[Weekly Security News] Data breach from Home Depot and Survey Lama
[April 11 2024]
1. Home Depot confirms third-party data breach exposed employee info
The IntelBroker hacker has announced a data breach targeting The Home Depot, Inc. The company confirmed that one of its third-party SaaS vendors mistakenly exposed sample employee data. The breach, allegedly occurring in April 2024, exclusively involves Home Depot employee data and does not affect the gigantic customer base spanning the United States, China, Canada, Mexico, and Puerto Rico. The leaked records contained in an 83 MB CSV file include the following information, such as Full names, Departments within Home Depot, Project UCID, and Email address.
Source : Bleeping Computer, Hack Read, Dark Reading
2. SurveyLama Data Breach Impacts 4.4 Million Users
SurveyLama suffered a data breach in February 2024, which exposed the sensitive data of 4.4 million users. The incident occurred in February but came to light this week, when the leaked information was added to the data breach notification platform Have I Been Pwned (HIBP). In early February, HIBP’s creator, Troy Hunt, received information about data breach impacting the service, which involved various data types, including: Dates of birth, Email addresses, IP addresses, Full Names, Passwords, Phone numbers, Physical addresses. SurveyLama account holders should reset their passwords on the service immediately and on other platforms where they might use the same credentials.
Source : Security Week, Bleeping Computer, SC Media
3. The Week in Ransomware – April 5th 2024 – Virtual Machines under Attack
Ransomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services. Panera’s massive IT outage last month, Omni Hotels’ massive outage last week, and the websites down of IxMetro Powerhost this week are the ransomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services. What is worse, the threat actors behind the attack to IxMetro Powerhost encrypted the company’s backups.
Source : Bleeping Computer, Cyber Talk, SC Media
Check out the product lines of Cloudbric by Penta Security:
Cloud-based Fully Managed WAAP: Cloudbric WAF+
Agent based Zero Trust Network Access Solution: Cloudbric PAS
Agentless Zero Trust Network Access Solution: Cloudbric RAS
Blockchain: Blockchain Security Solution
Click here for inquiries regarding the partner system of Cloudbric
Make sure to follow us on our social media platforms (LinkedIn, Twitter, and Facebook)
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: iSIGN+
Car, Energy, Factory, City Solutions: Penta IoT Security
Click here for inquiries regarding the partner system of Penta Security
Make sure to follow us on our social media platforms (LinkedIn)