All news with #data leak tag

LNER Customer Data Exposed in Supplier Security Breach

🔒 LNER has alerted customers after a security breach at a third-party supplier exposed traveller contact details and some historical journey information. The operator says no banking, payment or password data were accessed and that ticketing and timetable systems were not impacted. LNER is urging passengers to be cautious of unsolicited communications and potential phishing attempts. The company has engaged the supplier and cybersecurity experts to investigate and strengthen safeguards.

Yurei Ransomware: Rapid Rise from Open-Source Code

🛡️ Yurei ransomware emerged on September 5, quickly claiming victims in Sri Lanka, India and Nigeria within its first week. The payload is largely copied from the open-source Prince-Ransomware project, illustrating how easily attackers can deploy commodity code. Although technical flaws allow partial recovery, Yurei focuses on data theft and public exposure to coerce payments. Early indicators point to links with Morocco, signaling a geographically shifting threat landscape.

ICO: Students Cause Majority of UK School Data Breaches

🔒 The ICO analyzed 215 insider personal data breach reports from the UK education sector between January 2022 and August 2024 and found students were responsible for 57% of incidents. Around 30% of breaches involved stolen login credentials, with students accounting for 97% of those attacks by guessing weak passwords or using credentials found on paper. The report highlights cases where pupils used freely available tools to break into school systems and access or alter thousands of records. The ICO urges parents, schools and the wider industry to channel curiosity into legitimate cyber careers and strengthen basic protections.

Senator Wyden Urges FTC Probe of Microsoft's Security

🚨 U.S. Senator Ron Wyden requested that the FTC investigate Microsoft for what he describes as “gross cybersecurity negligence” after product weaknesses tied to Kerberos and legacy RC4 usage contributed to ransomware incidents, including the May 2024 Ascension Health breach that exposed data for 5.6 million patients. Wyden says his office alerted Microsoft in July 2024 and urged setting stronger ciphers like AES as defaults; he criticized an October Microsoft blog as too technical to warn corporate decision-makers. Microsoft replied that RC4 accounts for under 0.1% of traffic, that full removal risks breaking legacy systems, and that deprecation is on its roadmap.

Panama Finance Ministry Reports Possible Ransomware Breach

🔒 The Panama Ministry of Economy and Finance (MEF) says a workstation may have been infected with malicious software; established security protocols were activated immediately and the incident has been contained. The ministry asserted that central systems and platforms remain unaffected, and that personal and institutional data are protected while preventive measures were reinforced. However, the INC Ransom group added MEF to its leak site on September 5, claiming to have stolen more than 1.5 TB of emails, financial records and budgeting files; MEF had not responded to requests for comment by publication.

Beaches and Breaches: Shifts in Supply Chain and Identity

🌊 Returning from vacation, the author notes headlines shifted away from AI and ransomware toward breaches tied to compromised OAuth tokens and integrations like Salesloft/Drift. The piece emphasizes two converging trends: supply chain risk that now includes datapaths where information is processed, and identity attacks that increasingly target interconnected applications. It highlights Cisco Talos’ CTI-CMM as a practical maturity framework to assess gaps, prioritize investments, and build a roadmap for continuous improvement.

VMScape: Spectre-like VM-to-host data leak on CPUs

🔓 Researchers at ETH Zurich disclosed VMScape, a Spectre-like speculative-execution attack that lets a malicious VM extract secrets from an unmodified QEMU hypervisor running on many modern AMD and some Intel CPUs. The exploit abuses shared branch-prediction structures and a FLUSH+RELOAD side channel to induce speculative disclosure. It works without host compromise and bypasses default mitigations; vendors and Linux developers released advisories and kernel patches to mitigate the issue.

Wyden Urges FTC Probe of Microsoft After Ascension Hack

🛡️ US Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft following the 2024 ransomware attack on healthcare operator Ascension, which exposed data for 5.6 million patients after a contractor clicked a malicious Bing search result. Wyden says default Microsoft settings and support for the outdated RC4 standard enabled a Kerberoasting technique that granted administrative access. He notes Microsoft was warned in July 2024 and posted a blog in October announcing a planned update, but nearly a year later no update has been issued nor direct customer outreach made. The letter frames Microsoft’s control over default configurations as a systemic national security risk.

Senator Wyden Urges FTC Probe of Microsoft Ransomware Lapses

🔍 Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft for what he describes as "gross cybersecurity negligence" that he says facilitated ransomware attacks on U.S. critical infrastructure, including healthcare. Wyden's four-page letter to FTC Chair Andrew Ferguson cites the 2024 Ascension breach attributed to Black Basta and details an attack chain that began when a contractor clicked a malicious link after using Microsoft's Bing search. The senator highlights exploitation of insecure default Kerberos settings and legacy RC4 support enabling Kerberoasting, and criticizes Microsoft for not enforcing stronger defaults and minimum password requirements while noting the company's published mitigations and planned deprecations.

Schneider Electric EcoStruxure Vulnerabilities and Fixes

⚠️ CISA published an advisory on two vulnerabilities in Schneider Electric EcoStruxure products that could enable a denial-of-service condition and the exposure of sensitive credentials. The issues are tracked as CVE-2025-8449 (uncontrolled resource consumption) and CVE-2025-8448 (sensitive information exposure). Affected Enterprise Server and Workstation versions should be updated to the fixed releases (for example 7.0.2.348, 6.0.4.10001 (CP8), 5.0.3.17009 (CP16)). If patches cannot be applied immediately, implement strong access controls, network segmentation, MFA where available, and continuous monitoring.

Siemens Apogee PXC/Talon TC Sensitive Data Exposure

🔒 Siemens reported a vulnerability in Apogee PXC and Talon TC devices that allows unauthorized actors to download device database files via BACnet. Affected devices permit unauthenticated access to encrypted .db files that can contain passwords; the issue is tracked as CVE-2025-40757 with a CVSS v4 base score of 6.3. Siemens and CISA recommend changing default passwords, hardening network access, and isolating control networks. Exploitation is remotely feasible with low complexity; no public exploitation has been reported to CISA.

Siemens SIVaaS Network Share: Authentication Flaw (Critical)

⚠️A critical vulnerability (CVE-2025-40804) affects Siemens SIMATIC Virtualization as a Service (SIVaaS), exposing a network share without authentication and allowing remote actors to access or modify sensitive data. Calculated scores are CVSS v4 9.3 and CVSS v3.1 9.1 with low attack complexity. Siemens advises contacting Technical Support; CISA recommends isolating control systems, minimizing internet exposure, and using layered defenses.

Three French Regional Healthcare Agencies Hit by Attack

🔒 Three French regional healthcare agencies (ARS) have reported similar cyber-attacks that exposed patients’ personal data held on regional systems. Preliminary investigations, announced on September 8, indicate attackers gained access by impersonating healthcare professionals and used those accounts to reach GRADeS-managed services such as Normand'e-Santé. Reported exposed PII includes full names, ages, phone numbers and email addresses, while the agencies say no clinical health records appear to have been compromised. Compromised accounts were disabled, additional protections deployed, potentially affected patients will be notified and incidents have been reported to CNIL.

How Cybercriminals Bypass Logins Using Stolen Credentials

🔐 Cybercriminals increasingly target corporate credentials, authentication tokens and session cookies to bypass MFA and impersonate legitimate users. Stolen credentials accounted for a large share of recent breaches and estimates indicate billions of credentials were exposed in 2024. Organizations can reduce risk with Zero Trust, robust MFA, realistic training and continuous behavioral monitoring to detect suspicious sessions.

LNER Supply-Chain Breach Exposes Customer Contact Data

🔒 LNER has disclosed that an unauthorized third party accessed customer contact details and historical journey information via a compromised third-party supplier. No bank, payment card or password information was affected, the operator said, but warned that the data could be used in follow-on attacks. Security professionals advised customers to be cautious of unsolicited communications and recommended organisations strengthen third‑party data controls and identity protections.

Smashing Security #434: Whopper Hackers and AI Failures

🍔 In episode 434 of the award‑winning Smashing Security podcast, Graham Cluley and guest Lianne Potter examine two striking security stories: an ethical hack of Burger King that revealed drive‑thru audio recordings, hard‑coded passwords and an authentication bypass, and an alleged insider theft at xAI where a former engineer, after receiving $7 million, is accused of taking trade secrets. The hosts blend sharp analysis with irreverent commentary on operational security and human risk.

Jaguar Land Rover Confirms Data Theft After Cyberattack

🔒 Jaguar Land Rover (JLR) confirmed that attackers stole "some data" during a recent cyberattack that forced system shutdowns and instructed staff not to report to work. The company disclosed the disruption on September 2 and says it is working with the U.K. National Cyber Security Centre and third‑party specialists to restart applications in a controlled manner. JLR has notified relevant regulators and said its forensic investigation is ongoing; it will contact individuals if their data is affected. No definitive attribution or confirmed ransomware claim has been announced.

KillSec Ransomware Disrupts Brazilian Healthcare IT

🔒 A ransomware incident attributed to KillSec has disrupted MedicSolution, a Brazilian healthcare IT vendor, after attackers claimed to exfiltrate more than 34 GB comprising 94,818 files. Resecurity reports the haul includes medical evaluations, lab results, X‑rays and unredacted patient photos, and says data was exposed via misconfigured AWS cloud buckets. MedicSolution has not publicly responded; regulators and affected providers face notification and remediation challenges.

SalesLoft Drift Breaches Expose Fourth-Party OAuth Risk

🔐 The SalesLoft acquisition of Drift exposed a hidden fourth‑party attack surface when legacy OAuth tokens—some dormant for 18 months—were abused to access customer Salesforce instances and a limited number of Google Workspace accounts. Attackers leveraged inherited tokens to enumerate and exfiltrate data, revealing how M&A can transfer persistent permissions outside visibility. The author calls for continuous, behavior‑based monitoring of every OAuth token and API call and recommends practical "OAuth archaeology" to inventory, rotate, or revoke legacy access.

Lovesac Discloses Customer Data Breach Linked to RansomHub

🔒 Lovesac has informed customers that an unauthorized actor accessed its systems between February 12 and March 3, 2025, copying certain files after the company detected suspicious activity at the end of February. The intrusion aligns with a March claim by RansomHub, which said it had stolen roughly 40 GB of data; the ransomware group's extortion portal later went offline in April. Lovesac says it has found no confirmed misuse of the stolen information, but is notifying affected customers, offering 24 months of complimentary credit monitoring through Experian (enrollment required and open until November 28, 2025), and urging vigilance for signs of identity theft and fraud.