The badly configured Sanrio database was copied before it was fixed and it went unnoticed for a year. The database resurfaced online with over 3.3 million records. At the time, Sanrio speculated the exposure was due to maintenance conducted several weeks prior, on November 20, 2015. The database contained just over 3.3 million records from sanriotown.com, including 186,261 records assigned to people under the age of 18. Read More.
An investigation into a Ukrainian power outage last month was confirmed as a cyberattack. This is the second hack to a Ukraine power facility – the first happened in December 2015 and affected about 230,000 people. Taken together, some are concerned that Ukraine’s critical infrastructure is being used as a testbed to refine attacks that could be used to target other countries in the future. Read More.
A college in Los Angeles paid $28,000 as a ransomware demand after learning it had no alternative ways to gaining back its stolen files. Attackers encrypted hundreds of thousands of files on New Years Eve affecting the campus' 1,800 staff and 20,000 students. The $28,000 ransom stands as one of the largest ever publicly acknowledged. After paying the ransomware, the school was delivered a key to unlock the files. Read More.
A researcher discovered a vulnerability with several Internet browsers’ autofill features, which could leak personal information without users realizing it. The vulnerability affects Chrome, Safari, Opera and LastPass. Here’s how the scam works: When users begin to fill in one piece of information, the other information saved in the browser's autofill populates other text boxes, potentially handing that data over to the thief. Read More.
The malware known as Shamoon, or Disttrack, which is known for targeting Saudi Arabia's state-owned oil company in 2012, is back and was discovered to have a new ability to destroy virtual desktops, according to researchers from Palo Alto Networks. This family of malware is part of destructive programs known as disk wipers.The latest variant has been updated to include legitimate credentials to access virtual systems. Read More.