It’s been a big week for news headlines both in and outside of the cybersecurity space, but let’s focus on the cybersecurity aspect of things as we dive into our This Week in Cybersecurity news recap…
A data breach of Cash App which occurred in December 2021, is now causing the payment platform to pay out a $15 million settlement to the 8.2 million users whose data was compromised in the breach.
The breach involved a former employee gaining access to and downloading reports that contained sensitive customer information ranging from full names to account numbers and portfolio values. Block Inc., the company Cash App operates under, has publicly announced a dedication to strengthening their security following this incident.
(–Source: Forbes
Read More: Cash App 15 Million Data Breach Settlement—Are You Eligible? )
It has been confirmed that the personal information of 500,000 Columbus, Ohio residents was compromised in a ransomware attack in July of this year. Names, birthdays, addresses, social security numbers, bank details, and other sensitive data was accessed by hackers who infiltrated the city’s network.
The mayor of the city said that the data that was stolen was likely “corrupted and unusable” but cybersecurity expert Davi8d Leroy Ross said that the personal data was available on the dark web.
(–Source: DMR News on MSN
Read More: Columbus Ransomware Attack Exposes Data of 500,000 Ohio Residents )
Unauthorized activity was discovered on Washington state’s court system networks over the weekend, resulting in a proactive outage that is affecting judicial information systems, websites, and other associated services. The Administrative Office of the Courts (AOC) quickly took action to secure the network once the incident was detected, and is currently working to restore outages following the attack.
Essential court functions are expected to proceed as usual with minimal interruption.
(–Source: BleepingComputer
Read More: Washington courts’ systems offline following weekend cyberattack )
A possible security breach involving a third-party vendor has hit Nokia. The company is investigating the matter after a well-known hacker has claimed to have access to third-party contractor and Nokia source code.
So far, the ongoing investigation has shown no signs that any of Nokia’s data or systems have been compromised, but the company is taking this claim seriously and continuing to investigate.
(– Source: TechRadar on MSN
Read More: Nokia investigates possible security breach after hacker claims to have stolen source code )
Hackers have taken to using DocuSign’s API capabilities to send convincing invoices to their targets’ inboxes. What makes this method of attack especially authentic looking is that it does not contain the usual telltale signs of a phishing message, as it contains no links or attachments, just legitimate-looking instructions for payment from the widely-trusted DocuSign.
Utilizing DocuSign’s API, these messages are easily customized to look authentic, containing personalization and official logos and business names. Email security systemse are less likely to flag these messages as suspicious due to their lack of phishing indicators.
(– Source: Forbes
Read More: DocuSign Exploit Lets Hackers Send Fake Invoices )