Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking 117

Hacking Authentication Passwords Accountability 117

Security Affairs

NOVEMBER 17, 2023

.” In response to the security incident, the company took the impacted systems offline and launched an investigation with the help of law enforcement. The security incident appears to have been limited to TFS Europe & Africa. The company has yet to disclose a data breach.

Financial Services 129

Financial Services Hacking Ransomware Data breaches 129

Security Affairs

JANUARY 31, 2024

Source: Cybernews Sensitive data leaked The leaked data included the trading activity of over 300,000 users spanning the past six years, along with names, email addresses, emails sent by the company, and IP addresses. Hashed passwords to access user accounts on the DTT trading platform were also leaked. Leaked emails.

Technology 128

Technology Identity Theft Backups Passwords 128

Security Affairs

SEPTEMBER 23, 2022

Australian telecoms company Optus disclosed a data breach, threat actors gained access to former and current customers. Optus , one of the largest service providers in Australia, disclosed a data breach. The intruders gained access to the personal information of both former and current customers.

Data breaches 96

Data breaches Accountability Mobile Passwords 96

Krebs on Security

NOVEMBER 16, 2023

In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calling in bomb threats.

Cybercrime 217

Cybercrime Hacking Data breaches Banking 217

Security Affairs

AUGUST 7, 2019

Credential stuffing attacks involve botnets to try stolen login credentials usually obtained through phishing attacks and data breaches. This kind of attacks is very efficient due to the bad habit of users of reusing the same password over multiple services.

Insurance 96

Insurance Data breaches Financial Services Passwords 96

SecureList

DECEMBER 12, 2023

Every year is abundant with major data leaks, biggest data breaches and hacks drawing massive media attention (such as Medibank and Optus data breach, Twitter data breach, and Uber and Rockstar compromise in 2022 and in T-Mobile , MailChimp and OpenAI in 2023).

Data breaches 92

Data breaches Accountability Telecommunications Malware 92

Security Affairs

JULY 11, 2022

BlackCat (aka ALPHV) Ransomware gang introduced an advanced search by stolen victim’s passwords, and confidential documents. They introduced an advanced search by stolen victim’s passwords, and confidential documents leaked in the TOR network. ALPHV seems to be significantly competing with Lockbit 3.0

Ransomware 96

Ransomware Passwords Data breaches Technology 96

Security Affairs

JUNE 24, 2020

business consulting firm Frost & Sullivan suffered a data breach, a threat actor is offering for sale its databases on a hacker forum. firm Frost & Sullivan suffered a data breach, data from an unsecured backup that were exposed on the Internet was sold by a threat actor on a hacker forum.

Data breaches 140

Data breaches Backups Advertising Hacking 140

Security Affairs

SEPTEMBER 19, 2022

Uber hack update: There is no evidence that users’ private information was compromised in the data breach. Uber provided an update regarding the recent security breach of its internal computer systems, the company confirmed that there is no evidence that intruders had access to users’ private information.

Data breaches 99

Data breaches Hacking Engineering Authentication 99

Security Affairs

OCTOBER 1, 2023

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server Child abuse site taken down, organized child exploitation crime suspected – exclusive A still unpatched zero-day RCE impacts more than 3.5M

Artificial Intelligence 114

Artificial Intelligence Firmware Data breaches Hacking 114

Security Affairs

DECEMBER 15, 2023

The leak comes after the team discovered an unprotected MongoDB instance, which stored information on GokuMarket crypto exchange users. Businesses employ MongoDB to organize and store large swaths of document-oriented information, and in GokuMarket’s case, the details of over a million customers and admin users.

Passwords 106

Passwords Cryptocurrency Scams Mobile 106

Security Affairs

AUGUST 28, 2022

Twilio hackers also breached the food delivery firm DoorDash Unprecedented cyber attack hit State Infrastructure of Montenegro Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus Critical flaw impacts Atlassian Bitbucket Server and Data Center Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access GoldDragon (..)

DDOS 87

DDOS Data breaches Malware Antivirus 87

Security Affairs

JUNE 9, 2020

A threat actor is offering for sale in a darkweb black-market internal documents of the Indian defence contractor Bharat Earth Movers Limited (BEML). As part of the regular monitoring of cybercrime forums and markets in the deep-web and darkweb , Cyble researchers spotted a threat actor named as R3dr0x who leaked (BEML) internal documents.

Data breaches 80

Data breaches Marketing Advertising Passwords 80

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. What’s more, Syrén seemed to downplay the severity of the exposure.

Hacking 344

Hacking Ransomware Banking Accountability 344

Security Affairs

OCTOBER 17, 2021

Twitch passwords have not been exposed, the company believes that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed. “Twitch passwords have not been exposed. SecurityAffairs – hacking, data breach). ” reads the update. ” reads the update. Pierluigi Paganini.

Data breaches 81

Data breaches Passwords Banking Mobile 81

Security Affairs

DECEMBER 12, 2023

DTC says it operates over 7,000 vehicles and has an active workforce of 14,000 driver partners According to the CyberNews team, the exposed data was stored in an open MongoDB database, which has since been closed. Businesses employ MongoDB to organize and store large swaths of document-oriented information.

VPN 131

VPN Accountability Banking Marketing 131

CyberSecurity Insiders

NOVEMBER 19, 2022

Simultaneously, they must maintain secure communication to protect their assets and valuable information. Unfortunately, security is a common issue in corporate spaces. Many have experienced data breaches and they must continue to find ways to mitigate these risks. Video Conferencing.

Encryption 107

Encryption Risk Data breaches Technology 107

Security Affairs

JULY 31, 2022

. “The downloaded data contains confidential and closed information about the employees of your company, which took part in the development of closed military projects of MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, MCDS, B1NT etc.) Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Manufacturing 121

Manufacturing Hacking Passwords Cybersecurity 121

Security Affairs

APRIL 15, 2022

Cybersecurity experts would have you believe that your organization’s employees have a crucial role in bolstering or damaging your company’s security initiatives. According to another study by CybSafe, human errors have been responsible for over 90% of data breaches in 2020. Address Security Misconceptions.

Cybersecurity 88

Cybersecurity Data privacy Data breaches Phishing 88

Security Affairs

APRIL 8, 2021

The data from the leaked files can be used by threat actors against LinkedIn users in multiple ways by: Carrying out targeted phishing attacks. Brute-forcing the passwords of LinkedIn profiles and email addresses. Change the password of your LinkedIn and email accounts. Spamming 500 million emails and phone numbers.

Identity Theft 127

Identity Theft Passwords Social Engineering Phishing 127

Security Affairs

SEPTEMBER 3, 2020

To see if your email address has been exposed in this or other security breaches, use our personal data leak checker. What data is in the bucket? Here are some examples of the user records and statement of work documents left on the publicly accessible bucket. What happened to the data? Who had access?

Marketing 104

Marketing Media Advertising Identity Theft 104

Security Affairs

SEPTEMBER 10, 2021

We can also confirm that further attacks have been detected and are being responded to, that are linked to the earlier breach.”. Threat actors stolen a huge quantity of documents containing sensitive information that could be used is attacked aimed at agencies within the intergovernmental organization. . Pierluigi Paganini.

Hacking 116

Hacking Data breaches Cyber Attacks Software 116

Security Affairs

FEBRUARY 14, 2021

COMB breach: 3.2B COMB breach: 3.2B If you want to also receive for free the international press subscribe here.

Spyware 103

Spyware Phishing Data breaches Surveillance 103

eSecurity Planet

DECEMBER 9, 2021

Or as is often the case with security, what costs can we skip and still escape big penalties later? Unfortunately for those of us indulging in wishful thinking, the likelihood and costs of data breaches continue to increase. The Ponemon Institute estimates that data breach costs rose to an average cost of $4.24

Insurance 125

Insurance Backups Data breaches Ransomware 125

Malwarebytes

JANUARY 16, 2024

While at CWRU, he was accused of “cracking passwords” on a CWRU network. According to an FBI Flash document released to affected organizations on March 27, 2017, machines were infected with FruitFly via brute force attacks, using weak passwords or passwords from breaches of other systems.

Malware 91

Malware Passwords Identity Theft Data collection 91

CyberSecurity Insiders

DECEMBER 12, 2021

Sending such information through normal communication channels like email is a bad idea since there have been multiple cases of data breaches. And that is why we need to make our communication channels secure. The channel’s security must be impenetrable. The Best Ways to Secure Communication Channels .

VPN 107

VPN Passwords Encryption Mobile 107

Security Affairs

JUNE 11, 2021

Most of the stolen files (50%+) were text files, some of them containing software logs, passwords, personal notes, and other sensitive information. Experts found over 650,000 Word documents and.pdf files in the archive. How to protect your data from such kind of malware? png and 224,000.jpg

Malware 118

Malware Computers and Electronics Software Financial Services 118

Security Affairs

OCTOBER 21, 2022

EnergyAustralia pointed out that sensitive data, such as passwords, banking information, driver licences, or passports, were not compromised because they were not stored on the platform. “It added that impacted customers had been contacted by text and email on October 2 with a prompt to reset their passwords.”. .

Passwords 69

Passwords Small Business Banking Retail 69

eSecurity Planet

SEPTEMBER 23, 2022

After SOX, executives must sign a document every year that states, under penalty of criminal prosecution if they lie, that the executives understand their financial statement. However, for compliance, the term policy actually refers to a written document that contains the goals, objectives, and minimum standards the company will enact.

Cybersecurity 132

Cybersecurity Risk Passwords Encryption 132

Security Affairs

JANUARY 27, 2022

First, the verification process requires customers to take a photo of their ID document. Next, a client is prompted to take a selfie or upload a video to confirm whether there’s a match with the document’s photo. In other cases, threat actors can quickly sell valid identification documents on the dark web.

Identity Theft 97

Identity Theft Accountability Data breaches Social Engineering 97

Security Affairs

JULY 12, 2021

The social media platform, however, is of a different opinion on the matter: “Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. Change the password of your LinkedIn and email accounts. Consider using a password manager to create unique strong passwords and store them securely.

Social Engineering 139

Social Engineering Data collection Media Passwords 139

Security Affairs

JUNE 17, 2020

A CIA elite hacking unit that developed cyber-weapons failed in protecting its operations, states an internal report on the Vault 7 data leak. In middle May 2018, both The New York Times and The Washington Post , revealed the name of the alleged source of the Vault 7 leak , the man who passed the secret documents to Wikileaks.

Hacking 127

Hacking Engineering Data breaches Advertising 127

Security Affairs

DECEMBER 11, 2019

A massive data leak made the headlines, over 750,000 birth certificate applications have been exposed online due to an unsecured AWS bucket. Penetration testing firm Fidus Information Security discovered over 752,000 birth certificate applications that have been exposed online due to an unsecured AWS bucket. .

Penetration Testing 88

Penetration Testing Advertising Authentication Passwords 88

Security Affairs

MAY 7, 2021

CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors. Most organizations use databases to store sensitive information. Can’t come up with a strong password? What were we looking at?

Passwords 141

Passwords Authentication Identity Theft Engineering 141

Security Affairs

APRIL 11, 2021

Leak data could be abused by threat actors to carry out malicious activities, such as phishing/spear-phishing attacks, identity theft, and scams. Using a strong and unique password for each web service, a password manager could help you. Be vigilant on potential phishing messages that ask you to provide information.

Identity Theft 141

Identity Theft Phishing Password Management Media 141

Security Affairs

JUNE 29, 2022

This means that threat actors did not infect AMD systems, but once obtained access to its networks had stolen internal data. Allegedly stolen data includes corporate research and financial documents, but at this time the only published a few files containing information from an internal network likely collected during a reconnaissance phase.

Encryption 97

Encryption Passwords Hacking Data breaches 97