Security firm Rapid7 says Codecov hackers accessed some of its source code
Boston-based security firm Rapid7 disclosed today that a threat actor accessed some of its source code after a hack at software supplier Codecov earlier this year.
Operator of WeLeakInfo database marketplace sentenced to two years in prison
One of the three operators of WeLeakInfo, a website that sold access to hacked databases, was sentenced today in the Netherlands to two years in prison, with one year suspended.
The rebellious origins of cybersecurity’s wittiest, must-read report
The idea that would become the world’s wittiest cybersecurity report was born in the mind of Wade Baker, then a Security Risk Management consultant at a forgotten firm called Cybertrust. It was the mid-aughts, Baker recalls, when he overheard one of the firm’s incident responders talking about patterns he kept uncovering during breach investigations. That’s when it occurred to Baker that the firm’s investigative arm might have access to the exact information he felt was lacking in the cybersecurity industry. Why not use Cybertrust’s incident responders to collect data on the x’s and o’s of cyber intrusions?
Lawmakers start a push for new breach notification rules after SolarWinds attack
For more than a decade, policymakers on Capitol Hill have repeatedly tried and failed to pass meaningful federal data breach notification laws that would require companies to share details about cybersecurity incidents that they experience. As a result, organizations have to comply with a patchwork of more than 50 notification laws for each state and territory in the U.S. However, a group of lawmakers are pushing colleagues and business associations to revisit these efforts, arguing that recent incidents have highlighted how the lack of mandatory reporting rules makes it harder to detect and respond to major incidents…
Codecov discloses 2.5-month-long supply chain attack
Codecov, a software company that provides code testing and code statistics solutions, disclosed on Thursday a major security breach after a threat actor managed to breach its platform and add a credentials harvester to one of its tools.
Hackers move $760 million from the 2016 Bitfinex hack
More than $760 million worth of Bitcoin stolen from cryptocurrency exchange Bitfinex in 2016 have been moved on Wednesday to new accounts.
LinkedIn denies 500 million user data breach
LinkedIn has formally denied a rumor that it suffered a devastating security breach that exposed the account details of more than 500 million of its registered users.
Ubiquiti confirms it was the target of an extortion attempt, but nothing more
Networking equipment and IoT device vendor Ubiquiti Networks released a statement late last night confirming some of the details exposed
Booking.com fined €475,000 for reporting data breach too late
The Dutch Data Protection Authority has fined hotel booking website Booking.com €475,000 ($560,000) for reporting a security incident 22 days after it happened, in breach of EU GDPR regulations that dictate that all breaches must be disclosed within 72 hours.
Data for 7.3 million Dutch car owners sold on hacking forum
RDC, a Dutch company that provides garage and maintenance services to Dutch car owners, has confirmed a data breach earlier today after the personal and vehicle details of millions of Dutch car owners were posted for sale on a well-known cybercrime forum.