Wyze
This IoT device company confirmed that an exposed database shared the details of 2.4m customers. The Elasticsearch database was not a production system; however, the server was storing valid user data. To read more: https://www.zdnet.com/article/iot-vendor-wyze-confirms-server-leak/
Moss Adams
One of the largest US-based accounting firms announced that a data breach potentially exposed user data. The hacker had access to an employee email account from October 2019. To read more: https://latesthackingnews.com/2019/12/29/us-accounting-firm-moss-adams-discloses-data-breach/
RavnAir
An Alaskan air carrier experienced a cyberattack that disrupted flights. Complete system restoration will take up to a month. To read more: https://www.sfchronicle.com/news/article/RavnAir-revises-estimate-of-damage-from-cyber-14941645.php
Sinai Health System
Sinai Health System notified the federal government of a data breach that exposed the personal data of 12,578 people. The breach happened in October after hackers gained access to employee email accounts. To read more:https://chicago.suntimes.com/2019/12/31/21044739/data-breach-sinai-health-system-chicago
Citrix
A vulnerability in the Citrix Application Delivery Controller could potentially expose the networks of more than 80,000 firms. To read more: https://www.bleepingcomputer.com/news/security/critical-citrix-flaw-may-expose-thousands-of-firms-to-attacks/
DNA Kits
The pentagon is advising members of the military not to use consumer DNA kits from companies such as 23andMe because they pose a security risk. To read more:https://www.yahoo.com/news/pentagon-warns-military-members-dna-kits-pose-personal-and-operational-risks-173304318.html
Discord
Discord is a black-market platform selling credit PayPal and credit card information. To read more: https://onezero.medium.com/inside-discords-thriving-black-market-for-stolen-credit-cards-and-gift-cards-323be0256586
The Heritage Company
The Arkansas-based company suspended all services because of a cyberattack. Hackers hit Heritage servers with ransomware, forcing the CEO to fire 300 employees days before Christmas because the company could not recover. To read more: https://www.kait8.com/2019/12/22/heritage-company-announces-temporary-closure-due-cyber-attack-before-christmas/
US Coast Guard
The US Coast Guard announced that Ryuk ransomware took down a port authority for more than 30 hours. The agency did not release the name or location of the facility. To read more: https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/
Special Olympics NY
Attackers compromised an email server owned by Special Olympics NY to send phishing emails. To read more: https://www.tripwire.com/state-of-security/security-data-protection/special-olympics-nys-email-server-abused-to-send-phishing-emails/
https://upscri.be/9816bc
Shitcoin Wallet
Researchers caught a Google Chrome extension injecting JavaScript code on web pages to steal passwords and private keys from crypto-wallets. The extension lets users manage Ether coins and Ethereum ERC20-based tokens. To read more: https://www.zdnet.com/article/chrome-extension-caught-stealing-crypto-wallet-private-keys/
UK New Year Honors list
The UK government accidentally exposed the addresses of 1,000 people who received honors. The list included politicians, senior police chiefs, security operatives, politicians and Ministry of Defence staff. To read more:https://www.theguardian.com/uk-news/2019/dec/28/government-exposes-addresses-of-new-year-honours-recipients
North Korean hackers
Microsoft announced that it successfully took down 50 web domains previously used by a North Korean-backed hacking group. To read more: https://www.zdnet.com/article/microsoft-takes-down-50-domains-operated-by-north-korean-hackers/
Travelex
Travelex, an international foreign-currency exchange, suspended some services after being hit by malware. The London-based company operates 1,500 stores globally and took systems offline as a precaution to protect data and stop the malware. To read more: https://techcrunch.com/2020/01/02/travelex-malware/
Poloniex cryptocurrency exchange
This exchange was forced to reset account-holder passwords following a phishing data breach. To read more: https://www.zdnet.com/article/poloniex-cryptocurrency-exchange-confirms-account-data-leak/
Xiaomi Mijia camera
A Xiaomi camera linked to a Google account is receiving random images from other people’s homes when trying to stream content from the camera to a Google Nest Hub. The images include people sleeping and a baby in a cradle. To read more: https://www.androidpolice.com/2020/01/02/uh-oh-xiaomi-camera-feed-showing-random-homes-on-a-google-nest-hub-including-still-images-of-sleeping-people/
Roosevelt General Hospital
A New Mexico-based hospital found malware on the digital imaging server of its radiology department. To read more: https://healthitsecurity.com/news/new-mexico-hospital-finds-malware-infection-on-digital-imaging-server
Michigan schools
A Michigan school district’s servers were attacked by ransomware during the holiday break, and three schools were closed for a week to solve the problem. To read more: https://www.cbsnews.com/news/ransomware-attack-shuts-down-richmond-michigan-school-district/
Landry’s
A US restaurant chain that operates brands such as Bubba Gump Shrimp Co and Rainforest Cafe disclosed a malware breach that enabled attackers to steal customer’s credit-card information. To read more: https://www.bleepingcomputer.com/news/security/popular-us-restaurant-owner-hit-by-credit-card-stealing-malware/
Pensacola
Last December, hackers used Maze ransomware to attack the city of Pensacola. The city did not pay the ransom, so the group behind the threat posted a 2GB archive of the exfiltrated data. To read more: https://www.forbes.com/sites/leemathews/2020/12/31/ransomware-hackers-have-started-leaking-city-of-pensacola-data/?ss=cybersecurity#298aa382994b
BusKill cable
An engineer designed a USB “kill cable” that shuts down and wipes a Linux laptop if the device gets stolen in a public place. If someone yanked the computer and the USB cable disconnects, it triggers a udev script. To read more: https://www.zdnet.com/article/new-usb-cable-kills-your-linux-laptop-if-stolen-in-a-public-place/
Air China
An Air China employee published the personal details of 20 celebrities who flew on a flight with him. The employee posted the information on Weibo, China’s Twitter-like platform. To read more: https://www.scmp.com/news/china/society/article/3044682/air-china-suspends-flight-attendant-over-personal-data-breach