After striking Samsung and Nvidia, Lapsus$ Ransomware Group has this time targeted British Telecom firm Vodafone and Buenos Aires online marketplace MercadoLibre. Sources state that the hackers accessed a portion of the data from the company servers, respectively, and are demanding a large amount as ransom for the decryption key.
Both the companies revealed the same in SEC filing and apologized for the incident and assured that such data breaches will never get repeated.
Cybersecurity Insiders has learnt that MercadoLibreās data related hackers accessed to 300,000 users in the incident and the stolen information includes user account names, passwords, investment details, account information, and card info. Whereas, Vodafone is still investigating the cyber attack claims and internal data theft.
Coming to the second news trending on Google, WhatsApp has introduced a new browser extension from early this week to keep their app service users via web safe and secure. The extension is called as Code Verify and reassures the WhatsApp web version whether their session is authenticated or not, eliminating the threat of the text being tampered in transmission.Ā
WhatsApp has developed the extension with CloudFlare and is available on GitHub for development. Wonder why the same service was not pushed to users using mobile version to thwart SMS Phishing attacks aka Smishing attacks.
Third, itās the news related to UK ferry operator Wightlink that has become a victim of a cyber attack. Information is out that the incident took place in February and affected backup systems deeply. However, the spokesperson from Wightlink cleared the air that none of its ferry related services or booking systems and website were affected by the data breach.
The company that ferries about 4.6 million passengers on an annual and indulges in business of over 100 day-to-day sailings has hired a third party company to investigate and assess the damage.
To increase transparency in data breach notifications, the US Securities and Exchange Commission (SEC) have planned new rules for the companies to report cyber incidents within 4 business days of their occurrence.
Large companies should also give a disclosure about their board members supervising cybersecurity procedures in the company and must mention the experience of such persons in the field.
