HackNotice

🚀 Join HackNotice at Booth #SC119 (Start Up City) on August 7th and August 8th and dive into our exciting updates regarding real-time breach detection and trafficked data alerting.   Why Visit Our Booth? - Exclusive Demos: Witness firsthand our innovative solutions to mitigate security risks associated with vendor risk, social engineering, and ATO. - Expert Consultations: Sit down with our cybersecurity experts to discuss strategies tailored for your business's unique challenges. - Special Giveaways: Grab some exclusive HackNotice swag, only available to booth visitors. If you can’t make it to our booth this year, simply sign up for a customized demo tailored to your organization here: https://lnkd.in/gGJ_W469   📈 Swing by Our BlackHat Session:   In the mix of our interactive booth activities, make sure you don’t miss out on an insightful session titled "Lightning Strike Response: Accelerating Third-Party Risk Management in the Post-SRS Era". Dive into third-party cybersecurity risk management as we explore how organizations can optimize their supply chain risk analysis processes over time, and how to set up advanced triggers and indicators.   Session Details: 📅 August 7th ⏰ 12:40 - 1:00 pm 📍 Start-Up Theater Save the date, and let's reshape the future of cybersecurity and cybercrime together. We are looking forward to seeing you there!   💡What Have We Been Working On?   HackNotice 5.1 is now live for all accounts! This release is focused on utilizing AI to enhance our user experience and threat intelligence identification.    Product Updates:  - Enhanced Feedback Chat - The Feedback Chat is now powered by AI, providing faster, more accurate, and consistent responses. - The AI is equipped with a custom knowledge base specific to HackNotice. Users can opt out of the AI interaction and choose to connect with the security team. - The chat user experience and visuals have been updated for a better interface. - Multilingual support has been added to the Feedback Chat. Improved Leaked Record Tagging - The Leak Tagging Engine has been updated to use OpenAI for determining tags for data elements within leaked records - Over 40 new tags have been added to improve tag coverage and accuracy #blackhat2024 #blackhat

🚨 #CyberSecurity Update: Recent Data Breaches Across Various Sectors 🚨 Here’s an overview of the latest cyber incidents affecting global organizations: — Newpark Resources, Inc. Website: newpark.com Date of Incident: November 6, 2024 Details: As disclosed in an SEC 8-K filing, Newpark Resources experienced a ransomware attack, resulting in unauthorized access to its internal systems. The breach is under investigation as the company works to assess and mitigate the impact. Source: https://lnkd.in/grS_Yjqn — American Associated Pharmacies (AAP) Website: rxaap.com Date of Incident: November 12, 2024 Details: Embargo ransomware targeted AAP, compromising sensitive data across its cooperative network of over 2,000 independent pharmacies. The breach affects managed-care contracts, financial details, and customer records from its subsidiaries, including AllyScripts and Arete Pharmacy Network. Source: https://lnkd.in/gCAy9YJc — Tibber Website: tibber.com Date of Incident: November 10, 2024 (resolved) Details: Tibber, a smart energy provider, suffered a data breach, exposing 243,000 rows of customer data, including personal details, purchase history, and geographic information. The breach, disclosed on Breach Forums, has been resolved, and Tibber is strengthening its data protection measures. Source: https://lnkd.in/gqJbmWji — Set Forth, Inc. Website: setforth.com Date of Incident: November 7, 2024 Details: Set Forth, Inc. reported a data breach to several state departments, including California and Texas. The incident exposed sensitive information such as Social Security numbers, driver’s licenses, and birthdates of affected individuals. Notifications and identity protection services are being offered. Source: https://lnkd.in/gvBe2U2T — ASM Global Website: asmglobal.com Date of Incident: November 12, 2024 Details: ASM Global detected unauthorized access to legacy systems on October 12, 2024. The breach compromised sensitive consumer information. Notification letters are being sent to impacted individuals. ASM Global continues to investigate the incident with third-party cybersecurity experts. Source: https://lnkd.in/giHuGXpD — These breaches highlight the urgent need for organizations to strengthen their cybersecurity frameworks and prioritize customer data protection. #DataBreach #Ransomware #InfoSec #Privacy #CyberSecurity

🚨 #CyberSecurity Alert: Ongoing Data Breaches Across Various Sectors 🚨 Here’s a summary of recent cyber incidents impacting critical industries: — Schneider Electric Website: se.com Date of Incident: November 4, 2024 Details: Hellcat ransomware claims to have breached Schneider Electric’s Atlassian Jira system, stealing over 40GB of data, including 400,000 user records. The attackers are demanding $125,000 USD to prevent public release. The breach poses a significant threat to sensitive customer and operational data. Source: https://lnkd.in/ghvnQhJv — Rumpke Consolidated Companies Website: rumpke.com Date of Incident: August 31, 2024 Details: Rumpke Consolidated Companies was targeted by Hunters International ransomware. The specifics of the stolen data remain unclear as the breach investigation is ongoing. Source: https://lnkd.in/gn5-SuYC — Memorial Hospital and Manor Website: mh-m.org Date of Incident: November 3, 2024 Details: Memorial Hospital was hit by Embargo ransomware. The attack targeted the hospital’s historical and operational data, potentially affecting critical healthcare services. Efforts to restore systems and protect patient data are underway. Source: https://lnkd.in/gukavZjE — The Housing Authority of the City of Los Angeles (HACLA) Website: hacla.org Date of Incident: October 30, 2024 Details: HACLA fell victim to Cactus ransomware. The breach puts sensitive data related to affordable housing programs and residents at risk. Investigations are ongoing to assess the extent of the compromise. Source: https://lnkd.in/gPqQ8vNN — Houston Housing Authority (HHA) Website: housingforhouston.com Date of Incident: October 31, 2024 Details: MEOW ransomware claims to have stolen 38GB of data from HHA, including employee records, client information, and financial documents. This breach affects over 60,000 individuals, compromising sensitive housing assistance details. Source: https://lnkd.in/gHkK3Uec — These incidents highlight the ongoing challenges organizations face in safeguarding critical infrastructure and personal data. #DataBreach #Ransomware #CyberSecurity #InfoSec #Privacy

Check out the latest edition of HackFax!

I'll be giving a talk today at the Cybersecurity and Privacy Institute at the University of Waterloo on "Spikes and dominoes...Can dark net tremors predict the next data breach?" This covers some of the most recent research that we have been doing at HackNotice surrounding data breaches, trafficked data, and how we can better understand the breach and traffic lifecycle. Come join us today to learn more! https://lnkd.in/guxPMBzw

🚨 #CyberSecurity Alert: Major Data Breaches Impacting E-commerce, Financial, and Government Sectors 🚨 Here’s an update on recent cyber incidents affecting various organizations: Drizly Website: drizly.com Date of Incident: October 29, 2024 Details: Drizly, the alcohol e-commerce platform, was reportedly breached by APT73, exposing a database containing 2.4 million records. The compromised data includes dates of birth, device information, email addresses, IP addresses, passwords, and physical addresses of Drizly users. Source: https://lnkd.in/gegJjmbq — Robinhood Website: robinhood.com Date of Incident: October 29, 2024 Details: APT73 has also claimed responsibility for a data breach involving Robinhood, affecting over 7.7 million users. This breach involves the exposure of user emails, raising concerns around customer privacy and the potential for phishing attacks. Source: https://lnkd.in/g4rt7bKt — Western Sydney University Website: westernsydney.edu.au Date of Incident: October 30, 2024 Details: The university experienced its second cyberattack, leading to unauthorized access to sensitive information. This incident underscores the increasing threat to educational institutions, as they handle large volumes of personal and academic data. Source: https://lnkd.in/gMRaFKmn — Mystic Valley Elder Services Website: mves.org Date of Incident: October 24, 2024 (resolved) Details: Mystic Valley Elder Services reported a breach involving 87,236 individuals’ data due to an external hack. Compromised data included personal identifiers, and affected individuals have been offered identity theft protection through Experian. The organization has coordinated with regulatory authorities to address privacy concerns and prevent future breaches. Source: https://lnkd.in/gCibYfGN — Italy’s National Security (Government of Italy) Website: governo.it Date of Incident: October 28, 2024 Details: An Italian hacking scandal exposed data belonging to high-ranking officials, including the President and former Prime Minister. This breach has escalated concerns around governmental cybersecurity and may have implications for national security. Source: https://lnkd.in/gGgRb-Ct — These incidents reveal vulnerabilities across diverse sectors, reinforcing the critical need for robust cybersecurity measures and timely breach notifications. #DataBreach #CyberSecurity #InfoSec #Privacy #Government

🚨 #CyberSecurity: Data Breaches and Ransomware Attacks this week! 🚨 Here's an update on recent cybersecurity incidents impacting various organizations globally. Free (Iliad Group) Website: free.fr Date of Incident: October 21, 2024 Details: Free, a prominent French telecommunications provider, reportedly suffered the largest data breach in its history. The specifics of the compromised data remain under investigation, but this breach poses a significant threat to customer privacy. Source: https://lnkd.in/gjii6wNF — Wells Fargo Website: wellsfargo.com Date of Incident: October 21, 2024 Details: A breach in Infosys McCamish has exposed customer information from Wells Fargo. This incident raises concerns about third-party risk management as sensitive financial data was compromised through a service provider. Source: https://lnkd.in/gc_RS6MQ — Transak Website: transak.com Date of Incident: October 20, 2024 Details: The crypto on-ramp service Transak suffered a data breach, exposing customer information. This breach highlights the growing cybersecurity challenges within the crypto sector, where customer data is highly sought by threat actors. Source: https://lnkd.in/g3gXQSPx — MML Investors Services LLC (MassMutual Subsidiary) Website: massmutual.com Date of Incident: October 21, 2024 Details: National Financial Services announced a data breach affecting MML Investors Services, a subsidiary of MassMutual. Personal financial information of clients was compromised, emphasizing the importance of rigorous data security practices in the financial services sector. Source: https://lnkd.in/gb2YVVgA — Ecaresoft Website: ecaresoft.com Date of Incident: October 21, 2024 Details: Ecaresoft, a healthcare technology provider in Mexico, suffered a major data leak, placing over 5 million individuals at risk. The exposed data includes sensitive medical and personal records, further highlighting the need for strong cybersecurity protocols in the healthcare industry. Source: https://lnkd.in/gn9tdkfz — These incidents underscore the critical need for real-time data breach alerts within security programs: - Stay Ahead: Immediate awareness can drive swift action. - Risk Management: Assessing the breach's scope is vital for damage control. - Public Trust: Transparency in communication maintains stakeholder confidence. #DataBreach #Ransomware #Hackers

🚨 #CyberSecurity: Data Breaches and Ransomware Attacks this week! 🚨 Here's an update on recent cybersecurity incidents impacting various organizations globally. Cisco Website: cisco.com Date of Incident: October 13, 2024 Details: Intel Broker has claimed responsibility for a breach at Cisco, allegedly selling data stolen from Cisco and other major firms on underground markets. Further investigations are ongoing to confirm the extent of the data theft and mitigate the impact. Source: https://lnkd.in/gzK-H2Va — Game Freak Website: gamefreak.co.jp Date of Incident: October 13, 2024 Details: Game Freak, the developer behind Pokémon, confirmed a significant data breach. Employee information was leaked, raising concerns about potential misuse of sensitive data. The company is working to contain the breach and implement enhanced security protocols. Source: https://lnkd.in/gg_XFei3 — Intesa Sanpaolo Website: intesasanpaolo.com Date of Incident: October 13, 2024 Details: The Italian banking group Intesa Sanpaolo dismissed an employee following a security breach. The nature of the compromised data has not yet been disclosed, but the incident has prompted a review of the company’s security practices. Source: https://lnkd.in/grcBF-tB — Gryphon Healthcare, LLC Website: gryphonhc.com Date of Incident: October 10, 2024 Details: Gryphon Healthcare reported a data breach to multiple regulatory authorities, including the U.S. Department of Health and Human Services. Sensitive data involving patient records and financial information was compromised. Notification efforts are underway to inform affected parties. Source: https://lnkd.in/g5hWTPQg — Varsity Brands, Inc. Website: varsitybrands.com Date of Incident: October 13, 2024 Details: Varsity Brands reported a data breach to multiple state authorities, including California, Texas, and Maine. Exposed data includes Social Security numbers, driver's licenses, financial information, medical records, and birthdates. Notifications to affected individuals and regulatory bodies are ongoing. Source: https://lnkd.in/gizgu9ft — These incidents underscore the critical need for real-time data breach alerts within security programs: - Stay Ahead: Immediate awareness can drive swift action. - Risk Management: Assessing the breach's scope is vital for damage control. - Public Trust: Transparency in communication maintains stakeholder confidence. #DataBreach #Ransomware #Hackers

🚨 #CyberSecurity: Data Breaches and Ransomware Attacks this week! 🚨 Here's an update on recent cybersecurity incidents impacting various organizations globally. Universal Companies Website: universalcompanies.com Date of Incident: October 9, 2024 Details: A ransomware group, Play News, claims to have compromised Universal Companies, exposing private and confidential client data, including budgets, payroll, accounting, contracts, taxes, and financial records. The breach is ongoing, and the full extent of the data exposure is still unclear. Source: https://lnkd.in/gxjuiwTu Casio Website: casio.com Date of Incident: October 8, 2024 Details: Casio’s systems were breached on October 5, 2024, leading to disruptions in services. Confidential documents, NDAs, employee payroll, and sensitive company information were reportedly accessed. The company is investigating the attack in coordination with external specialists. No ransomware group has claimed responsibility yet, but the breach has been reported to authorities. Source: https://lnkd.in/gjiibd9F AT&T, Verizon, and Others Website: att.com Date of Incident: October 8, 2024 Details: Multiple U.S. broadband providers, including AT&T, Verizon, and Lumen Technologies, were breached by a Chinese hacking group, Salt Typhoon. The attack compromised sensitive systems related to federal wiretapping requests. This breach, possibly active for several months, is believed to be part of a broader espionage campaign targeting telecom infrastructure. Source: https://lnkd.in/gVYZfeXb 5.11, Inc. Website: 511tactical.com Date of Incident: October 4, 2024 Details: A data breach at 5.11, Inc. was reported to the State of Maine Department of Justice and other states' authorities. The breach, discovered on September 12, 2024, affected 27,742 individuals, including 127 residents of Maine. Classified as an external hacking incident, the breach exposed personal data, and consumer reporting agencies were notified. This marks the second breach for the company within a year, the first occurring in December 2023. Affected individuals were notified, though no identity theft protection services were offered. Source: https://lnkd.in/grGnPN5g Internet Archive Website: archive.org Date of Incident: October 9, 2024 Details: The Internet Archive, including its Wayback Machine, suffered a data breach, exposing 31 million user records. The stolen database includes email addresses, screen names, and bcrypt password hashes. Source: https://lnkd.in/gdr9jErg These incidents underscore the critical need for real-time data breach alerts within security programs: - Stay Ahead: Immediate awareness can drive swift action. - Risk Management: Assessing the breach's scope is vital for damage control. #DataBreach #Ransomware #Hackers

Check out the latest edition!