Data loss

Medical images and details of 24.3 million patients left exposed on the internet

Researchers discover that confidential images of X-rays, CT and MRI scans related to millions of patients has been left unprotected on hundreds of servers used by health providers worldwide.


1 min read

bitdefender.com

Police raids after data on most of Ecuador’s citizens leaks online

If you’re a citizen of Ecuador, chances are that you’ve had your personal and financial information exposed after an ElasticSearch server was left unsecured.

Victims even include Wikileaks founder Julian Assange…


0 sec read

tripwire.com

Hundreds of millions of Facebook users’ phone numbers found lying around on the internet

A security researcher found a server on the internet containing more than 419 million records related to Facebook users.

No password protection was in place – meaning the treasure trove of phone numbers was available to literally anybody with an internet connection.

Read more in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

Ex-Amazon worker – suspected of hacking Capital One – faces charges of breaching 30 other companies to mine cryptocurrency

Capital One isn’t the only organisation allegedly to have had its data breached by Paige Thompson, the former Amazon systems engineer.

Read more in my article on the Hot for Security blog.


0 sec read

Hostinger resets passwords following security breach

Web hosting firm Hostinger has reset the passwords of all of its customers after it discovered hackers had breached its systems and accessed a database containing millions of records.


1 min read

European Central Bank confirms website hack and data breach

The European Central Bank (ECB), the central bank of the 19 European countries which have adopted the euro, has shut down a compromised website after it discovered that hackers had planted malware that stole information from newsletter subscribers.


1 min read

tripwire.com

More than a million people have their biometric data exposed in massive security breach

A biometrics system used to secure more than 1.5 million locations around the world – including banks, police forces, and defence companies in the United States, UK, India, Japan, and the UAE – has suffered a major data breach, exposing a huge number of records and unencrypted fingerprints.

Read more in my article on the Tripwire State of Security blog.


0 sec read

tripwire.com

Cryptocurrency exchange Binance offers $290,000 bounty to unmask blackmailer

One of the world’s largest cryptocurrency exchanges has revealed that it is being blackmailed to the tune of 300 Bitcoin (approximately US $3.5 million) by someone who is threatening to release some 10,000 sensitive photographs of its customers.

Read more in my article on the Tripwire State of Security blog.


0 sec read

tripwire.com

Exposed internal database reveals vulnerable unpatched systems at Honda

Automotive giant Honda has shut down an exposed database that contained sensitive information about the security – specifically the weak points – of its internal network.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #139: Capital One hacked, iMessage flaws, and anonymity my ass!

Capital One gets hacked, critical vulnerabilities are found in iMessage, and data anonymization may not be as good as we hope. But listen up, we also discuss the Legend of Zelda, a biography of tech giants, offer advice for escaping an angry moose, and are introduced to… Penelope?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast.


2 min read

tripwire.com

Woman arrested after Capital One hack spills personal info on 106 million credit card applicants

The FBI has arrested a 33-year-old software engineer in Seattle as part of an investigation into a massive data breach at financial services company Capital One.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #138: Logic bombs, brain data exploitation, and Digga D tweets

Logic bombs in Excel spreadsheets, how should we protect our brain data from big companies, and how did bizarre messages about Drill rap end up on the Metropolitan Police’s Twitter account and website?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BJ Mendelson.


1 min read

Police arrest man after Lancaster University hacking attack

Police have arrested a 25-year-old man in connection with a data breach at Lancaster University that saw student records and applicant’s personal details compromised.


1 min read

700 million reasons for Equifax to remember to patch its vulnerable IT systems in future

Equifax has agreed to pay up to $700 million in a FTC settlement following its 2017 data breach.


1 min read

Slack response. Passwords reset four years after data breach

Slack would have been wiser – in an abundance of caution – to reset all of its users’ passwords back in March 2015.

After all, leaving it until four years later looks a little bit… slack.


1 min read

Security researcher arrested after data on every adult in Bulgaria hacked from government site

Police in Bulgaria have arrested a 20-year-old man after a hack against the Bulgarian tax authority, known as the National Revenue Agency (NRA), which saw data on every single adult living in Bulgaria stolen, and offered to the media.


1 min read