Crew & Concierge
A British yacht-crew recruitment agency left an Amazon S3 bucket open on the internet, exposing the personal information of 17,000 people. To read more:https://www.theregister.co.uk/2020/02/04/crew_and_concierge_data_breach/?ck_subscriber_id=512831035
Equifax
The U.S. Justice Department charged four members of the Chinese military with hacking Equifax and stealing personal information of millions of Americans. To read more: https://apnews.com/05aa58325be0a85d44c637bd891e668f
Likud
An election website operated by Likud, the political party of Israel’s prime minister, exposed the personal information of 6.5m Israeli voters. Likud shared the entire voter registry with a software-development company, which uploaded it to a website in order to promote a voting-management app. To read more: https://thehackernews.com/2020/02/Israeli-voter-data-leaked.html
Estee Lauder
Researchers found a cloud database belonging to the cosmetics company Estee Lauder exposed online. The database contained personal information on millions of customers and internal logs for the company. To read more:https://threatpost.com/estee-lauder-440m-records-email-network-info/152789/
Crypto AG
Crypto AG, an encryption-device company active during the Cold War and into the 21st century, was secretly owned by the CIA in partnership with West German intelligence. The company sold foreign governments equipment that was rigged to enable the CIA and West Germany to spy on its adversaries. Crypto AGs’s assets were liquidated in 2018. To read more: https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/
Danish tax portal
A software error accidentally exposed the personal identification numbers of 1.26m Danish citizens. The error existed for five years before it was discovered and fixed. To read more: https://www.zdnet.com/article/software-error-exposes-the-id-numbers-for-1-26-million-danish-citizens/
National Portrait Gallery
This London art gallery was targeted by 350,000 phishing email messages containing spam and malware in the second half of 2019. To read more: http://www.thecommentator.com/article/7584/cyber_criminals_in_the_frame_after_national_portrait_gallery_is_hit_with_350_000_email_attacks
Most influential hackers
Forbes has published a list of the top 20 hackers who shaped the cybersecurity industry. To read more: https://www.forbes.com/sites/daveywinder/2020/02/10/ranked-the-worlds-20-greatest-hackers/#734aa36f10ce
RideLondon
Organizers of the RideLondon cycling event notified participants that their personal information was exposed in a data breach. Fewer than 2,100 people were supposedly affected. To read more: https://www.bbc.com/news/uk-england-london-51456778
Intel
Intel announced a critical vulnerability in the Converged Security and Management Engine (CSME). If exploited, the firmware vulnerability would enable hackers to launch escalation-of-privilege, denial-of-service and information-disclosure attacks. To read more: https://www.zdnet.com/article/intel-warns-of-critical-security-flaw-in-csme-engine/
Emotet malware
Hackers added a new attack vector to the Emotet trojan. Using already infected devices, the malware finds new victims connected to nearby Wi-Fi networks. To read more: https://thehackernews.com/2020/02/emotet-malware-wifi-hacking.html
Facebook’s Twitter and Instagram
Hackers defaced Facebook’s corporate Twitter and Instagram pages. Admins were able to retake control of the accounts and delete the hackers’ messages. To read more: https://nakedsecurity.sophos.com/2020/02/11/facebooks-twitter-and-instagram-accounts-hijacked/
Chrome extensions
Over 500 browser extensions—which have been downloaded millions of times from Google’s Chrome Web Store—were found to be uploading private browsing data to attacker-controlled servers. Google has now removed all known malicious extensions. To read more:https://arstechnica.com/information-technology/2020/02/500-chrome-extensions-secretly-uploaded-private-data-from-millions-of-users/
NextMotion
Thousands of images and records of plastic-surgery patients were left on an unsecured database. The data was gathered from clinics around the world using software made by NextMotion, a French imaging company. To read more:https://www.cnet.com/news/plastic-surgery-images-and-invoices-leak-from-unsecured-database/
Health Share of Oregon
The personal information of a member of Health Share of Oregon was compromised in a recent breach and used to open a U.S. Bank credit card. The compromised member is nine years old. To read more: https://katu.com/news/local/nine-year-old-boys-identity-stolen-in-data-breach-cybersecurity-expert-weighs-in
Rutter’s
This chain of convenience stores and gas stations disclosed a security incident that impacted customers’ payment-card data. To read more:https://securityboulevard.com/2020/02/payment-card-data-security-incident-disclosed-by-rutters/
JailCore
Researchers discovered an unsecured cloud server hosted by Amazon that contained data collected via JailCore, software used by state and county jails to streamline the process of logging inmate check-ins. Reports generated by the software contain a variety of personal and sensitive information. To read more: https://www.vice.com/en_us/article/5dmybx/jail-software-left-inmate-data-exposed-online