Software company Accellion has released preliminary findings around the security incident that stung customers using its 20-year-old File Transfer Appliance. The attackers swiftly stole data from compromised systems, and some of those organizations have subsequently been extorted.
SonicWall was recently attacked via a zero-day flaw in one of its own products. Curiously, SonicWall hasn't said much about the extent and damage of the breach since its announcement. But there are strong indications it may have been targeted by an extortion attempt.
The "Cuba" ransomware gang has hit Seattle-based Automatic Funds Transfer Services, which processes data from California's Department of Motor Vehicles as well as many cities in Washington. Victim organizations say AFTS is investigating the incident and that an unknown amount of individuals' data was exposed.
Two more breaches have been tied to the vulnerable 20-year-old Accellion File Transfer Appliance. The latest victims are Singapore telecom company Singtel and Australian medical research institute QIMR Berghofer.
The latest edition of the ISMG Security Report features an analysis of the critical security issues raised by the hacking of a Florida city water treatment plant. Also featured: The CISO of the World Health Organization discusses supply chain security; hackers steal celebrities' cryptocurrency.
Embedded software vendor Wind River Systems is investigating a security incident within its internal network, according to a notification filed with California authorities. The data that may have been exposed includes Social Security numbers and passport details.
A data breach of a Washington state auditor's system exposed 1.4 million unemployment claimants’ records. The breach stemmed from an exploit of an unpatched system from Accellion, and the state says it was never notified of the flaw. But Accellion says it notified customers and offered a patch in December.
The Austrian construction equipment manufacturing firm Palfinger AG reports being hit with a cyberattack that has knocked the majority of its worldwide IT infrastructure offline, eliminating its ability to use email and conduct business.
Security vendor SonicWall is investigating what the company calls a "coordinated attack" against its internal network by threat actors using a zero-day exploit within the company's remote access products. SonicWall is urging customers to apply temporary fixes to secure VPNs and gateways.
Privacy watchdogs in Europe have imposed fines totaling more than $330 million since the EU's General Data Protection Regulation went into full effect in May 2018, according to law firm DLA Piper. Over the past year, regulators received 121,000 data breach notifications, up 19% from the year before.
OpenWRT, an open-source project that develops operating systems, firmware and other software for connected and embedded devices, is investigating a data breach after a hacker gained access to an administrator account and apparently was able to access usernames and email addresses for community members.
The governor of New Zealand's Reserve Bank says he "personally owns" responsibility for a data breach that exposed private and sensitive stakeholder information. The breach came after a serious vulnerability was disclosed in December in Accellion's File Transfer Appliance, which the bank uses.
Email security provider Mimecast says hackers compromised a digital certificate that encrypts data that moves between several of its products and Microsoft's servers, putting organizations at risk of data loss.
The Reserve Bank of New Zealand disclosed Sunday that hackers infiltrated its network after compromising its file-sharing system from Accellion. The nation's central bank says the attack may have exposed commercial and consumer information, and other Accellion customers also had systems compromised.
The attorneys general of 27 states have entered into a $2.4 million settlement with Sabre Corp. to resolve a lawsuit tied to a 2017 data breach that struck the company's Sabre Hospitality Solutions hotel booking system, compromising 1.3 million payment cards.