LoanDepot Ransomware Attack: 16.6 Million Customers Affected
Source: Data Breach Today
Non-bank mortgage lending giant LoanDepot said hackers stole information pertaining to nearly 17 million customers when they breached its systems earlier this month.
HPE Says Russian Government Hackers Had Access to Emails for 6 Months
Source: Security Week
The company said it was notified on December 12 that a threat group identified as Midnight Blizzard and Cozy Bear had hacked into its cloud-based email environment.
HPE said it kicked out the attackers, but its investigation revealed that the threat actor gained access to its systems and started exfiltrating data in May 2023. The hackers targeted “a small percentage of HPE mailboxes” used by staff in cybersecurity, go-to-market, business segments, and other departments.
Ransomware on Tap as Major Water Providers Fall Victim
Source: Data Breach Today
Two major water supply systems in the United States and United Kingdom report that they recently fell victim to ransomware attacks. In both cases, attackers appear to have stolen employee or customer data that they're now holding to ransom. Neither organization has reported experiencing long-term outages as a result of files or folders being forcibly encrypted or being told to pay any ransom.
Medical Lab Database Exposed 1.3M Records, COVID Test Info
Source: Info Risk Today
An unsecured database appearing to belong to a Netherlands-based medical laboratory exposed 1.3 million records on the internet, including COVID test results and other personal identifiable information, said a security researcher who discovered the trove.
CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits
Source: The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.