Risky Bulletin Newsletter
June 27, 2022
Risky Biz News: US critical infrastructure needs better cyber insurance coverage
Presented by

News Editor
CafePress fine: The US FTC fined last week the CafePress t-shirt merchandise site $500,000 for trying to cover up the severity of its 2020 data breach. The FTC said CafePress had weak security measures in place, which eventually allowed a threat actor to break in and steal the personal data of 23 million customers.
Ransomware attacks in Japan: Two large Japanese companies—automotive component manufacturer TB Kawashima and automotive hose giant Nichirin—were hit by ransomware attacks last week.
XCarnival hack: XCarnival, a company that claims to be the first NFT assets management platform for the Metaverse, was hacked on Saturday by an unidentified threat actor who exploited its smart contracts to steal 3,087 ETH, estimated at roughly $3.8 million at the time of the heist. The company confirmed the incident in a statement on Twitter when it also paused its smart contracts. Additional details are available in this Twitter thread from blockchain security firm PeckShield, which was the one to stop the suspicious transactions: