February 8, 2023
Via: The Hacker NewsA Sydney man has been sentenced to an 18-month Community Correction Order (CCO) and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers. The unnamed individual, 19 when […]
February 6, 2023
Via: Security WeekIn individual data breach notices published on February 3, the organizations informed users that the incident was discovered after cybercriminals started sharing databases stolen from the two companies on underground forums. The databases – or ‘lists’, as the two companies […]
January 26, 2023
Via: Help Net SecurityThe first half of 2022 saw fewer compromises reported due in part to Russia-based cybercriminals distracted by the war in Ukraine and volatility in the cryptocurrency markets, according to the Identity Theft Resource Center. However, data compromises steadily increased in […]
January 23, 2023
Via: Security WeekMarketing automation platform Mailchimp revealed recently that its security team discovered unauthorized access to one of its tools on January 11. The tool is used by the company’s customer-facing teams for support and account administration. According to Mailchimp, the hacker […]
January 18, 2023
Via: Security WeekThe breach occurred after data provided by Nissan to the services provider was inadvertently exposed on the internet, the company notes in a notification letter sent to the impacted customers. “The impacted third-party service provider provides software development services to […]
January 11, 2023
Via: CSO OnlineHere is a timeline of the most recent LastPass data breaches from August and November. August 25, 2022: LastPass detects “unauthorized” access LastPass CEO Karim Toubba wrote to inform LastPass users that the company had detected unusual activity within portions […]
January 11, 2023
Via: Dark ReadingBay Bridge Administrators, LLC, (“BBA”), an Austin, Texas based full-service third-party administrator of insurance products that works with many major insurance carriers and employers, has learned of a data security incident that involved the personal information of individuals enrolled in […]
January 9, 2023
Via: TechRadarTwo major European airlines have been compromised, and sensitive customer data likely accessed. The two airlines in question are Air France, and KLM, who have contacted customers of Flying Blue, a multi-airline loyalty program which allows travelers to exchange loyalty […]
December 27, 2022
Via: The Hacker NewsMeta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725 million to settle a long-running class-action lawsuit filed in 2018. The legal dispute sprang up in response to revelations that the social media giant allowed […]
December 20, 2022
Via: Security WeekThe incident, initially disclosed in November, was the result of a credential stuffing attack and not a breach of DraftKings’ systems, the company says. Credential stuffing involves the use of leaked credentials (usernames, email addresses, and passwords) obtained from a […]
Data loss, Threats & Malware, Vulnerabilities
December 13, 2022
Via: Security WeekThe social media giant revealed in August that a vulnerability patched in January was exploited to obtain user data before a fix was rolled out. The admission came following reports that the flaw had been exploited to collect data on […]
December 5, 2022
Via: Help Net SecurityEvery year the personal data of millions of people, such as passwords, credit card details, or health details, fall into the hands of unauthorized persons through hacking or data processing errors by companies. The consequences for those affected can be […]
December 2, 2022
Via: Naked SecurityBack in August 2022, popular password manager company LastPass admitted to a data breach. The company, which is owned by sofware-as-a-service business GoTo, which used to be LogMeIn, published a very brief but nevertheless useful report about that incident about […]
December 1, 2022
Via: Security AffairsData breaches can be devastating for organizations and even entire countries. Eliminating the risk of a data breach is nearly impossible, but some things can be done to reduce it significantly. Here are three of the worst data breaches that […]
Data loss, Threats & Malware, Vulnerabilities
November 28, 2022
Via: Security WeekIn August, Twitter admitted that a vulnerability affecting its systems had been exploited to obtain user data. The issue, introduced in June 2021, could have been exploited to determine whether a specified phone number or email address was tied to […]
November 22, 2022
Via: Security WeekOrganizations can use Algolia’s API to incorporate into their applications functions such as search, discovery, and recommendations. The API is used by over 11,000 companies, including Lacoste, Slack, Medium, and Zendesk. CloudSEK says it has identified 1,550 applications that leaked […]
November 16, 2022
Via: The Hacker NewsHundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show. “Leaking PII in this manner provides a potential treasure trove for threat actors – […]
November 8, 2022
Via: Security WeekThe multi-state settlement with Experian totals more than $13.67 million and the settlement with T-Mobile is for $2.5 million. In addition, each company has agreed to take steps to improve their data security practices. The attorneys general in several states […]
October 31, 2022
Via: Security WeekA global supplier of premium label solutions, MCC operates roughly 100 label producing operations and has approximately 10,000 employees. MCC provides label solutions to organizations in the automotive, beverage, chemicals, food, healthcare, technical, and other industries. In a data breach […]
October 21, 2022
Via: The Hacker NewsMicrosoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication. “This misconfiguration resulted in the potential for unauthenticated access to […]