Back to Blog May 15, 2023

    This Week in Cybersecurity News - Week of May 15, 2023

    This week's roundup of cybersecurity news stories for the week of May 15, 2023. 

    Breaches and Attacks in the News

    Stories about cybersecurity attacks and data breaches.

    Discord discloses data breach after support agent got hacked
    By Sergiu Gatlan - Bleeping Computer
    Discord is notifying users of a data breach that occurred after the account of a third-party support agent was compromised. The security breach exposed the agent's support ticket queue, which contained user email addresses, messages exchanged with Discord support, and any attachments sent as part of the tickets.

    Toyota: Car location data of 2 million customers exposed for ten years
    By Bill Toulas - Bleeping Computer
    Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023. According to a security notice published in the company's Japanese newsroom, the data breach resulted from a database misconfiguration that allowed anyone to access its contents without a password.

    5.8 Million People Affected by Data Breach at PharMerica
    By Olivia William - InformationSecurityBuzz
    On April 8, it was announced that the Money Message ransomware organization attacked the national pharmacy network PharMerica and its parent company, the home and community healthcare business BrightSpring Health. Threat actors exposed evidence data, a statement was obtained from BrightSpring, and additional evidence and allegations were gained via Money Message. 

    Six years prison for ex-Ubiquiti staffer who stole data and attempted to extort millions of dollars
    By Graham Cluley 
    A former software engineer at Ubiquit Networks has been sent to prison for six years after stealing gigabytes of data from the firm, attempting to extort millions of dollars, and harming the company's reputation in the media. Back in January 2021, networking manufacturer Ubiquiti told users to change their passwords and enable two-factor authentication (2FA), after it realized gigabytes of confidential data had been accessed by an unknown party on its AWS servers and GitHub repositories the previous month.

    State and Local Government Cybersecurity News

    Stories related to state and local government cybersecurity.

    FBI: Bl00dy Ransomware targets education orgs in PaperCut attacks
    By Bill Toulas - Bleeping Computer
    The FBI and CISA issued a joint advisory to warn that the Bl00dy Ransomware gang is now also actively exploiting a PaperCut remote-code execution vulnerability to gain initial access to networks. The U.S. Cybersecurity & Infrastructure Security Agency mentions that the threat actor has focused their attacks on the education sector, which has a significant public exposure of the flaw.

    Cybersecurity Awards News

    Awards for cybersecurity companies, researchers, and individuals.

    2023 SC Awards - Complete List of Finalists
    ​Honoring the best in cybersecurity, the SC Awards recognize the people, products and companies that are forging the industry’s future and advancing the cause of safe and secure commerce and communications.

    2023 SC Awards Finalists: Security Marketing Campaign of the Year
    Getting the company’s message across in a crowded marketplace and quickly building awareness and demand are important challenges facing vendor marketing teams. It’s challenging to do that without getting lost among the hype.  Companies recognized in this category demonstrated outstanding efforts to creatively communicate the benefits of IT security products or services to potential customers. 

    Cybersecurity Research News

    Surveys, studies, and research related to cybersecurity.

    Insured companies more likely to be ransomware victims, sometimes more than once
    By Maria Korolov - CSO
    A recent report found that companies with cyber insurance have been hit by ransomware more than those without it, and sometimes more than once. Although threat actors may not be directly correlating the insurance factor to find targets, one of the reasons for this may be that as insurers require more from companies those able to pay for insurance are also likely to be able to afford bigger ransoms.

    Sign up to get first access to our latest resources