Earlier this month, officials for Kawasaki Motors Europe (KME) fell victim to a cyberattack which forced several of their systems to be taken offline while a full investigation was conducted. Shortly after the incident, the threat actors behind the RansomHub ransomware group added KME to their leak site, claiming to have a data trove of 487GB of stolen data which would be released if their demands are met by the deadline.
Construction firms compromised in Foundation accounting hack
Recently, staff for a variety of firms across the construction industry, from HVAC to plumbing and other sub-contracting services have confirmed network intrusions due to their mutual usage of the accounting software, Foundation. Officials for Foundation have revealed that their systems are being exploited by hackers who are brute forcing credentials for their systems administrator accounts to compromise client’s SQL servers. Unfortunately, many of these clients have used the default credentials for Foundation’s services, and hackers can easily access them without causing alarms to be triggered while malicious activities are conducted.
23andMe pays $30 million settlement for 2023 breach
Officials for the DNA testing firm 23andMe have finally agreed to pay out a $30million settlement to 6.9 million individuals whose personally identifiable information was compromised in a data breach from 2023. The company still claims that they are faultless in this incident and that users of their DNA Relatives program were negligent by not fully completing the steps for multi-factor authentication, and that hackers who accessed these accounts were able to scrape data from other user accounts.
Hacker claims breach of 87 million Temu records
At the beginning of the week, a hacker posted on BreachForums that they had stolen 87 million records from the online retailer, Temu, and still had access to multiple internal emails by exploiting code vulnerabilities. The official statement from Temu staff claims that the stolen information does not match their transaction records, nor do they have any indication that their systems were compromised.
Synnovis acquires injunction against Qilin ransomware group
Following the investigation into a significant data breach of the healthcare service provider Synnovis in June, the company has acquired an injunction against the Qilin ransomware group to prevent the sale and distribution of the stolen data. It is unclear if the injunction will have any affect however, as the threat actors from Qilin may reside in regions that don't recognize the authority of the English High Court or are willing to identify and extradite individuals
