What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-01-10 21:43:36 | Marijuana dispensary STIIIZY warns of leaked IDs after November data breach (lien direct) | A data breach in November exposed the IDs and passports of people who bought products from STIIIZY, a large marijuana dispensary in California.
A data breach in November exposed the IDs and passports of people who bought products from STIIIZY, a large marijuana dispensary in California. |
Data Breach | ★★★ | |
 |
2025-01-10 10:19:50 | STIIIZY data breach exposes cannabis buyers\\' IDs and purchases (lien direct) | Popular cannabis brand STIIIZY disclosed a data breach this week after hackers breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information. [...]
Popular cannabis brand STIIIZY disclosed a data breach this week after hackers breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information. [...] |
Data Breach | ★★★ | |
 |
2025-01-10 09:36:20 | Bringing Shadow Admins Out of the Shadows (lien direct) | In today\'s rapidly evolving IT landscape most organizations rely heavily on IT systems to streamline operations and stay competitive. While some of these systems are managed and secured by IT and security departments, increasingly many are not because they are not officially sanctioned. They are often referred to as shadow IT, shadow clouds, shadow VPNs and shadow password managers. To this “shadow” list should be added shadow admins. These are individuals who have administrative or privileged roles within specific IT systems-and they haven\'t been formally authorized for this privilege. In this blog post we\'ll cover why shadow admins are so risky and what you can do about them. Who are shadow IT admins? Shadow IT admins typically have technical or functional expertise. As such, they may set up, configure or manage certain services. Often these admins act out of a desire to address immediate business needs. However, they often don\'t have a plan for long-term management. Neither do they typically consider the organization\'s governance, risk and compliance (GRC) requirements. As a result, their actions can lead to significant risks for the organization, especially if they are not well-versed in security best practices or the organization\'s GRC policies. What happens if they are managing systems that contain sensitive data or support critical business processes? Why do shadow IT admins exist? Shadow IT admins usually emerge when people get frustrated with official processes and priorities when it comes to acquiring and managing IT. Here are some common issues: Slow IT response. Functional teams inside an organization might need an IT solution immediately but find that the IT department is bogged down by slow approval or long deployment queues. Lack of resources. IT departments may not have the bandwidth to address every request, leading individuals or departments to take matters into their own hands. Unmet needs. Business units and their associated shadow admins often introduce services or systems that they believe will serve them better than what they can access through approved and supported systems. Innovation and agility. In some cases, shadow IT admins are driven by a desire for innovation. They might be introducing new tools or technologies that can drive the business forward but do so outside the official IT structure. And as part of this they take on IT admin ownership of the unsanctioned system. The risks of shadow IT admins While shadow IT admins often have good intentions, they can unwittingly expose the organization to a variety of risks. Attackers can exploit these accounts to perform privileged actions, like creating backdoors, altering security settings, exfiltrating sensitive data or bringing down systems all together. Attackers can also use these accounts to hide their tracks. This enables them to avoid detection so that they can maintain control over the compromised system. There are also shadow admin risks that are associated with Active Directory. Threat actors can use shadow admin accounts in Active Directory to take control of directory services, reset passwords and escalate their privileges. What\'s more, by identifying these accounts, attackers can elevate their access level-and they often don\'t need additional exploits to do it, either. One reason shadow admin accounts are such a significant risk is because they often go unnoticed until well after they\'ve been exploited. For a recent highly public example of a breach that involved shadow IT and shadow admin accounts, check out Microsoft\'s Midnight Blizzard attack. 6 Ways that shadow admins add risk to organizations These are six areas where shadow admins cause an impact. 1: Security vulnerabilities Shadow IT admins often bypass critical security processes that have been set up by the IT department. This can lead to various security risks, such as: Weak access controls. Shadow IT ad | Ransomware Data Breach Tool Threat Cloud Technical | ★★★ | |
 |
2025-01-10 05:46:51 | NFL Giants Green Bay Have Their Online Defense Breached (lien direct) | Whilst the four-time Superbowl Champions, The Green Packers, have rightly been drawing praise this season for their on-field defensive performances, the Organization\'s online defense has been called into question following the disclosure of a significant data breach affecting thousands of their loyal supporters. Contrasting Fortunes The last week of 2024 saw the storied franchise triumph [...]
Whilst the four-time Superbowl Champions, The Green Packers, have rightly been drawing praise this season for their on-field defensive performances, the Organization\'s online defense has been called into question following the disclosure of a significant data breach affecting thousands of their loyal supporters. Contrasting Fortunes The last week of 2024 saw the storied franchise triumph [...] |
Data Breach | ★★★ | |
|
2025-01-09 16:07:03 | Largest US addiction treatment provider notifies patients of data breach (lien direct) | BayMark Health Services, North America\'s largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. [...]
BayMark Health Services, North America\'s largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. [...] |
Data Breach | ★★★ | |
 |
2025-01-08 16:30:00 | Green Bay Packers Pro Shop Data Breach Compromises Customers (lien direct) | The Green Bay Packers disclosed on Monday that their official online store was breached and customer information stolen
The Green Bay Packers disclosed on Monday that their official online store was breached and customer information stolen |
Data Breach | ★★★ | |
|
2025-01-08 12:50:14 | UN aviation agency ICAO confirms its recruitment database was hacked (lien direct) | ICAO said that a previously reported data breach involved "approximately 42,000 recruitment application data records from April 2016 to July 2024."
ICAO said that a previously reported data breach involved "approximately 42,000 recruitment application data records from April 2016 to July 2024." |
Data Breach | ★★★ | |
|
2025-01-08 12:28:01 | Medical billing firm Medusind discloses breach affecting 360,000 people (lien direct) | Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. [...]
Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. [...] |
Data Breach Medical | ★★★ | |
 |
2025-01-07 17:20:00 | CISA: Third-Party Data Breach Limited to Treasury Dept. (lien direct) | The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company, just last week.
The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company, just last week. |
Data Breach | ★★★ | |
|
2025-01-07 15:40:03 | Washington state sues T-Mobile over allegedly shoddy cyber practices leading to 2021 breach (lien direct) | Washington state\'s attorney general says in a lawsuit that T-Mobile knew about its cybersecurity weaknesses for years and could have avoided a 2021 data breach.
Washington state\'s attorney general says in a lawsuit that T-Mobile knew about its cybersecurity weaknesses for years and could have avoided a 2021 data breach. |
Data Breach | ★★★ | |
|
2025-01-07 13:08:24 | Washington state sues T-Mobile over 2021 data breach security failures (lien direct) | Washington state has sued T-Mobile over failing to secure the sensitive personal information of over 2 million Washington residents in a 2021 data breach. [...]
Washington state has sued T-Mobile over failing to secure the sensitive personal information of over 2 million Washington residents in a 2021 data breach. [...] |
Data Breach | ★★ | |
|
2025-01-07 12:51:55 | UN aviation agency \\'actively investigating\\' cybercriminal\\'s claimed data breach (lien direct) | The International Civil Aviation Organization (ICAO) said it was responding to claims of a data breach “allegedly linked to a threat actor known for targeting international organizations.”
The International Civil Aviation Organization (ICAO) said it was responding to claims of a data breach “allegedly linked to a threat actor known for targeting international organizations.” |
Data Breach Threat | ★★★ | |
 |
2025-01-06 23:24:54 | Usman Choudhary, Chief Product & Technology Officer, VIPRE Security Group, offers his thoughts on security trends that will dominate in 2025 (lien direct) | SMEs a Target and AI Malware to Fuel Supply Chain Attacks, With Regulatory Burden Amplifying Security Training Urgency
2024 saw increasingly sophisticated cybersecurity threats as criminals leveraged all forms of AI to create difficult-to-detect phishing attacks, deepfakes, and ransomware incidents. To counter these, organisations adopted AI-driven security solutions including threat detection, automated incident response, and intelligent vulnerability management, to protect data and infrastructure. In 2025, as AI evolves further in sophistication and adoption, alongside the growing burden of data breach costs and regulation – in addition to implementing advanced cybersecurity measures, organisations must prioritise real-world security awareness training.
-
Opinion
SMEs a Target and AI Malware to Fuel Supply Chain Attacks, With Regulatory Burden Amplifying Security Training Urgency 2024 saw increasingly sophisticated cybersecurity threats as criminals leveraged all forms of AI to create difficult-to-detect phishing attacks, deepfakes, and ransomware incidents. To counter these, organisations adopted AI-driven security solutions including threat detection, automated incident response, and intelligent vulnerability management, to protect data and infrastructure. In 2025, as AI evolves further in sophistication and adoption, alongside the growing burden of data breach costs and regulation – in addition to implementing advanced cybersecurity measures, organisations must prioritise real-world security awareness training. - Opinion |
Ransomware Data Breach Malware Vulnerability Threat | ★★ | |
|
2025-01-03 05:19:20 | 2024 Year in Review (Part 2) (lien direct) | July AT&T announced (in a financial filing) the discovery of a data breach dating back to 2023 that affects almost every AT&T customer. “The stolen data also includes call records of customers with phone service from other cell carriers that rely on AT&T\'s network, the company said.” It should be noted that the delayed reporting [...]
July AT&T announced (in a financial filing) the discovery of a data breach dating back to 2023 that affects almost every AT&T customer. “The stolen data also includes call records of customers with phone service from other cell carriers that rely on AT&T\'s network, the company said.” It should be noted that the delayed reporting [...] |
Data Breach Prediction | ★★★ | |
 |
2025-01-02 03:31:20 | Advice for Exponential Organizations: Intersecting Agile and Incident Response (lien direct) | While Exponential Organizations (ExOs) are transforming industries beyond the tech space, that doesn\'t mean that they are not susceptible to an increasing number of cyber threats. As ExOs harness innovative and cutting-edge technologies to drive transformative growth, the ability to respond effectively and proactively to cyber incidents becomes increasingly vital. Recent statistics from the 2024 IBM Cost of a Data Breach Report point to the global average cost being upwards of $4.88 million, with one in three organizations prone to a cyber attack. The Agile methodology - an approach rooted in...
While Exponential Organizations (ExOs) are transforming industries beyond the tech space, that doesn\'t mean that they are not susceptible to an increasing number of cyber threats. As ExOs harness innovative and cutting-edge technologies to drive transformative growth, the ability to respond effectively and proactively to cyber incidents becomes increasingly vital. Recent statistics from the 2024 IBM Cost of a Data Breach Report point to the global average cost being upwards of $4.88 million, with one in three organizations prone to a cyber attack. The Agile methodology - an approach rooted in... |
Data Breach | ★★★ | |
|
2024-12-30 02:31:15 | Understanding Data Leaks: Causes, Consequences, and Prevention Strategies (lien direct) | Imagine a seemingly minor misconfiguration in your cloud storage or an employee accidentally emailing a sensitive file to the wrong person. These incidents might seem trivial, but they can quickly snowball into a massive data breach, causing financial consequences. This scenario is a stark reminder of the importance of understanding and preventing data leaks. Data leaks are a threat to organizations, and developers can play a crucial role in preventing them. Understanding the causes and consequences of data leaks and implementing robust security measures can significantly reduce your...
Imagine a seemingly minor misconfiguration in your cloud storage or an employee accidentally emailing a sensitive file to the wrong person. These incidents might seem trivial, but they can quickly snowball into a massive data breach, causing financial consequences. This scenario is a stark reminder of the importance of understanding and preventing data leaks. Data leaks are a threat to organizations, and developers can play a crucial role in preventing them. Understanding the causes and consequences of data leaks and implementing robust security measures can significantly reduce your... |
Data Breach Threat Cloud | ★★ | |
 |
2024-12-20 13:00:33 | Config Chaos | How IoT and Cloud misconfigurations undermine security (lien direct) | >In an increasingly connected world, IoT and cloud infrastructures are the backbone of modern innovation. As IoT evolves, it intertwines with hybrid cloud architectures. APIs-essential for communication between IoT devices and the cloud-serve as both lifelines and attack vectors. Yet, as these technologies integrate deeper into our lives and businesses, they introduce hidden vulnerabilities-misconfigurations-that few fully understand. These oversights are no longer merely technical glitches; they are amplifiers of systemic risk, creating cascading failures across the digital ecosystem and staggering costs. Human error is also a common cause for misconfiguration. According to Verizon\'s Data Breach investigation report, human error is […]
>In an increasingly connected world, IoT and cloud infrastructures are the backbone of modern innovation. As IoT evolves, it intertwines with hybrid cloud architectures. APIs-essential for communication between IoT devices and the cloud-serve as both lifelines and attack vectors. Yet, as these technologies integrate deeper into our lives and businesses, they introduce hidden vulnerabilities-misconfigurations-that few fully understand. These oversights are no longer merely technical glitches; they are amplifiers of systemic risk, creating cascading failures across the digital ecosystem and staggering costs. Human error is also a common cause for misconfiguration. According to Verizon\'s Data Breach investigation report, human error is […] |
Data Breach Cloud Technical | ★★★ | |
 |
2024-12-19 23:54:20 | Play Ransomware Claims Krispy Kreme Breach, Threatens Data Leak (lien direct) | KEY SUMMARY POINTS Krispy Kreme, the beloved doughnut chain, disclosed a data breach on December 11, 2024, in…
KEY SUMMARY POINTS Krispy Kreme, the beloved doughnut chain, disclosed a data breach on December 11, 2024, in… |
Ransomware Data Breach | ★★ | |
 |
2024-12-19 14:00:00 | 2024 roundup: Top data breach stories and industry trends (lien direct) | >With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over. […]
>With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over. […] |
Data Breach | ★★★ | |
|
2024-12-19 04:32:58 | Silent Heists: The Danger of Insider Threats (lien direct) | When thinking about cybersecurity, we envision malicious actors working in dark basements, honing their tools to invent cunning new ways to breach our defenses. While this is a clear and present danger, it\'s also important to understand that another hazard is lurking much closer to home - the insider threat. These attacks have devastated entities in all sectors, with severe repercussions. These incidents can vary from straightforward acts of fraud or theft to more elaborate sabotage attempts. This is concerning because the recent IBM 2024 Cost of Data Breach survey found that the cost of a...
When thinking about cybersecurity, we envision malicious actors working in dark basements, honing their tools to invent cunning new ways to breach our defenses. While this is a clear and present danger, it\'s also important to understand that another hazard is lurking much closer to home - the insider threat. These attacks have devastated entities in all sectors, with severe repercussions. These incidents can vary from straightforward acts of fraud or theft to more elaborate sabotage attempts. This is concerning because the recent IBM 2024 Cost of Data Breach survey found that the cost of a... |
Data Breach Tool Threat | ★★ | |
|
2024-12-18 14:00:00 | Cloud Threat Landscape Report: AI-generated attacks low for the cloud (lien direct) | >For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last […]
>For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last […] |
Data Breach Threat Cloud | ★★★ | |
 |
2024-12-18 11:13:00 | Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts (lien direct) | Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what\'s the latest financial hit the company has taken for flouting stringent privacy laws.
The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million
Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what\'s the latest financial hit the company has taken for flouting stringent privacy laws. The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million |
Data Breach | ★★ | |
|
2024-12-18 10:15:00 | Meta Hit with Massive $263m GDPR Fine (lien direct) | The Irish Data Protection Commission has fined Meta $263m for a 2018 data breach impacting 29 million Facebook accounts
The Irish Data Protection Commission has fined Meta $263m for a 2018 data breach impacting 29 million Facebook accounts |
Data Breach | ★★★ | |
|
2024-12-17 20:53:13 | Nebraska AG sues Change Healthcare, UnitedHealth for data theft after ransomware attack (lien direct) | The 29-page filing alleges violations of Nebraska\'s consumer protection and data security laws and says Change Healthcare - which is owned by UnitedHealth Group (UHG) - failed to implement proper security measures that exacerbated the data breach, disrupting critical healthcare services across the state.
The 29-page filing alleges violations of Nebraska\'s consumer protection and data security laws and says Change Healthcare - which is owned by UnitedHealth Group (UHG) - failed to implement proper security measures that exacerbated the data breach, disrupting critical healthcare services across the state. |
Ransomware Data Breach Medical | ★★ | |
|
2024-12-17 17:04:40 | New fake Ledger data breach emails try to steal crypto wallets (lien direct) | A new Ledger phishing campaign is underway that pretends to be a data breach notification asking you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency. [...]
A new Ledger phishing campaign is underway that pretends to be a data breach notification asking you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency. [...] |
Data Breach | ★★ | |
|
2024-12-17 16:30:00 | Texas Tech University Data Breach Impacts 1.4 Million (lien direct) | The breach has affected 650,000 individuals at TTUHSC\'s Lubbock campus and 815,000 at its El Paso branch
The breach has affected 650,000 individuals at TTUHSC\'s Lubbock campus and 815,000 at its El Paso branch |
Data Breach | ★★ | |
|
2024-12-17 16:17:31 | Meta fined $263 million for alleged GDPR violations that led to data breach (lien direct) | Ireland\'s data privacy regulator said it was levvying the fine for data security failures that led to information on about 29 million Facebook users being exposed.
Ireland\'s data privacy regulator said it was levvying the fine for data security failures that led to information on about 29 million Facebook users being exposed. |
Data Breach | ★★ | |
|
2024-12-17 15:44:10 | Hackers Demand Ransom in Rhode Island Health System Data Breach (lien direct) | In a major cyberattack, the state of Rhode Island has fallen victim to a security breach potentially exposing the personal information of thousands of residents.
In a major cyberattack, the state of Rhode Island has fallen victim to a security breach potentially exposing the personal information of thousands of residents. |
Data Breach | ★★ | |
|
2024-12-17 14:00:00 | Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models (lien direct) | >With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook. With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace […]
>With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook. With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace […] |
Data Breach Vulnerability | ★★★ | |
|
2024-12-17 11:06:54 | Ireland fines Meta $264 million over 2018 Facebook data breach (lien direct) | The Irish Data Protection Commission (DPC) fined Meta €251 million ($263.6M) over General Data Protection Regulation (GDPR) violations arising from a 2018 personal data breach impacting 29 million Facebook accounts. [...]
The Irish Data Protection Commission (DPC) fined Meta €251 million ($263.6M) over General Data Protection Regulation (GDPR) violations arising from a 2018 personal data breach impacting 29 million Facebook accounts. [...] |
Data Breach | ★ | |
|
2024-12-16 21:51:43 | Cicada3301 Ransomware Claims Attack on French Peugeot Dealership (lien direct) | SUMMARY Cicada3301, a ransomware group, has claimed responsibility for a data breach targeting Concession Peugeot (concessions.peugeot.fr), a prominent…
SUMMARY Cicada3301, a ransomware group, has claimed responsibility for a data breach targeting Concession Peugeot (concessions.peugeot.fr), a prominent… |
Ransomware Data Breach | ★★★ | |
|
2024-12-16 17:17:16 | Texas Tech University System data breach impacts 1.4 million patients (lien direct) | The Texas Tech University Health Sciences Center and its El Paso counterpart suffered a cyberattack that disrupted computer systems and applications, potentially exposing the data of 1.4 million patients. [...]
The Texas Tech University Health Sciences Center and its El Paso counterpart suffered a cyberattack that disrupted computer systems and applications, potentially exposing the data of 1.4 million patients. [...] |
Data Breach | ★★ | |
|
2024-12-16 15:30:00 | Deloitte Alerts Rhode Island to Significant Data Breach in RIBridges System (lien direct) | Rhode Island\'s RIBridges system has suffered a major data breach, potentially exposing personal information, with Deloitte confirming the presence of malicious software
Rhode Island\'s RIBridges system has suffered a major data breach, potentially exposing personal information, with Deloitte confirming the presence of malicious software |
Data Breach | Deloitte | ★★ |
|
2024-12-16 11:51:49 | Rhode Island confirms data breach after Brain Cipher ransomware attack (lien direct) | Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents\' personal information after the Brain Cipher ransomware gang hacked its systems. [...]
Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents\' personal information after the Brain Cipher ransomware gang hacked its systems. [...] |
Ransomware Data Breach | Deloitte | ★★ |
|
2024-12-12 18:15:05 | Screen Actors Guild Health Plan sued after September data breach exposes healthcare info (lien direct) | SAG-AFTRA Health Plan said investigators traced the breach back to a phishing email that compromised the account. Law enforcement has been notified and the investigation is ongoing.
SAG-AFTRA Health Plan said investigators traced the breach back to a phishing email that compromised the account. Law enforcement has been notified and the investigation is ongoing. |
Data Breach Legislation Medical | ★★★ | |
|
2024-12-12 11:02:37 | Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed (lien direct) | US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. [...]
US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. [...] |
Data Breach Vulnerability | ★★★ | |
|
2024-12-11 06:52:07 | Massive Data Breach Hits Senior Dating Website, Exposing Over 765,000 Users (lien direct) | The 40+ dating platform Senior Dating has been the victim of a data breach, compromising the personal information of 765,517 users. The breach, linked to an exposed Firebase database, has raised serious concerns about protecting sensitive data in online matchmaking services. The information exposed includes personal details such as email addresses, profile photos, genders, dates [...]
The 40+ dating platform Senior Dating has been the victim of a data breach, compromising the personal information of 765,517 users. The breach, linked to an exposed Firebase database, has raised serious concerns about protecting sensitive data in online matchmaking services. The information exposed includes personal details such as email addresses, profile photos, genders, dates [...] |
Data Breach | ★★ | |
|
2024-12-10 16:30:00 | Hackers Exploit AWS Misconfigurations in Massive Data Breach (lien direct) | Hackers exploited AWS misconfigurations, leaking 2TB of sensitive data, including customer information, credentials and proprietary source code
Hackers exploited AWS misconfigurations, leaking 2TB of sensitive data, including customer information, credentials and proprietary source code |
Data Breach Threat | ★★★ | |
|
2024-12-09 11:10:00 | Anna Jacques Hospital Ransomware Breach Hits 316K Patients (lien direct) | Massachusetts\' Anna Jacques Hospital notifies over 316,000 patients of a data breach a year ago
Massachusetts\' Anna Jacques Hospital notifies over 316,000 patients of a data breach a year ago |
Ransomware Data Breach | ★★ | |
 |
2024-12-06 11:58:33 | Nozomi detects security vulnerabilities in Wago PLC; firmware updated to prevent privilege escalation (lien direct) | Nozomi Networks Labs identified several security vulnerabilities in the Wago PLC 750-8216/025-001, a programmable logic controller used in...
Nozomi Networks Labs identified several security vulnerabilities in the Wago PLC 750-8216/025-001, a programmable logic controller used in... |
Data Breach Vulnerability Industrial | ★★★★ | |
|
2024-12-05 19:55:47 | Major USAID contractor Chemonics says 263,000 affected by 2023 data breach (lien direct) | Chemonics, which has more than $1 billion in federal government contracts, announced it had discovered a data breach that stretched from mid-2023 into early 2024.
Chemonics, which has more than $1 billion in federal government contracts, announced it had discovered a data breach that stretched from mid-2023 into early 2024. |
Data Breach | ★★ | |
|
2024-12-05 12:49:54 | Cybersecurity Stop of the Month: \\'Tis the Season To Click Carefully-How Proofpoint Stopped a Dropbox Phishing Scam (lien direct) | The Cybersecurity Stop of the Month blog series explores the ever-evolving tactics of today\'s cybercriminals and how Proofpoint helps organizations better fortify their email defenses to protect people against today\'s emerging threats. Phishing attacks surged significantly in 2024, increasing nearly 60% year-over-year. Experts have noted that not only are these attacks growing in volume but they\'re also becoming more sophisticated. Shifts in the threat landscape-driven by advances in generative AI and evolving social engineering tactics-are enabling cybercriminals to conduct more personalized, sophisticated attacks that are increasingly difficult to detect. Globally, an average of 4 billion phishing emails are sent per day. The increased success of these attacks has contributed to a high financial toll. By the end of the year, projected global costs could potentially reach $250 billion. Sectors like finance and insurance have been hit the hardest-experiencing over 27% of all phishing attacks-while technology, healthcare and education are also major targets. Today, we\'ll explore one type of phishing attack that is particularly hard to identify, which is called Dropbox phishing. Background During the past few years, Dropbox phishing scams have grown more sophisticated. Here here\'s how they typically work: Steps in a Dropbox phishing scam. Phishing attacks that use legitimate Dropbox infrastructure are hard to identify for several reasons, including: Abuse of a legitimate service. A bad actor uploads a compromised document-like a PDF with an embedded malicious URL-and sends it directly through Dropbox. Because the threat is sent through a legitimate service, it can effectively bypass an organization\'s email security defenses. Email pretexting. A malicious phishing email that initiates the attack can be very convincing. Bad actors often include realistic pretexts, such as “You\'ve been invited to view a file” or “A file was shared with you,” which closely mirror legitimate Dropbox notifications. Trust in the brand. Dropbox is widely trusted and frequently used for file sharing. If users regularly log into Dropbox to access shared files, they are less likely to scrutinize the login prompt, especially if they\'re accustomed to receiving Dropbox file-sharing invitations. This type of attack is very stealthy and highly undetectable. Bad actors can launch and share any type of attack via Dropbox, including ransomware and malware. The scenario In this recent attack, a bad actor used legitimate Dropbox infrastructure to send a recipient a link to a malicious document that only they could access. The target organization was a New England-based non-profit, which owns and operates upwards of 12,000 homes and 102 properties across 11 states. The organization\'s incumbent email security was Microsoft 365 E3 plus an add-on API-based tool. Unfortunately, neither tool detected, blocked or remediated this advanced phishing attack, which left the organization vulnerable to a potential cyberattack or data breach. The threat: How did the attack happen? Here is a closer look at how the attack unfolded: 1. Legitimate Dropbox message. A bad actor targeted employees with a shared PDF file , which could only be accessed by the recipients. The login message was genuine and was sent by the real Dropbox service. Legitimate Dropbox message received by the user. 2. Legitimate Dropbox login. To view the shared PDF file, employees needed to click on the “View in Dropbox” button. If they would have clicked on the link, they would have been prompted to login and authenticate into the Dropbox service. Both the login screen and authentication messages were valid as they sent from the real Dropbox service. Legitimate Dropbox login page for accessing the shared file. 3. Dropbox phishing page. Once authenticated, users would open | Ransomware Data Breach Malware Tool Threat Medical Cloud | ★★ | |
 |
2024-12-03 02:57:16 | Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online (lien direct) | Yet another result of the MOVEit mess Hundreds of thousands of employees from major corporations including Xerox, Nokia, Koch, Bank of America, Morgan Stanley and others appear to be the latest victims in a massive data breach linked to last year\'s attacks on file transfer tool MOVEit.…
Yet another result of the MOVEit mess Hundreds of thousands of employees from major corporations including Xerox, Nokia, Koch, Bank of America, Morgan Stanley and others appear to be the latest victims in a massive data breach linked to last year\'s attacks on file transfer tool MOVEit.… |
Data Breach Tool | ★★ | |
|
2024-11-29 12:19:47 | Bologna FC confirms data breach after RansomHub ransomware attack (lien direct) | Bologna Football Club 1909 has confirmed it suffered a ransomware attack after its stolen data was leaked online by the RansomHub extortion group. [...]
Bologna Football Club 1909 has confirmed it suffered a ransomware attack after its stolen data was leaked online by the RansomHub extortion group. [...] |
Ransomware Data Breach | ★★ | |
|
2024-11-26 18:02:16 | Canadian privacy regulators publish details of medical testing company\\'s data breach (lien direct) | A 2020 report detailing the hack of a Canadian medical testing company was released Monday after a court ruled it could be made public, ending a four-year battle during which the company sought to keep the details of the investigation secret.
A 2020 report detailing the hack of a Canadian medical testing company was released Monday after a court ruled it could be made public, ending a four-year battle during which the company sought to keep the details of the investigation secret. |
Data Breach Hack Medical | ★★ | |
 |
2024-11-26 14:37:00 | What Are Computer Worms? (lien direct) | In today\'s interconnected digital world, businesses are constantly under threat from cybercriminals seeking to exploit vulnerabilities in systems, networks, and devices. One of the most persistent and silent threats that organizations face is computer worms. These malicious programs can spread across networks, infecting systems autonomously and wreaking havoc before a user even realizes something is wrong. Computer worms are a type of malware designed to replicate themselves and spread autonomously across networks and computer systems. Unlike traditional viruses that require user action to propagate, computer worms can self-replicate without needing to attach to a host file or program. This unique capability makes them especially dangerous, as they can spread rapidly and infect numerous devices before users are even aware of their presence. The impact of computer worms can range from reduced system performance to the complete loss of critical data. High-profile attacks, such as those by the infamous Code Red and WannaCry worms, have highlighted how severe and disruptive these threats can be. Despite the growing awareness of cybersecurity threats like viruses, ransomware, and phishing attacks, computer worms remain one of the most harmful types of malware. They can silently infiltrate your network, consume bandwidth, corrupt or steal data, and even open the door to additional attacks. Understanding what computer worms are, how they work, and how to defend against them is crucial for any business, large or small. In this article, we will explore the nature of computer worms, their risks and potential damage, and how to protect your organization against them. Let’s dive in! Computer Worm Definition At its core, a computer worm is a type of self-replicating malware that spreads across networks or systems without anyone doing anything. Unlike traditional viruses that require users to open infected files or click on malicious links, worms can propagate autonomously once they find an entry point into a system. Their primary purpose is to replicate themselves, often at an alarming rate, and spread from one computer to another, often exploiting vulnerabilities in network protocols, software, or operating systems. A worm virus is often distinguished by its ability to move freely across networks, infecting computers and servers, consuming resources, and in many cases, causing significant damage in the process. The worst part? Worms often don’t need a host file or a user action to activate; they spread automatically, which makes them far more dangerous and difficult to contain than traditional malware. To better understand what makes worms unique, let\'s define them more clearly: A computer worm is a standalone malicious program that can replicate and propagate across computer systems and networks. Unlike traditional viruses, worms do not attach themselves to files or require users to run them. They spread through network connections, exploiting vulnerabilities in software and hardware. Worms often carry out harmful actions such as data theft, system corruption, or creating backdoors for other types of malware like ransomware or Trojan horses. The main difference between worms and other malware (like viruses or spyware) is that worms focus specifically on self-replication and spreading across networks, whereas viruses typically need to attach themselves to an existing file or program. While all worms share common traits, there are various types based on how they spread or the methods they use to exploit systems: Email Worms: These worms spread through email systems, often by sending malicious attachments or links to everyone in a user’s contact list. The ILOVEYOU worm, one of the most infamous examples, spread via email attachments and wreaked havoc on millions of systems. Network Worms: These worms target security vulnerabilities in network protocols, services, | Ransomware Data Breach Spam Malware Tool Vulnerability Threat Patching Mobile Industrial Medical Technical | Wannacry | ★★ |
|
2024-11-25 17:45:00 | New York Secures $11.3m from Insurance Firms in Data Breach Settlement (lien direct) | New York State has agreed a $11.3m settlement from two insurance firms following the breach of the personal data of over 120,000 drivers in the state
New York State has agreed a $11.3m settlement from two insurance firms following the breach of the personal data of over 120,000 drivers in the state |
Data Breach | ★★ | |
|
2024-11-21 10:05:26 | 750,000 Patients\\' Medical Records Exposed After Data Breach at French Hospital (lien direct) | When we think about our data being leaked onto the internet, we often picture it as our financial records, our passwords, our names and addresses... what is less often considered is the exposure of our private medical information. A French hospital has found itself in the unenviable position of learning that hackers have gained access to the medical records of over 750,000 patients following a cyber attack. A hacker calling themselves "nears" claims to have compromised the systems of multiple healthcare facilities across the country, claiming to have gained access to the records of over 1.5...
When we think about our data being leaked onto the internet, we often picture it as our financial records, our passwords, our names and addresses... what is less often considered is the exposure of our private medical information. A French hospital has found itself in the unenviable position of learning that hackers have gained access to the medical records of over 750,000 patients following a cyber attack. A hacker calling themselves "nears" claims to have compromised the systems of multiple healthcare facilities across the country, claiming to have gained access to the records of over 1.5... |
Data Breach Medical | ★★★ | |
|
2024-11-20 21:20:19 | Cyberattack at French hospital exposes health data of 750,000 patients (lien direct) | A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. [...]
A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. [...] |
Data Breach Threat Medical | ★★ | |
|
2024-11-20 15:56:59 | Fintech giant Finastra investigates data breach after SFTP hack (lien direct) | Finastra has confirmed it warned customers of a cybersecurity incident after a threat actor began selling allegedly stolen data on a hacking forum. [...]
Finastra has confirmed it warned customers of a cybersecurity incident after a threat actor began selling allegedly stolen data on a hacking forum. [...] |
Data Breach Hack Threat | ★★ |
To see everything:
Our RSS (filtrered)
