Security Affairs

MAY 2, 2025

Microsoft announced that all new accounts will be “passwordless by default” to increase their level of security. Microsoft now makes all new accounts “passwordless by default,” enhancing protection against social engineering attacks, phishing, brute-force, and credential stuffing attacks.

Accountability 67

Accountability Passwords Social Engineering Authentication 67

Security Affairs

APRIL 9, 2025

The US Office of the Comptroller of the Currency (OCC) disclosed a major email breach compromising 100 accounts, undetected for over a year. The cybersecurity incident involved unauthorized access to emails via a compromised admin account. Affected accounts were disabled. The breach was confirmed on Feb. OCC on Feb.

Accountability 124

Accountability Banking Information Security Hacking 124

Schneier on Security

NOVEMBER 17, 2022

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. This is not a good sign.

Authentication 363

Authentication Passwords Accountability Media 363

Security Affairs

NOVEMBER 24, 2024

Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions. seized $283,000 in cryptocurrency from an account linked to Sami as part of actions against the illicit activities of PopeyeTools.

Cybercrime 131

Cybercrime Cryptocurrency Banking Accountability 131

Security Affairs

OCTOBER 14, 2024

US-based financial services company Fidelity Investments warns 77,000 individuals of a data breach that exposed their personal information. based financial services company Fidelity Investments is notifying 77,099 individuals that their personal information was compromised in an August cyberattack.

Data breaches 134

Data breaches Financial Services Accountability Hacking 134

Security Affairs

MAY 17, 2025

officials to build trust and access personal accounts. Threat actors send malicious links posing as messaging platform invites to access officials’ accounts, then exploit contacts to impersonate and extract data or funds. ” reads the alert issued by the FBI.

Government 123

Government Social Engineering Authentication Accountability 123

Security Affairs

APRIL 7, 2025

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as EDR-as-a-Service, is taking hold in the cybersecurity landscape.

Cybercrime 139

Cybercrime Social Engineering Accountability Government 139

Malwarebytes

NOVEMBER 12, 2024

All the company’s social media accounts haven’t been updated since 2023 at the latest. In 2023, cybercriminals put up information belonging to as many as seven million 23andMe customers for sale on criminal forums following a credential stuffing attack against the genomics company.

Insurance 145

Insurance Accountability Risk Data breaches 145

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. The seller listed two databases for sale one containing 19,192,948 customer accounts and another including 5.11 ” “Thus, this information should be taken cautiously until confirmed.

Cyber Attacks 126

Cyber Attacks Telecommunications Data breaches Banking 126

Security Affairs

DECEMBER 7, 2024

The 8Base ransomware group attacked Croatia’s Port of Rijeka, stealing sensitive data, including contracts and accounting info. A cyber attack hit the Port of Rijeka in Croatia, the 8Base ransomware group claimed responsibility for the security breach. The Port of Rijeka (Luka Rijeka d.d.),

Ransomware 125

Ransomware Hacking Accountability Cyber Attacks 125

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. A Nigerian national was sentenced to 26 years in prison in the US for stealing millions by compromising the email accounts of real estate businesses. for phishing scams that resulted in the compromise of millions of email accounts.

Scams 125

Scams Phishing Identity Theft Accountability 125

Security Affairs

JUNE 3, 2024

Personal information of hundreds of British and EU politicians is available on dark web marketplaces. The presence of the emails on dark web shows that politicians used their official emails to create an account on third-party web services that suffered a data breach. ” reads the report. ” concludes the report.

Passwords 145

Passwords Government Accountability Hacking 145

Security Affairs

DECEMBER 6, 2024

Atrium Health launched an investigation into the security breach and discovered that from January 2015 to July 2019, certain online tracking technologies were active on its MyAtriumHealth (formerly MyCarolinas) Patient Portal, accessible via web and mobile. added Atrium Health. Affected individuals were notified in September.

Data breaches 112

Data breaches Identity Theft Accountability Technology 112

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. from fake websites (phishing sites) disguised as websites of real securities companies.” from fake websites (phishing sites) disguised as websites of real securities companies.”

Financial Services 121

Financial Services Passwords Accountability Antivirus 121

Security Affairs

OCTOBER 30, 2024

The malware allows operators to steal bank users’ sensitive information and money from their bank accounts. FakeCall is a banking trojan that uses voice phishing by impersonating banks in fraudulent calls to obtain sensitive information from victims.

Banking 132

Banking Malware Accountability Phishing 132

Security Affairs

FEBRUARY 17, 2025

Researchers warn that the whoAMI attack lets attackers publish an AMI with a specific name to execute code in an AWS account. The researchers warn that, at scale, this attack could impact thousands of AWS accounts, with around 1% of organizations estimated to be vulnerable. ” reads the advisory published by the company.

Accountability 63

Accountability Hacking Cybersecurity Information Security 63

Krebs on Security

APRIL 27, 2023

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. city administrators that at least five different public DC Health websites were leaking sensitive information.

Banking 342

Banking Government Information Security Authentication 342

Security Affairs

DECEMBER 8, 2024

The investigation aimed to determine the extent of the activity, and whether individual personal information, if any, may have been accessed or acquired by an unauthorized third party. ” reads the notice of security incident shared with the Maine Attorney General.

Data breaches 117

Data breaches Insurance Healthcare Ransomware 117

Krebs on Security

NOVEMBER 4, 2022

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

Scams 303

Scams Artificial Intelligence Cryptocurrency Accountability 303

Security Affairs

OCTOBER 23, 2024

Data Security Posture Management (DSPM) helps organizations address evolving data security and privacy requirements by protecting and managing sensitive information. Consequently, organizations face various security, governance, privacy, and compliance risks. According to other reports, most of that data is unstructured.

Data privacy 126

Data privacy Unstructured Data Risk Data breaches 126

Security Affairs

FEBRUARY 4, 2025

Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers and customers. This week the online food ordering and delivery firm GrubHub disclosed a data breach that exposed customer and driver information.

Data breaches 115

Data breaches Passwords Accountability Hacking 115

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. Millions of customers were put at risk when their social security numbers, phone numbers, and other sensitive personal information were leaked.

Consumer Protection 99

Consumer Protection Identity Theft Scams Social Engineering 99

Security Affairs

OCTOBER 11, 2024

These scripts sometimes leveraged publicly available pentesting tools and security services to programmatically find vulnerable infrastructure.” This included working on malware that was still in development, and looking for information on potential targets.” ” reads the OpenAI’s report.

Malware 137

Malware Social Engineering Engineering Hacking 137

Security Affairs

OCTOBER 29, 2024

“Through Eurojust, authorities were able to quickly exchange information and coordinate actions to take down the infostealers.” The cybersecurity firm’s recommendations for malware victims are: Consult an expert : For thorough malware removal and system security, seek professional help if needed.

Identity Theft 126

Identity Theft Passwords Malware Banking 126

Security Affairs

DECEMBER 18, 2024

The Irish Data Protection Commission (DPC) fined Meta 251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts. “This data breach impacted approximately 29 million Facebook accounts globally, of which approximately 3 million were based in the EU/EEA. ” reads the press release published by DPC.

Data breaches 106

Data breaches Accountability Risk Advertising 106

Security Affairs

MAY 15, 2025

The attacker claimed to have paid overseas contractors in support roles to extract this information from Coinbases internal systems, leveraging their legitimate access. Exposed data included contact details, partial SSNs and bank info, ID images, account history, and limited internal documents. ” reads the filing with SEC.

Data breaches 84

Data breaches Banking Accountability Retail 84

Krebs on Security

OCTOBER 20, 2023

BeyondTrust’s security team detected that someone was trying to use an Okta account assigned to one of their engineers to create an all-powerful administrator account within their Okta environment. He said that on Oct 2., 2 was not a result of a breach in its systems. But she said that by Oct. But she said that by Oct.

Social Engineering 361

Social Engineering Engineering Accountability Hacking 361

Krebs on Security

SEPTEMBER 30, 2022

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. If you were confused at this point, you might ask Google who it thinks is the current Chief Information Security Officer of Chevron. of spam and scam.”

CISO 341

CISO Cybercrime Accountability Information Security 341

Security Affairs

JANUARY 25, 2025

Subaru Starlink flaw exposed vehicles and customer accounts in the US, Canada, and Japan to remote attacks. The experts explained that they exploited the flaw to gain unrestricted targeted access to all vehicles and customer accounts in the above countries. ” wrote Curry. ” added Curry. I sent the unlock command.

Hacking 126

Hacking Accountability Passwords Authentication 126

Security Affairs

JULY 31, 2024

BingoMod is a new Android malware that can wipe devices after stealing money from the victims’ bank accounts. Researchers at Cleafy discovered a new Android malware, called ‘BingoMod,’ that can wipe devices after successfully stealing money from the victims’ bank accounts.

Banking 142

Banking Accountability Malware Mobile 142

Security Affairs

NOVEMBER 18, 2024

The cyber spies stole information belonging to targeted individuals that was subject to U.S. “T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,” a company spokeswoman told WSJ. “We

Mobile 114

Mobile Telecommunications Data breaches Hacking 114

Security Affairs

OCTOBER 28, 2024

The charges being pursued by investigators include criminal conspiracy for unauthorized access to computer systems, illegal interception, falsification of electronic communications, disclosure of confidential information, aiding and abetting, and extortion. ” reads a statement from a lawyer for Del Vecchio.

Computers and Electronics 136

Computers and Electronics Banking Marketing Hacking 136

Troy Hunt

NOVEMBER 22, 2019

For example, there's Dun & Bradstreet's NetProspex which leaked 33M records in 2017 , Exactis who had 132M records breached last year and the Apollo data breach which exposed 126M accounts, one of which was my own. i speak at conferences around the world and run workshops on how to build more secure software within organisations.

Data breaches 363

Data breaches Technology Software Information Security 363

Security Affairs

FEBRUARY 16, 2025

The attackers employ a phishing technique called device code phishing, which tricks users into logging into productivity apps while capturing login tokens that can be used to take over compromised accounts. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. .

Phishing 115

Phishing Authentication Telecommunications Accountability 115

Security Affairs

APRIL 26, 2025

African multinational telecommunications company MTN Group disclosed a data breach that exposed subscribers’ personal information. The company disclosed a data breach that exposed subscribers’ personal information, it added that the incident did not impact core network, billing system,s and financial services infrastructure.

Data breaches 106

Data breaches Telecommunications Financial Services Mobile 106

Security Affairs

JANUARY 11, 2025

. “On November 20, 2024, we were notified by a vendor of point-of-sale processing services for some of our retail locations that accounts with their organization had been compromised by an organized cybercrime group.” The exposed information varies for each individual case.

Data breaches 113

Data breaches Retail Cybercrime Government 113

Security Affairs

NOVEMBER 21, 2024

Victims included gaming, telecom, and cryptocurrency firms, with losses reaching millions in stolen cryptocurrency and data from hundreds of thousands of accounts. Victims included gaming, telecom, and cryptocurrency firms, with losses reaching millions in stolen cryptocurrency and data from hundreds of thousands of accounts.

Cybercrime 111

Cybercrime Identity Theft Cryptocurrency Phishing 111