COVID-19-related exploitation and abuse is on the rise as vaccine data opens new frontiers for threat actors. This week, the Indiana Department of Health issued a notice that the state’s COVID-19 contact-tracing system had been exposed via a cloud misconfiguration, revealing names, emails, gender, ethnicity, race and dates of birth of more than 750,000 people. The incident shows […]
Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to get access to emails about financial transactions. In this blog, we’ll share our technical analysis and journey […]
Rapid7 says unauthorized third-party accessed source code, customer data during Codecov supply chain breach Enterprise security vendor Rapid7 says it was among the victims of the Codecov software supply chain attack and warned Thursday that data for a subset of its customers was accessed in the breach. Rapid7, widely known for its tools that automate […]
Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.
The problem with a lot of things being online and connected to the internet these days is that it makes them vulnerable to hackers. A good example would be a recent story of how a town in Florida nearly had their water supply contaminated to dangerous levels when hackers managed to breach the system. According […]