U.S. Bank data breach impacts 11K customers
U.S. Bank notified some customers on Friday that their personal information was accidentally shared by a third-party vendor, according to letters posted to the California Attorney General's website. On Sept. 27, a third-party collections recovery group accidentally shared the names, addresses, Social Security numbers, birthdays, closed account numbers and outstanding balances of about 11,000 customers, a U.S. Bank spokesperson told Banking Dive. READ MORE...
Chegg sued by FTC after suffering four data breaches within 3 years
The U.S. Federal Trade Commission (FTC) has sued education technology company Chegg after exposing the sensitive information of tens of millions of customers and employees in four data breaches suffered since 2017. The agency's proposed order would require Chegg to shore up data security, implement multifactor authentication (MFA) to help users secure their accounts, limit collected and stored customer data, and allow customers to access and delete their data. READ MORE...
Twilio reveals hackers compromised its systems a month earlier than previously thought
Readers will recall that cloud communications firm Twilio disclosed on August 7 2022 that hackers had accessed user data following a sophisticated social engineering attack that saw employees targeted with SMS-phishing ("smishing") text messages. Attackers sent current Twilio staff and former employees SMS text messages that purported to come from the company's IT department, telling them that their passwords had expired. READ MORE...
Bed Bath & Beyond Investigating Data Breach After Employee Falls for Phishing Attack
Bed Bath & Beyond revealed last week in an SEC filing that it recently suffered a data breach after an employee fell victim to a phishing attack. Only few details have been shared by the retailer as the investigation is ongoing. The company explained that it became aware of unauthorized access to some data after an employee was targeted in a 'phishing scam' in October. READ MORE...
Label Giant Multi-Color Corporation Discloses Data Breach
Label printing giant Multi-Color Corporation (MCC) has started informing employees that their personal information might have been compromised in a recent cyberattack. A global supplier of premium label solutions, MCC operates roughly 100 label producing operations and has approximately 10,000 employees. MCC provides label solutions to organizations in the automotive, beverage, chemicals, food, healthcare, technical, and other industries. READ MORE...
Extortion fears after hacker stole patient files from Dutch mental health clinics
Patients of Dutch mental health clinics are being warned that their personal records have fallen into the hands of hackers following a security breach at an online portal that "guaranteed" their privacy. Netherlands-based technology company Nedap disclosed on 25 October a hacking incident of its Carenzorgt.nl portal, used by thousands of healthcare institutions throughout the country to share digital health records and personal data. READ MORE...
Google ad for GIMP served info-stealing malware via lookalike site
Searching for 'GIMP' on Google as recently as last week would show visitors an ad for 'GIMP[.]org,' the official website of the well known graphics editor, GNU Image Manipulation Program. This ad would appear to be legitimate as it'd state 'GIMP[.]org' as the destination domain. But clicking on it drove visitors to a lookalike phishing website that provided them with a 700 MB executable disguised as GIMP which, in reality, was malware. READ MORE...
Accused 'Raccoon' Malware Developer Fled Ukraine After Russian Invasion
A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon, a popular "malware-as-a-service" offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. KrebsOnSecurity has learned that the defendant was busted in March 2022, after fleeing mandatory military service in Ukraine in the weeks following the Russian invasion. READ MORE...
Experian tool exposed partial Social Security numbers, putting customers at risk
An Experian product that allows organizations to verify customers' identity could be exploited to expose partial Social Security numbers, a researcher found through testing several organizations that use the product. The researcher, who asked to be identified only by the online handle Lucky225, first detailed the security issue in a September Medium post after finding it when trying to register for the Pacific Gas and Electric Company. READ MORE...
Critical ConnectWise Vulnerability Affects Thousands of Internet-Exposed Servers
IT management software provider ConnectWise on Friday announced updates that patch a critical vulnerability which, according to cybersecurity professionals, exposes thousands of servers to attacks. The flaw, described as "improper neutralization of special elements in output used by a downstream component", affects the ConnectWise Recover backup and disaster recovery product (v2.9.7 and earlier), and the R1Soft server backup manager (v6.16.3 and earlier). READ MORE...
- ...in 1512, Michelangelo's ceiling of the Sistine Chapel is exhibited to the public for the first time.
- ...in 1870, the National Weather Service (then called the Weather Bureau) issues its first meteorological forecast.
- ...in 1963, the Arecibo Observatory in Puerto Rico is opened. Before being decommissioned in 2020, it was the home of the world's largest radio telescope.
- ...in 1982, Honda becomes the first Asian automobile company to manufacture cars in the United States, with the opening of its Marysville, OH factory.
