Security Affairs

SEPTEMBER 24, 2023

educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. “On May 31, 2023, the Clearinghouse was informed by our third-party software provider, Progress Software, of a cybersecurity issue involving the provider’s MOVEit Transfer solution.

Data breaches 114

Data breaches Education Ransomware Software 114

Security Affairs

SEPTEMBER 3, 2022

Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July. After the attack that hit the company in late July 2022, Samsung disclosed a data breach. Threat actors had access to internal company data, including the source code of Galaxy models.

Data breaches 144

Data breaches Hacking Authentication Cybersecurity 144

Security Affairs

AUGUST 24, 2022

The company disclosed a data breach after threat actors have access to a limited subset of data stored in a compromised database. Exposed data includes emails, usernames, and encrypted passwords. The company is urging all users to immediately reset account passwords and log out of all devices connected to its service.

Data breaches 110

Data breaches Passwords Media Accountability 110

Security Boulevard

AUGUST 21, 2022

The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show. The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show.

Authentication 98

Authentication Accountability Hacking Ransomware 98

Security Affairs

NOVEMBER 25, 2020

million settlement in a multi-state investigation of the data breach that the company suffered in 2014. million settlement over the 2014 data breach. In 2014, Home Depot revealed that the data breach impacted 56 million customers across the US and Canada. SecurityAffairs – hacking, Data breach).

Retail 120

Retail Data breaches Penetration Testing Password Management 120

Malwarebytes

MARCH 16, 2022

As part of the proposed settlement, Residual Pumpkin and PlanetArt (the previous and current owners of CafePress) will be required to implement comprehensive information security programs that will address the problems that led to the data breaches at CafePress. Reusing passwords. Stay safe, everyone!

Data breaches 121

Data breaches Passwords Authentication Social Engineering 121

Security Affairs

AUGUST 8, 2022

Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack. Communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. SecurityAffairs – hacking, data breach).

Data breaches 91

Data breaches Social Engineering Phishing Accountability 91

Security Affairs

JANUARY 20, 2023

PayPal is sending out data breach notifications to thousands of users because their accounts were compromised through credential stuffing attacks. PayPal announced that 34942 customers’ accounts have been compromised between December 6 and December 8.

Data breaches 91

Data breaches Identity Theft Accountability Passwords 91

Security Affairs

JANUARY 19, 2022

A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim’s phone, Varonis researchers reported.

Accountability 116

Accountability Authentication Passwords Data breaches 116

Security Affairs

AUGUST 5, 2022

Twitter confirmed that the recent data breach that exposed data of 5.4 million accounts was caused by the exploitation of a zero-day flaw. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform.

Accountability 104

Accountability Data breaches Authentication Media 104

Security Affairs

MARCH 2, 2023

At the end of 2022, a security researcher discovered the stolen data on an unsecured server belonging to a group of hackers. TechCrunch was able to verify the authenticity of the data for a sample they analyzed, however it is unclear how recent the data is. New breach: GunAuction[.]com

Accountability 84

Accountability Hacking Data breaches Passwords 84

Security Affairs

APRIL 14, 2020

Quidd , an online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019. Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords.

Accountability 140

Accountability Hacking Data breaches Passwords 140

Security Affairs

JANUARY 4, 2022

The Broward Health public health system disclosed a massive data breach that has impacted more than 1.3 The Broward Health public health system has suffered a data breach that impacted 1,357,879 individuals. ” reads the data breach notification letter sent to the impacted individuals.

Data breaches 86

Data breaches Healthcare Identity Theft Insurance 86

Security Affairs

AUGUST 29, 2022

Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Early August, the communications company Twilio discloses a data breach , threat actors had access to the data of some of its customers.

Accountability 94

Accountability Authentication Phishing Data breaches 94

Security Affairs

OCTOBER 26, 2020

Nitro PDF suffered a massive data breach that impacts many major organizations, including Apple, Chase, Citibank, Google, and Microsoft. A massive data breach suffered by the Nitro PDF might have a severe impact on well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. Nitro Software , Inc.

Data breaches 106

Data breaches Advertising Software Accountability 106

Security Affairs

MAY 6, 2020

Hackers have breached the online learning platform Unacademy and are selling the account information for close to 22 million users. Online learning platform Unacademy has suffered a data breach after a hacker gained access to their database and started selling the account information for close to 22 million users.

Accountability 103

Accountability Hacking Data breaches Advertising 103

SecureWorld News

DECEMBER 1, 2020

The Home Depot recently reached a multi-state agreement which settles an investigation into a 2014 data breach. The data breach compromised payment card information of roughly 40 million customers. The Home Depot data breach and agreement. The company will pay a total of $17.5 million to 46 U.S.

Data breaches 60

Data breaches Penetration Testing Password Management Information Security 60

Security Affairs

SEPTEMBER 7, 2022

In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. User authentication seems easy, but there are inherent challenges to be aware of. User Authentication.

Authentication 97

Authentication Passwords Risk Education 97

Security Affairs

JULY 24, 2022

Threat actor leaked data of 5.4 A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor is now offering for sale the stolen data on a the popular hacking forum Breached Forums.

Accountability 137

Accountability Advertising Authentication Hacking 137

Security Affairs

NOVEMBER 15, 2020

million Pluto TV user accounts on a hacking forum for free, he claims they were stolen by ShinyHunters threat actor. Bleeping Computer, which has validated the authenticity of the archive, reported that the latest record in the database was created on October 12th, 2018. accounts exposed appeared first on Security Affairs.

Accountability 101

Accountability Hacking Data breaches Passwords 101

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The threat actor likely obtained the employee’s account credentials from a third-party data breach.

Government 133

Government VPN Accountability Authentication 133

Security Affairs

MARCH 25, 2021

Researchers discovered the availability in the DarK Web of 30M of records of Americans affected by the Astoria Company data breach. while other lead types exposed in the leak included additional information such as social security numbers, full bank account information, and even medical history.

Data breaches 109

Data breaches Insurance Banking Marketing 109

Security Affairs

NOVEMBER 3, 2023

In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valid users. ” continues the post.

Data breaches 123

Data breaches Social Engineering Accountability Authentication 123

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking 101

Hacking Authentication Passwords Accountability 101

Security Affairs

DECEMBER 17, 2023

MongoDB on Saturday announced it is investigating a cyberattack that exposed customer account metadata and contact information. The cyber attack was discovered on December 13, 2023, and led to the exposure of customer account metadata and contact information. We detected suspicious activity on Wednesday (Dec.

Social Engineering 121

Social Engineering Data breaches Cyber Attacks Accountability 121

Security Affairs

MARCH 17, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 108

Data breaches Computers and Electronics Cybercrime Ransomware 108

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. This method poses a risk of exposing sensitive data or enabling fraudulent activities.

VPN 113

VPN Accountability Firewall Data breaches 113

Malwarebytes

FEBRUARY 27, 2024

The German Federal Office for Information Security (BSI) has published a report on The State of IT Security in Germany in 2023 , and the number one threat for consumers is… identity theft. What to do in the event of a data breach Check the vendor’s advice. Enable two-factor authentication (2FA).

Identity Theft 101

Identity Theft Data breaches Artificial Intelligence Passwords 101

Security Affairs

OCTOBER 2, 2021

Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system implemented by the crypto exchange Coinbase to steal funds from more than 6,000 users.

Cryptocurrency 119

Cryptocurrency Data breaches Authentication Accountability 119

Security Affairs

JANUARY 18, 2021

The OpenWRT forum, the community behind the open-source project for embedded operating systems based on Linux, disclosed a data breach. The administrators of the forum disclosed the data breach with an announcement published on the forum. SecurityAffairs – hacking, data breach). ” states the advisory.

Hacking 130

Hacking Data breaches Passwords Accountability 130

Krebs on Security

APRIL 27, 2023

Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information.

Banking 290

Banking Government Information Security Authentication 290

Security Affairs

FEBRUARY 24, 2020

Slickwraps has disclosed a data breach that impacted over 850,000 user accounts, data were accidentally exposed due to security vulnerabilities. The data leak was disclosed last week, on February 21 the company that customer records were accidentally exposed online via an exploit. . Pierluigi Paganini.

Accountability 95

Accountability Data breaches Passwords Advertising 95

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 90

Spyware Data breaches Hacking Ransomware 90

Security Affairs

DECEMBER 13, 2022

Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022. Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. Source RestorePrivacy.

Data breaches 97

Data breaches Accountability Media Hacking 97

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. A threat actor gained access to a tool used by the company’s customer support and account administration teams. You may want to warn everyone.

Phishing 119

Phishing Data breaches Cryptocurrency Social Engineering 119

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. More than 500,000 Activision accounts may have compromised as a result of a data breach suffered by the gaming firm on September 20, reported the eSports site Dexerto.

Hacking 110

Hacking Data breaches Accountability Passwords 110

Security Affairs

MARCH 29, 2024

The attackers detected suspicious login activity to certain Hot Topic Rewards accounts. Threat actors obtained valid account credentials obtained from an unknown third-party source. In other words, bad actors glean lists of breached usernames and passwords and run them against desired logins until they find some that work.

Accountability 112

Accountability Mobile Passwords Authentication 112