked out IT administrators, deleted backups, and threatened further disruptions if the ransom wasn’t paid. The investigation revealed that the unauthorized activities and extortion attempts were conducted from the hidden VM, linked directly to Rhyne’s company computer and user account.
FlightAware Configuration Error Leaked User Data for Years
FlightAware, a flight tracking platform, recently discovered a configuration error that exposed user data, including user IDs, passwords, and email addresses, dating back to January 1, 2021. The error was detected on July 25, 2024, potentially compromising personal information for over three years. FlightAware has remediated the error, prompting affected users to reset their passwords and offering identity protection services, urging users to reset credentials on other platforms as a precaution against account hijacking.
National Public Data Confirms Massive Breach
National Public Data (NPD) has confirmed a massive breach exposing personal identity records of consumers in the US, UK, and Canada, including sensitive information like Social Security numbers. The breach, attributed to a third-party bad actor, has raised concerns about the need for stronger data protection measures and the discontinuation of using Social Security numbers for identification. Experts emphasize the importance of corporate and regulatory actions to address data security risks and advocate for holding companies accountable for data breaches through specific liabilities and criminal consequences.
Hackers Linked to $14M Holograph Crypto Heist Arrested in Italy
Four individuals suspected of cybercrime and money laundering, linked to the $14 million cryptocurrency heist from Holograph, were arrested in Italy after living a lavish lifestyle in the country. The hackers exploited a smart contract flaw to mint and withdraw 1 billion Holograph tokens, causing their value to plummet by over 80%. Law enforcement seized cryptocurrency wallet keys and electronic devices, aiming to return the stolen funds to Holograph.
Iran Reportedly Grapples With Major Cyberattack on Banking Systems
Recent reports indicate that Iran is facing a significant cyberattack on its banking systems. The country has previously experienced cyberattacks, with Israel and the US being blamed for a previous incident in December. This highlights the ongoing cybersecurity challenges faced by nations in the Middle East.
Windows Zero-Day Attack Linked to North Korea’s Lazarus APT
A recently discovered Windows zero-day vulnerability has been linked to North Korea’s Lazarus APT group, known for its sophisticated cyber espionage activities. The flaw, used in highly targeted attacks, allows attackers to execute arbitrary code on compromised systems, posing significant risks to sensitive data. This incident underscores the importance of promptly addressing zero-day vulnerabilities to mitigate potential exploitation by advanced persistent threats.
BlankBot Trojan Targets Turkish Android Users
A new BlankBot Trojan targeting Turkish Android users has been discovered, capable of recording screens and keystrokes, as well as injecting custom overlays to steal passwords and sensitive data. The malware is still under development and contains Turkish-language filenames.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.