Security Affairs

DECEMBER 23, 2023

In March of 2023, T-Mobile US acquired the mobile virtual network operator. On December 22, 2023, Mint Mobile started notifying impacted customers. Our investigation indicates that certain information associated with your account was impacted.” As an MVNO, Mint Mobile doesn’t own its own wireless infrastructure.

Data breaches 137

Data breaches Mobile Wireless Data collection 137

SecureList

MARCH 13, 2024

The State of Stalkerware in 2023 (PDF) The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. The data highlights of 2023 In 2023, a total of 31,031 unique users were affected by stalkerware, an increase on 2022 (29,312).

Mobile 108

Mobile Passwords Surveillance Technology 108

eSecurity Planet

APRIL 14, 2023

Malicious bots can be used to carry out a range of cyber threats like account takeovers and DDoS attacks, so bot protection is an increasingly important defense for web-facing assets. Comprehensive protection: DataDome protects against all types of bots, including credential stuffing, web scraping, and account takeover attacks.

Software 109

Software DDOS Accountability Firewall 109

Krebs on Security

DECEMBER 29, 2022

I will also continue to post on LinkedIn about new stories in 2023. Internal Revenue Service website for months: Anyone seeking to create an account to view their tax records online would soon be required to provide biometric data to a private company in Virginia — ID.me. banks are stiffing account takeover victims.

Cryptocurrency 309

Cryptocurrency Cybercrime Computers and Electronics Scams 309

SecureList

JULY 27, 2023

This is our latest installment, focusing on activities that we observed during Q2 2023. The group’s latest activities, from September 2022 until March 2023, involve a new set of custom loaders and its private post-exploitation tool “Ninja,” used to help it remain undetected.

Malware 98

Malware Government Phishing Social Engineering 98

Security Affairs

AUGUST 3, 2024

“According to the complaint, from 2019 to the present, TikTok knowingly permitted children to create regular TikTok accounts and to create, view, and share short-form videos and messages with adults and others on the regular TikTok platform. ” reads the press release published by DoJ.

Accountability 130

Accountability Data collection Risk Hacking 130

Google Security

MAY 5, 2023

Silvia Convento, Senior UX Researcher and Court Jacinic, Senior UX Content Designer In recognition of World Password Day 2023, Google announced its next step toward a passwordless future: passkeys. Data from March-April 2023 (n≈100M) Figure 2: time spent authenticating with passkey vs password (data from March-April 2023).

Authentication 125

Authentication Passwords Technology Password Management 125

eSecurity Planet

MAY 19, 2023

Auditing and accountability: Audit logs and accountability mechanisms help in compliance with regulations, detecting suspicious behavior and investigating security breaches. This tracks and monitors user activities and security-related incidents to establish accountability and traceability.

Software 104

Software Risk Encryption Marketing 104

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications 134

Telecommunications Authentication Data collection Passwords 134

Malwarebytes

JULY 29, 2024

At Malwarebytes, we reported how a team of researchers at Mozilla who reviewed the privacy and data collection policies of various product categories for several years now, named “Privacy Not Included,” found cars to be the worst product category they ever reviewed for privacy. But at least those vulnerabilities are not intentional.

Insurance 115

Insurance Data collection Data breaches Manufacturing 115

Malwarebytes

MAY 22, 2024

On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology to promise faster speeds, enhanced productivity, and a powerful data collection and search tool that screenshots a device’s activity—including password entry—every few seconds.

Artificial Intelligence 111

Artificial Intelligence Passwords Accountability Media 111

BH Consulting

MARCH 26, 2025

To put this into context, GenAI use in business was just 5 per cent in 2023, the research company said. It introduces accountability measures for large platforms, and strengthens users’ rights. The Data Act enhances access to and use of non-personal data across sectors. However, AI governance remains a challenge.

Government 52

Government Artificial Intelligence Risk Digital transformation 52

Security Affairs

MAY 23, 2024

The experts observed multiple spear-phishing attempts between March and May 2023. Attackers also manipulate local Administrator accounts to maintain persistence, they were spotted enabling the disabled local Administrator account, followed by resetting its password. When clicked, the LNK files would execute malicious commands.

Malware 134

Malware Accountability Phishing Data collection 134

SecureList

DECEMBER 23, 2024

All data collected this way is saved in a TMP alternate data stream and forwarded to the C2 server by the VBShower::Backdoor component. Sample script to get a local groups and members list, downloaded and executed by PowerShower PowerShower::Payload (2) Script for dictionary attacks on user accounts.

Encryption 135

Encryption Penetration Testing Malware Phishing 135

Security Affairs

SEPTEMBER 1, 2023

“In one case, we observed a SapphireStealer sample where the data collected using the previously described process was exfiltrated using the Discord webhook API, a method we previously highlighted here.” The FUD-Loader malware downloader was also published by the same GitHub account. ” continues the report.

Malware 130

Malware Data collection Architecture Hacking 130

Security Affairs

JUNE 9, 2024

New York Times source code compromised via exposed GitHub token SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform Pandabuy was extorted twice by the same threat actor UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces Chinese threat actor exploits old ThinkPHP flaws since October 2023 A new Linux (..)

Data breaches 128

Data breaches Banking Hacking Malware 128

Security Affairs

NOVEMBER 15, 2022

. “Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information. Location data represent the core of the digital advertising business of the IT giant. ” reads the DoJ’s press release.

Consumer Protection 98

Consumer Protection Accountability Data collection Advertising 98

Security Affairs

JANUARY 16, 2025

The law firm Wolf Haldenstein disclosed a data breach that exposed the personal information of nearly 3.5 The law firm Wolf Haldenstein disclosed a 2023 data breach that exposed the personal information of nearly 3.5 “On December 13, 2023, Wolf Haldenstein detected suspicious activity in its network environment.

Data breaches 78

Data breaches Identity Theft Consumer Protection Data collection 78

CyberSecurity Insiders

MAY 2, 2023

It amends the 2018 California Consumer Privacy Act (CCPA) introduced in response to rising consumer data privacy concerns. It has significantly impacted data collection and handling practices, giving consumers more control over how businesses handle their data. How does CPRA impact business operations?

Data collection 52

Data collection Data breaches Password Management Data privacy 52

SecureList

JULY 8, 2024

It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. CloudSorcerer’s modus operandi is reminiscent of the CloudWizard APT that we reported on in 2023. 0x3007 Clear DNS cache Clears the DNS cache.

Government 144

Government Malware Data collection DNS 144

SecureList

APRIL 5, 2023

As mentioned above, the creators of phishing bots and kits can get access to data collected with tools they made. Unlike the free data mentioned above, these have been checked, and even the account balances have been extracted. The bot then enters the code in a required field, giving the phisher access to the account.

Phishing 144

Phishing Marketing Scams Accountability 144

SecureList

MARCH 13, 2025

This confirms the trend of hacktivists exploiting trusted relationships (T1199 Trusted Relationship and T1078 Valid Accounts). The attackers also exploited software vulnerabilities, most commonly CVE-2023-38831 in WinRAR through phishing emails. Persistence The method of establishing persistence has changed.

Energy and Utilities 78

Energy and Utilities Software Accountability Phishing 78

Security Affairs

JANUARY 2, 2023

“Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information. According to the article, there are two settings responsible for the location data collection, the “Location History” and “Web & App Activity”.

Consumer Protection 98

Consumer Protection Surveillance Data collection Accountability 98

SecureList

NOVEMBER 14, 2023

In this article, we will review the past year’s trends to see which of our 2023 predictions have come true, and try to predict what is to come in 2024. Using a malicious script, the attackers redirected their targets’ incoming email to an email address controlled by the attackers, gathering data from the compromised accounts.

Hacking 141

Hacking Energy and Utilities Malware Media 141

Security Affairs

APRIL 6, 2023

The Threat Report Portugal: H2 2022 compiles data collected on the malicious campaigns that occurred from July to December, H2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open-sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports 98

Threat Reports Phishing Malware Banking 98

Zero Day

JUNE 20, 2025

Here are the facts and how to protect yourself Wondering if your information is posted online from a data breach? Here's how to check if your accounts are at risk and what to do next. PT Moor Studio/Getty With so much news about data breaches, you have to be careful not to panic each time you hear of a new one.

56

56

SecureList

MAY 28, 2024

In 2023, trusted relationship cyberattacks ranked among the top three most frequently used attack vectors. According to 2023 statistics , only one in four affected organizations identified an incident as a result of detecting suspicious activity (launch of hacker tools, malware, network scanners, etc.)

VPN 124

VPN Accountability Passwords Antivirus 124

Centraleyes

DECEMBER 10, 2023

The audit itself is conducted by an official auditor, often from the “Big-4” (the 4 largest accounting firms in the US) but the preparation isn’t required to be. Modern platforms will save you significant amounts of time with easy onboarding and smart questionnaires to get you started in minutes and manage your data collection for you.

Risk 59

Risk Data breaches Software Information Security 59

Thales Cloud Protection & Licensing

JULY 3, 2023

madhav Tue, 07/04/2023 - 05:10 As the data trust gap between customers and businesses continue to grow, and as third-party cookies become redundant, there is an urgency to adopt a modernized approach to customer data collection. Progressive profiling introduces a fresher and far more proactive take on data collection.

Data collection 62

Data collection B2C B2B Retail 62

SecureList

OCTOBER 18, 2023

Overall, the campaign remained active over 6 months, until May 2023. The same module is also responsible for transporting data collected by the malware on the infected system, which is also done via USB. Each phishing document contains an external link to fetch a remote page containing a CVE-2021-26411 exploit.

Malware 142

Malware Phishing Internet Internet 142

Thales Cloud Protection & Licensing

MARCH 12, 2024

Ransomware Attacks: The Constant and Evolving Cybersecurity Threat madhav Tue, 03/12/2024 - 13:00 Enterprise data collection is skyrocketing, driven by factors like connected devices, cloud computing, personal data collection and digital transactions. It accounts for 25% of all data breaches.

Ransomware 62

Ransomware Cybersecurity Encryption Data collection 62

SecureList

NOVEMBER 19, 2024

over 2023 by the end of this year. As shoppers seek the best deals in the run-up to major sales events like Black Friday, cybercriminals and fraudsters gear up to exploit this demand, attempting to steal personal data, funds, and spread malware through deceptive shopping lures. Intro The e-commerce market continues to grow every year.

Banking 102

Banking Phishing Scams Retail 102

Centraleyes

NOVEMBER 7, 2024

The Oregon Consumer Privacy Act (OCPA) is a state privacy law that sets guidelines for how businesses should collect, use, and protect the personal data of Oregon residents. to ensure that organizations handle data ethically and transparently. to ensure that organizations handle data ethically and transparently.

Data collection 52

Data collection Data breaches Data privacy Risk 52

Centraleyes

MARCH 27, 2024

The standard provides guidelines for governing and managing AI technologies, ensuring accountability, transparency, and data privacy throughout the AI lifecycle. ISO/IEC 42001:2023 is an international standard focusing on Artificial Intelligence (AI) Management Systems. What are the requirements for ISO 42001 (AI)?

Artificial Intelligence 52

Artificial Intelligence Risk Data collection Technology 52

Malwarebytes

MAY 13, 2024

In 2023, Reuters reported that a San Francisco woman sued her husband in 2020 for allegations of “assault and sexual battery.” Because the separate woman was a “primary” account owner, she was able to remove the car’s access to the internet, Reuters reported. This was far from an isolated incident.

Manufacturing 117

Manufacturing Mobile Wireless Data collection 117

Google Security

APRIL 27, 2023

We also continued to combat malicious developers and fraud rings, banning 173K bad accounts, and preventing over $2 billion in fraudulent and abusive transactions. We continued to partner with SDK providers to limit sensitive data access and sharing, enhancing the privacy posture for over one million apps on Google Play.

Mobile 94

Mobile Data collection Accountability Malware 94

Centraleyes

DECEMBER 4, 2024

Privacy laws hold accountable those who steal or misuse data, and are necessary to protect privacy rights. NYPA is a comprehensive consumer privacy law that aims to protect the privacy of the citizens of New York by empowering them to exercise greater control over their personal information and by holding businesses accountable.

Data collection 52

Data collection Accountability Government Media 52