Security Affairs

NOVEMBER 11, 2024

Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks. Amazon disclosed a data breach that exposed employee information after data was allegedly stolen during the May 2023 MOVEit attacks. Exposed data did not include Social Security numbers or financial information.

Data breaches

Krebs on Security

NOVEMBER 19, 2024

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. If you have any additional information about this incident, please reach out to krebsonsecurity @ gmail.com or at protonmail.com. This is a developing story.

Data breaches

Security Affairs

DECEMBER 16, 2024

ConnectOnCall disclosed a data breach impacting over 900,000 individuals, exposing their personal information. The company disclosed a data breach that exposed personal information and medical information of more than 900,000 individuals. Federal law enforcement was also notified. concludes the notice.

Data breaches

Krebs on Security

OCTOBER 30, 2024

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com. Image: Darkbeast, ke-la.com.

Healthcare

Adam Shostack

JANUARY 2, 2025

I explained that Microsoft could fix ransomware tomorrow, and was surprised that the otherwise well-informed people I was speaking to hadn't heard about this approach. My latest article at Dark Reading is Microsoft Can Fix Ransomware Tomorrow. It starts: Recently, I was at a private event on security by design.

Ransomware

Security Affairs

NOVEMBER 24, 2024

Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions. million in revenue.

Cybercrime

Malwarebytes

NOVEMBER 14, 2024

Employees of these companies were tricked into clicking malicious attachments and links and filling in their email account login information on fake sites. The entered information went straight to the phishers and allowed the criminals to monitor the emails of those employees.

Accountability

Security Affairs

NOVEMBER 18, 2024

The cyber spies stole information belonging to targeted individuals that was subject to U.S. “T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,” a company spokeswoman told WSJ. “We

Mobile

eSecurity Planet

NOVEMBER 6, 2024

In a stunning blow to the city’s cybersecurity defenses, Columbus, Ohio, recently became the target of a massive cyberattack that exposed over half a million residents’ sensitive information. terabytes of sensitive information compromised, the breach affected approximately 500,000 residents, nearly 55% of the city’s population.

Ransomware

Malwarebytes

OCTOBER 15, 2024

Broadly, Malwarebytes found that: 74% of people “consider US election season a risky time for personal information.” Distrust in political ads is broad—62% said they “disagree” or “strongly disagree” that the information they receive in US election-related ads is trustworthy. The reasons could be obvious.

Scams

Security Affairs

MARCH 4, 2025

HGFS information-disclosure vulnerability: the vulnerability is an information disclosurevulnerability that impacts VMware ESXi, Workstation, and Fusion. The virtualization giant confirmed that it has information to suggest that exploitation of the three flaws has occurred in the wild. CVE-2025-22226 (CVSS score of 7.1)

Hacking

Security Affairs

APRIL 7, 2025

These falsely obtained credentials enable cyber criminals to successfully mimic a real-world investigation by inducing platform operators to provide extremely sensitive information. FROM ACCOUNT THEFT TO A FULL-FLEDGED SERVICE: THE EVOLUTION OF THE MODEL The phenomenon has rapidly upgraded complexity, as detailed in the Meridian Group report.

Cybercrime

Security Affairs

DECEMBER 22, 2024

A $10 million reward was offered for information on Khoroshev through the U.S. reward for information leading to his arrest. He developed the code to disable antivirus software, deploy malware, and print ransom notes to all printers connected to a victim network. State Departments TOC Rewards Program via the FBI tip website.

Ransomware

Schneier on Security

MARCH 26, 2025

It’s basically an AI-generated honeypot.

Security Affairs

JANUARY 3, 2025

“We discovered unauthorized access to our network that resulted in the unauthorized access to, or acquisition of, certain files by an unauthorized actor. “We discovered unauthorized access to our network that resulted in the unauthorized access to, or acquisition of, certain files by an unauthorized actor.

Data breaches

Schneier on Security

APRIL 16, 2025

Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled , as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal.

CSO

Malwarebytes

NOVEMBER 5, 2024

With access to your email account, a cybercriminal can find a lot of useful information about you, such as where you bank, your account numbers, your favorite shops, and more. This information could then be used for targeted cyberattacks that mention information that’s relevant to you only, leaving you more likely to fall for them.

Accountability

Malwarebytes

MARCH 19, 2025

.” Whether it’s a so-called “subsidy program,” a “government grant,” or a “relief card,” these scams all share the same underlying goalto manipulate people into giving away their personal information, orworsetheir hard-earned cash. ” The goal? gov domains). on unverified websites.

Scams

Krebs on Security

JULY 8, 2025

While not listed as critical, CVE-2025-49719 is a publicly disclosed information disclosure vulnerability, with all versions as far back as SQL Server 2016 receiving patches. “The potential exposure of sensitive information makes this a high-priority concern for organizations handling valuable or regulated data,” Walters said.

Authentication

Security Affairs

DECEMBER 5, 2024

Gathering information from the huge number of sources inherent in modern IT environments is laborious, mundane, and mentally exhausting. Automating Repetitive Tasks AI can also automate many of the tasks that make being a SOC analyst so mind-numbing, including data collection, cross-referencing information, and running queries.

Artificial Intelligence

Security Affairs

MARCH 4, 2025

HGFS information-disclosure vulnerability: the vulnerability is an information disclosurevulnerability that impacts VMware ESXi, Workstation, and Fusion. The virtualization giant confirmed that it has information to suggest that exploitation of the three flaws has occurred in the wild. CVE-2024-50302 (CVSS score of 5.5)

Mobile

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. “We have been playing cat and mouse for a while with these guys,” said Matt Sciberras , chief information security officer at Invicti.

Hacking

Security Affairs

MARCH 24, 2025

The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. ” reads the alert.

Malware

Security Affairs

JANUARY 19, 2025

A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. The vulnerability allows authenticated attackers with Subscriber access to exploit a missing capability check, leading to information disclosure.

Consumer Services

SecureWorld News

NOVEMBER 22, 2024

From the DOJ press release: "We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals," said United States Attorney Martin Estrada. "As

Phishing

The Hacker News

JUNE 11, 2025

INTERPOL on Wednesday announced the dismantling of more than 20,000 malicious IP addresses or domains that have been linked to 69 information-stealing malware variants.

Malware

Malwarebytes

DECEMBER 6, 2024

The law enforcement investigation started in 2022 when investigators were able to track very specific information used by scammers to the specialized marketplace. A network of fake online shops set up to phish for payment information provided one of the sources of stolen data. Criminals are neither anonymous nor safe!

Marketing

The Last Watchdog

OCTOBER 23, 2024

outside the house or business facility) For more information about cybersecurity training programs that can help protect small business, users can visit security.ine.com. The 3-2-1 rule recommends: 3 – Keeping 3 copies of any important file: 1 primary and 2 backups. 1 – Storing 1 copy offsite (e.g.,

Small Business

Security Affairs

NOVEMBER 14, 2024

The cyber spies stole information belonging to targeted individuals that was subject to U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.” broadband providers. law enforcement requests pursuant to court orders. reported the WSJ.

Government

SecureWorld News

DECEMBER 8, 2024

This approach poses a significant threat, as sensitive information transmitted today could be decrypted in the future. For example, in the financial sector, if a quantum computer breaks encryption on data in transit, a threat actor could access confidential information, resulting in severe financial and reputational damage.

Encryption

Krebs on Security

NOVEMBER 1, 2024

The missive bore the name of the hotel and referenced details from their reservation, claiming that booking.com’s anti-fraud system required additional information about the customer before the reservation could be finalized. ” The phony booking.com website generated by visiting the link in the text message.

Phishing

Krebs on Security

MAY 29, 2025

“We have stopped hundreds of attempts this year related to this group and we are looking into the information you shared earlier today,” reads a statement shared by Amazon. Amazon said its Amazon Web Services (AWS) hosting platform actively counters abuse attempts. ” U.S. ”

Scams

Schneier on Security

JUNE 25, 2025

a highly dramatic pelican or a Russian-accented walrus), yet they maintain engagement in technical and explanatory discussions. […] User frequently cross-validates information, particularly in research-heavy topics like emissions estimates, pricing comparisons, and political events. They request entertaining personas (e.g.,

Architecture