Explore

Rapid Read Rapid Read
UK Visa Portal Data Breach Exposes Thousands of Passport Details

UK Visa Portal Data Breach Exposes Thousands of Passport Details

The UK Visa Portal, a non-governmental website, has exposed thousands of passport details and selfies of visa applicants due to a misconfiguration in an Amazon cloud storage bucket. This breach, affecting at least 100,000 documents, was discovered by TechCrunch after being tipped off by an anonymous source. The website, often mistaken for an official UK government site, stored sensitive documents in an unprotected state, allowing anyone with the direct URL to access the files. Despite the exposure, the company has not fixed the issue but instead hired lawyers and PR firms to handle the situation. The breach highlights the risks associated with using unofficial portals for sensitive transactions.
Rapid Read Rapid Read
UK Visa Portal Data Breach Exposes Sensitive Applicant Information

UK Visa Portal Data Breach Exposes Sensitive Applicant Information

The UK Visa Portal, a third-party service not affiliated with the UK government, has exposed thousands of passport details and selfies of visa applicants due to a misconfigured Amazon cloud storage bucket. The breach allowed unauthorized access to sensitive documents, affecting at least 100,000 individuals. TechCrunch reported the incident, confirming the data's authenticity by contacting affected users. Despite the exposure, the company has not directly addressed the breach, instead involving legal and PR firms. The incident raises concerns about the security of personal data handled by third-party services and the potential for identity theft.
Trendline Trendline
Carnival Corp Discloses Data Breach Affecting Personal Information

Carnival Corp Discloses Data Breach Affecting Personal Information

Carnival Corp Discloses Data Breach Affecting Personal Information
Rapid Read Rapid Read
7-Eleven Data Breach Affects Over 185,000 Individuals

7-Eleven Data Breach Affects Over 185,000 Individuals

A data breach at 7-Eleven has potentially impacted over 185,000 individuals, according to a report by HaveIBeenPwned. The breach, which occurred in April, involved the theft of personal information such as names, addresses, and email addresses from systems containing franchise documents. The extortion group ShinyHunters claimed responsibility, demanding a ransom and later selling the data on a Russian hacking forum. The breach highlights vulnerabilities in 7-Eleven's data security, particularly concerning Salesforce records.
Rapid Read Rapid Read
FBI Warns of Russia-Linked Extortion Gang Targeting U.S. Law Firms

FBI Warns of Russia-Linked Extortion Gang Targeting U.S. Law Firms

The FBI has issued a warning about the Silent Ransom Group (SRG), a Russia-linked extortion gang that has been infiltrating U.S. law firms to steal client data. The group, which emerged from the Conti ransomware syndicate in 2022, uses operatives to physically insert USB drives into computers at law firms. These drives are used to exfiltrate files via tools like WinSCP or Rclone, with data being staged on platforms such as Google Drive or Microsoft OneDrive. The SRG does not deploy ransomware but instead threatens to publish stolen files on its data leak site, pressuring victims for payment. The FBI advises organizations to disable external drive connections, block port 22, require phishing-resistant multifactor authentication, and verify IT support credentials.
Trendline Trendline
Beacon Mutual Notifies Affected Individuals of Ransomware Data Breach

Beacon Mutual Notifies Affected Individuals of Ransomware Data Breach

Beacon Mutual Notifies Affected Individuals of Ransomware Data Breach
Reuters Reuters
Cruise operator Carnival discloses personal data breach

Cruise operator Carnival discloses personal data breach

May 27 (Reuters) - Cruise operator Carnival Corp said on Wednesday it had detected a cybersecurity incident involving a compromised account of an employee in April, leading to the leak of certain personal information of individuals, including names, addresses and government-issued identification
Rapid Read Rapid Read
FBI Alerts Law Firms to Silent Ransom Group's Unique Data Theft Tactics

FBI Alerts Law Firms to Silent Ransom Group's Unique Data Theft Tactics

The FBI has issued a warning to U.S.-based law firms about the Silent Ransom Group, a cybercrime organization known for its unique approach to data theft. This group, believed to operate from Russia, targets law firms by impersonating IT support and, in some cases, physically visiting victims to gain access to computers. Unlike typical ransomware groups, Silent Ransom Group does not use encryption but relies on social engineering and in-person tactics to steal data. The group has been active since 2022 and has claimed responsibility for over 100 attacks, with a noticeable increase in activity recently.
Trendline Trendline
Credential Theft Challenges Modern Security Measures

Credential Theft Challenges Modern Security Measures

Credential Theft Challenges Modern Security Measures
Rapid Read Rapid Read
FBI Warns of Hackers Using In-Person Tactics to Steal Data from U.S. Law Firms

FBI Warns of Hackers Using In-Person Tactics to Steal Data from U.S. Law Firms

The FBI has issued a warning about the Silent Ransom Group (SRG), a cybercriminal organization that has been targeting U.S. law firms by impersonating IT support staff. The group uses phishing emails and social engineering tactics to gain access to sensitive data. If these attempts fail, they send operatives in person to insert USB drives into computers to exfiltrate data. The SRG has been active since at least 2022, and their recent campaigns have left few traces on compromised systems, making detection difficult. The FBI advises organizations to verify credentials, limit data access, and train employees to recognize phishing attempts.
Trendline Trendline
7-Eleven Data Breach Impacts Over 185,000 Individuals

7-Eleven Data Breach Impacts Over 185,000 Individuals

7-Eleven Data Breach Impacts Over 185,000 Individuals
Rapid Read Rapid Read
Lithuanian Authorities Investigate Foreign Involvement in Massive Data Leak Affecting National Registers

Lithuanian Authorities Investigate Foreign Involvement in Massive Data Leak Affecting National Registers

Lithuanian authorities are investigating a significant data breach involving over 600,000 entries from national data registers. The breach, which is suspected to have been executed by a foreign country, primarily targeted registers of real estate and legal entities. The data was accessed using login credentials of institutions authorized to receive such information. In response to the breach, the head of the State Enterprise Centre of Registers, Adrijus Jusas, resigned. Authorities have implemented additional cybersecurity measures, including blocking accounts of suspected data users and requiring updated credentials for access. Although the specific foreign country involved has not been named, there is speculation about Russian involvement, given Lithuania's history as a target of Russia's hybrid warfare tactics.