Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase
Comcast will pay a $1.5 million fine to settle a Federal Communications Commission investigation into a February 2024 vendor data breach that exposed the personal information of nearly 275,000 customers. [...]
Ravin Academy confirms the intrusion on Telegram, says investigation continues Iran's school for state-sponsored cyberattackers admits it suffered a breach exposing the names and other personal information of its associates and students.…
iiNet breach blamed on single stolen login, with emails, phone numbers, and addresses exposed Aussie telco giant TPG Telecom has opened an investigation after confirming a cyberattack at subsidiary iiNet.…
Settlement Includes Corrective Action Plan Focused on Improving Risk AnalysisAn investigation into a ransomware breach reported in 2020 as affecting the protected personal information of 170,000 people led to a $175,000 fine against a certified public accounting and consulting firm. Regulators also required the company to implement a corrective action plan in the settlement.
Sensata Technologies is warning former and current employees it suffered a data breach after concluding an investigation into an April ransomware attack. [...]
The U.K.'s Information Commissioner's Office (ICO) has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between the ages of 13 and 17 in the country
The Information Commissioner’s Office is now investigating how TikTok uses 13–17-year-olds’ personal information
In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership. But nearly a year later, Mozilla is still promoting it to Firefox users.
7 Texas Health and Human Services Workers Fired in Incident Affecting 61,000 peopleAuthorities in Texas are investigating an insider incident at the Texas Health and Human Services Commission that led to the firing of seven employees, an investigation into hundreds of thousands of dollars in stolen funds and notification of a breach of personal information affecting 61,000 people.
The Federal Bureau of Investigation (FBI) is warning of multiple schemes taking advantage of the upcoming U.S. general election to scam people out of their money or personal data. [...]
The two jurisdictions will work together to investigate the credential-stuffing attack that put the personal data of millions at risk.
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years.
The Irish Data Protection Commission (DPC) slapped TikTok with a €345 million (about $368 million) fine for violating the European Union's General Data Protection Regulation (GDPR) in relation to its handling of children's data
Undercover Austrian "controlled data buy" leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records.
Australian health insurance firm Medibank on Wednesday disclosed that the personal information of all of its customers had been unauthorizedly accessed following a recent ransomware attack
A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Experian accounts simply by signing up for new accounts using the victim’s personal information and a different email address.
The Federal Bureau of Investigation (FBI) warns of an increase in complaints that cybercriminals are using Americans' stolen Personally Identifiable Information (PII) and deepfakes to apply for remote work positions. [...]
The Federal Bureau of Investigation (FBI) and the U.S. Department of Justice announced today the seizure of three domains used by cybercriminals to sell personal info stolen in data breaches and to provide DDoS attack services. [...]
An international law enforcement operation raided and took down RaidForums, one of the world's largest hacking forums notorious for selling access to hacked personal information belonging to users