Security Affairs

FEBRUARY 23, 2024

Australian telecommunications provider Tangerine disclosed a data breach that impacted roughly 230,000 individuals. Tangerine suffered a data breach that exposed the personal information of roughly 230,000 individuals.

Data breaches 94

Data breaches Telecommunications Banking Mobile 94

Security Affairs

SEPTEMBER 24, 2023

educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. “On May 31, 2023, the Clearinghouse was informed by our third-party software provider, Progress Software, of a cybersecurity issue involving the provider’s MOVEit Transfer solution.

Data breaches 112

Data breaches Education Ransomware Software 112

Security Affairs

SEPTEMBER 3, 2022

Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July. After the attack that hit the company in late July 2022, Samsung disclosed a data breach. Threat actors had access to internal company data, including the source code of Galaxy models.

Data breaches 144

Data breaches Hacking Authentication Cybersecurity 144

Security Affairs

NOVEMBER 20, 2023

The Canadian government discloses a data breach after threat actors hacked two of its contractors. “On October 19 th , 2023, Brookfield Global Relocation Services (BGRS) informed the Government of Canada of a breach involving Government of Canada information held by BGRS and SIRVA Canada systems.”

Data breaches 113

Data breaches Government Hacking Backups 113

Security Affairs

NOVEMBER 3, 2021

Labour Party discloses a data breach after a ransomware attack hit a service provider that is managing its data. Labour Party discloses a data breach after a service provider that manages its data was hit by a ransomware attack. SecurityAffairs – hacking, data breach). Pierluigi Paganini.

Data breaches 124

Data breaches Ransomware Authentication Hacking 124

Malwarebytes

MARCH 16, 2022

As part of the proposed settlement, Residual Pumpkin and PlanetArt (the previous and current owners of CafePress) will be required to implement comprehensive information security programs that will address the problems that led to the data breaches at CafePress. Reusing passwords. Stay safe, everyone!

Data breaches 119

Data breaches Passwords Authentication Social Engineering 119

Security Affairs

NOVEMBER 25, 2020

million settlement in a multi-state investigation of the data breach that the company suffered in 2014. million settlement over the 2014 data breach. In 2014, Home Depot revealed that the data breach impacted 56 million customers across the US and Canada. SecurityAffairs – hacking, Data breach).

Retail 119

Retail Data breaches Penetration Testing Password Management 119

Security Affairs

AUGUST 24, 2022

The company disclosed a data breach after threat actors have access to a limited subset of data stored in a compromised database. Exposed data includes emails, usernames, and encrypted passwords. According to the company, financial and payment data were not compromised because are not stored on its servers.

Data breaches 108

Data breaches Passwords Media Accountability 108

Security Affairs

JANUARY 3, 2023

A post published on a popular hacking forum claims Volvo Cars has suffered a new data breach, alleging stolen data available for sale. French cybersecurity Anis Haboubi yesterday first noticed that a threat actor was attempting to sell data allegedly stolen from Volvo Cars on a popular hacking forum. Pierluigi Paganini.

Data breaches 89

Data breaches Hacking Ransomware Manufacturing 89

Security Affairs

SEPTEMBER 6, 2022

“Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code,” a spokesperson added. The popular data breach hunter Bob Diachenko and his team analyzed publicly exposed data and confirmed their authenticity, but they are unable to determine the origin.

Data breaches 95

Data breaches Hacking Media Authentication 95

Security Affairs

MAY 13, 2023

A data breach disclosed by Toyota Motor Corporation exposed info of more than 2 million customers for ten years Toyota Motor Corporation disclosed a data breach that exposed the car-location information of 2,150,000 customers between November 6, 2013, and April 17, 2023.

Data breaches 87

Data breaches Authentication Internet Internet 87

Security Affairs

AUGUST 31, 2022

The Russian subscription-based streaming service Start discloses a data breach affecting 7.5 The Russian media streaming platform START disclosed a data breach that impacted 7.5 Russian news outlet Medusa verified that the leaked data are valid. ” reads the data breach notice published on Telegram.

Data breaches 83

Data breaches Passwords Banking Media 83

Security Affairs

AUGUST 8, 2022

Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack. Communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. SecurityAffairs – hacking, data breach).

Data breaches 89

Data breaches Social Engineering Phishing Accountability 89

Security Affairs

JANUARY 20, 2023

PayPal is sending out data breach notifications to thousands of users because their accounts were compromised through credential stuffing attacks. The company added that the unauthorized accessed were the result of credential stuffing attacks and that its systems were not breached. .” What is credential stuffing?

Data breaches 89

Data breaches Identity Theft Accountability Passwords 89

Security Affairs

JUNE 5, 2023

The BBC and British Airways were both impacted by the data breach suffered by the payroll provider Zellis. As a result of the cyber attack on the payroll provider Zellis, the personal data of employees at the BBC and British Airways has been compromised and exposed. reads the advisory published by the company.

Data breaches 77

Data breaches Retail Software Cyber Attacks 77

Security Affairs

MAY 8, 2023

The authenticity of the leaked private key was confirmed by Alex Matrosov, founder of firmware security firm Binarly. The Money Message group initially threatened to publish the stolen files by April 12, 2023, if the company will not pay the ransom.

Data breaches 80

Data breaches Ransomware Firmware Manufacturing 80

Security Affairs

JANUARY 4, 2022

The Broward Health public health system disclosed a massive data breach that has impacted more than 1.3 The Broward Health public health system has suffered a data breach that impacted 1,357,879 individuals. ” reads the data breach notification letter sent to the impacted individuals.

Data breaches 84

Data breaches Healthcare Identity Theft Insurance 84

Security Affairs

SEPTEMBER 7, 2022

In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. User authentication seems easy, but there are inherent challenges to be aware of. User Authentication.

Authentication 95

Authentication Passwords Risk Education 95

Security Affairs

MARCH 8, 2022

Samsung confirmed that threat actors had access to the source code of its Galaxy smartphones in recent security breach. Samsung this week disclosed a data breach, threat actors had access to internal company data, including the source code of Galaxy models. Source: Lapsus$ gang’s Telegram Channel.

Data breaches 83

Data breaches Ransomware Hacking Cyber Attacks 83

Security Boulevard

MARCH 17, 2021

The use of authentication factors, one of the most fundamental and well understood concepts in information security, enables secure access to applications, services, and networks. The post Finding the Cracks in the Wall – The Hazard of Single Authentication Factor appeared first on Security Boulevard.

Authentication 59

Authentication Data breaches Information Security 59

SecureWorld News

DECEMBER 1, 2020

The Home Depot recently reached a multi-state agreement which settles an investigation into a 2014 data breach. The data breach compromised payment card information of roughly 40 million customers. The Home Depot data breach and agreement. The company will pay a total of $17.5 million to 46 U.S.

Data breaches 58

Data breaches Penetration Testing Password Management Information Security 58

Security Affairs

OCTOBER 26, 2020

Nitro PDF suffered a massive data breach that impacts many major organizations, including Apple, Chase, Citibank, Google, and Microsoft. A massive data breach suffered by the Nitro PDF might have a severe impact on well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. Nitro Software , Inc.

Data breaches 103

Data breaches Advertising Software Accountability 103

Security Affairs

APRIL 12, 2024

Credential stuffing is a type of attack in which hackers use automation and lists of compromised usernames and passwords to defeat authentication and authorization mechanisms, with the end goal of account takeover (ATO) and/or data exfiltration.” Roku aims to simplify this process and offers support for users needing assistance.

Accountability 109

Accountability Passwords Data breaches Authentication 109

Security Boulevard

AUGUST 21, 2022

The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show. The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show.

Authentication 98

Authentication Accountability Hacking Ransomware 98

Security Affairs

MARCH 25, 2021

Researchers discovered the availability in the DarK Web of 30M of records of Americans affected by the Astoria Company data breach. Night Lion Security’s CEO, Vinny Troia, reported to Astoria Company the flaw in their database on January 29, 2021 and the availability of their data on Dark Web. Pierluigi Paganini.

Data breaches 107

Data breaches Insurance Banking Marketing 107

CyberSecurity Insiders

MARCH 28, 2023

Understanding the FTC Safeguards Rule The FTC Safeguards Rule is a set of regulations that require covered financial institutions to develop, implement, and maintain an information security program designed to protect customer information. Implementation of multi-factor authentication.

Data breaches 125

Data breaches Authentication Risk Phishing 125

Security Affairs

MARCH 17, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 106

Data breaches Computers and Electronics Cybercrime Ransomware 106

Malwarebytes

FEBRUARY 27, 2024

The German Federal Office for Information Security (BSI) has published a report on The State of IT Security in Germany in 2023 , and the number one threat for consumers is… identity theft. What to do in the event of a data breach Check the vendor’s advice. Enable two-factor authentication (2FA).

Identity Theft 99

Identity Theft Data breaches Artificial Intelligence Passwords 99

Security Affairs

DECEMBER 19, 2023

Comcast’s Xfinity discloses a data breach after a cyber attack hit the company by exploiting the CitrixBleed vulnerability. Comcast’s Xfinity is notifying its customers about the compromise of their data in a cyberattack that involved the exploitation of the CitrixBleed flaw.

Authentication 108

Authentication Data breaches Passwords Internet 108

Security Affairs

NOVEMBER 3, 2023

In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valid users.

Data breaches 121

Data breaches Social Engineering Accountability Authentication 121

Security Affairs

OCTOBER 21, 2023

Okta says that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valide users. HAR files can also contain sensitive data, including authentication information.

Social Engineering 117

Social Engineering Data breaches Authentication VPN 117

Krebs on Security

APRIL 27, 2023

Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information.

Banking 285

Banking Government Information Security Authentication 285

Security Affairs

DECEMBER 17, 2023

.” At this time, we are not aware of any exposure to the data that customers store in MongoDB Atlas.” The company also recommends active multi-factor authentication (MFA), and regularly rotate their MongoDB Atlas passwords. However, the company states that the activity is not related to the security incident.

Social Engineering 118

Social Engineering Data breaches Cyber Attacks Accountability 118

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 88

Spyware Data breaches Hacking Ransomware 88

Security Affairs

FEBRUARY 16, 2024

The threat actor compromised network administrator credentials through the account of a former employee that was used to successfully authenticate to an internal virtual private network (VPN) access point. The threat actor likely obtained the employee’s account credentials from a third-party data breach.

Government 131

Government VPN Accountability Authentication 131

Security Affairs

JANUARY 18, 2021

The OpenWRT forum, the community behind the open-source project for embedded operating systems based on Linux, disclosed a data breach. OpenWRT forum was compromised during the weekend and user data were stolen by intruders. The administrators of the forum disclosed the data breach with an announcement published on the forum.

Hacking 130

Hacking Data breaches Passwords Accountability 130

The Last Watchdog

APRIL 4, 2022

SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. According to Forbes, “the first half of 2018 was marked by an increase in API-related data breaches, with the 10 largest companies reporting the loss of 63 million personal records.”

Hacking 223

Hacking Penetration Testing Data breaches Authentication 223