Tag: data-breach
-
Food giant WK Kellogg discloses data breach linked to Clop ransomware
US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/food-giant-wk-kellogg-discloses-data-breach-linked-to-clop-ransomware/
-
The Fastest Way to Secure Your APIs? We’ve Got That Covered with CrowdStrike
Tags: api, attack, cloud, crowdstrike, data, data-breach, endpoint, firewall, governance, identity, intelligence, risk, security-incident, siem, threat, tool, vulnerabilityAPIs are the backbone of modern apps, but they also introduce some serious security risks. Attackers are constantly on the lookout for vulnerable APIs, shadow APIs, zombie APIs, and exposed sensitive data”, all of which are tough to track if you don’t have the right tools in place. That’s why we’ve teamed up with CrowdStrike…
-
Security Theater: Vanity Metrics Keep You Busy – and Exposed
After more than 25 years of mitigating risks, ensuring compliance, and building robust security programs for Fortune 500 companies, I’ve learned that looking busy isn’t the same as being secure. It’s an easy trap for busy cybersecurity leaders to fall into. We rely on metrics that tell a story of the tremendous efforts we’re expending…
-
DeepSeek Breach Yet Again Sheds Light on Dangers of AI
AI isn’t waiting for security teams to catch up. It’s running full steam ahead, without any regard for what may stand in its way. The recent security debacle surrounding DeepSeek, where Wiz researchers uncovered extensive vulnerabilities, including exposed databases, weak encryption and susceptibility to AI-model jailbreaking, serves as a stark warning for organizations.. First seen…
-
Datenleck: Kundendaten und Quellcode von Europcar abgeflossen
Ein Hacker hat wohl erfolgreich Gitlab-Repos von Europcar kompromittiert und dadurch Kundendaten und andere vertrauliche Informationen erbeutet. First seen on golem.de Jump to article: www.golem.de/news/datenleck-kundendaten-und-quellcode-von-europcar-abgeflossen-2504-195077.html
-
Oracle privately notifies Cloud data breach to customers
Oracle confirms a cloud data breach, quietly informing customers while downplaying the impact of the security breach. Oracle confirms a data breach and started informing customers while downplaying the impact of the incident. A threat actor using the moniker ‘rose87168’ claimed to possess millions of data lines tied to over 140,000 Oracle Cloud tenants, including…
-
Hacker Claims Twilio’s SendGrid Data Breach, Selling 848,000 Records (UPDATED)
This article has been updated with a statement from a Twilio spokesperson in response to Hackread.com’s request. A statement from the hacker has also been added claiming that the data is authentic. First seen on hackread.com Jump to article: hackread.com/hacker-twilio-sendgrid-data-breach-customer-data/
-
Security Affairs newsletter Round 518 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A flaw in Verizon’s iOS Call Filter app exposed call records of millions Port of Seattle ‘s August…
-
Datenleck bei LensDeal 100.000 Nutzerdaten abgeflossen
Beim niederländischen Unternehmen LensDeal hat es mutmaßlich einen Datenschutzvorfall gegeben. Dabei sind 100.000 persönliche Daten, mutmaßlich bei einem Cyberangriff auf deren IT-Systeme, von Kunden abgeflossen. Die bisher nicht verifizierten Datensätze, die in einem Untergrundforum angeboten werden, stammen aus den vergangenen … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/05/datenleck-bei-lensdeal-100-000-nutzerdaten-abgeflossen/
-
Massive trove of underage deepfakes leaked by misconfigured GenNomis database
First seen on scworld.com Jump to article: www.scworld.com/brief/massive-trove-of-underage-deepfakes-leaked-by-misconfigured-gennomis-database
-
Exposed SpotBugs token caused GitHub supply chain intrusion, report finds
First seen on scworld.com Jump to article: www.scworld.com/brief/exposed-spotbugs-token-caused-github-supply-chain-intrusion-report-finds
-
A flaw in Verizon’s iOS Call Filter app exposed call records of millions
A now-patched flaw in Verizon ‘s iOS Call Filter app exposed call records of millions. No abuse found. Only phone numbers and timestamps were at risk. A now-patched vulnerability in Verizon ‘s iOS Call Filter app could have been exploited to harvest the call records of millions of Americans. Verizon’s Call Filter app allows users…
-
Port of Seattle ‘s August data breach impacted 90,000 people
Port of Seattle is notifying 90,000 people of a data breach after personal data was stolen in a ransomware attack in August 2024. In August 2024, a cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport. The attack impacted websites and phone systems. According to The Seattle Times, the cyber…
-
CyberParadoxon: Konform bis zum Datenschutzvorfall
Wenn Unternehmen regulatorische Verpflichtungen konsequent einhalten, warum kommt es dann noch derart häufig zu Datenschutzvorfällen? Diese berechtigte Frage offenbart ein Paradoxon im Kern all dessen, was wir in der Cybersicherheit tun. Man kann den Eindruck gewinnen, dass je stärker wir regulieren, je höher die Compliance-Anforderungen steigen, je umfassender die entsprechenden Regelwerke werden und je mehr……
-
Port of Seattle says ransomware breach impacts 90,000 people
Port of Seattle, the U.S. government agency overseeing Seattle’s seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/port-of-seattle-says-ransomware-breach-impacts-90-000-people/
-
Malicious PyPI Package Targets E-commerce Sites with Automated Carding Script
Cybersecurity researchers from Socket have exposed a malicious Python package on PyPI, named disgrasya, designed to automate credit card fraud on WooCommerce-based e-commerce sites. Unlike conventional supply chain attacks that rely on deception or typosquatting, disgrasya was overtly malicious, leveraging PyPI as a distribution platform to reach a broad audience of fraudsters. The package specifically…
-
Call Records of Millions Exposed by Verizon App Vulnerability
A patch has been released for a serious information disclosure vulnerability affecting a Verizon call filtering application. The post Call Records of Millions Exposed by Verizon App Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/call-records-of-millions-exposed-by-verizon-app-vulnerability/
-
Oracle Confirms The Data Breach- Starts Initiating Client Notifications
Oracle Corporation has confirmed a data breach involving its older Gen 1 servers, marking its second cybersecurity incident disclosed in recent weeks. This breach underscores vulnerabilities in legacy systems and raises concerns about the company’s ability to safeguard sensitive client data. Details of the Breach According to a Cyber Security News report, the breach was…
-
Design, implement, and deploy application protection policies with Cursor Agent – Impart Security
Tags: ai, application-security, breach, business, compliance, data, data-breach, detection, gartner, risk, risk-management, tool, wafIntroducing Impart + Cursor: Truly Autonomous Application Protection Runtime Security Without the Babysitting Security teams can now define application protection policies declaratively in Impart, with Cursor’s agent executing them safely and autonomously, eliminating the need for tedious clickops. Why This Matters Application protection has traditionally been a necessary burden. Security engineers find themselves trapped in…
-
Oracle Reports Data Breach, Initiates Client Notifications
Oracle Corporation has confirmed a data breach involving its older Gen 1 servers, marking its second cybersecurity incident disclosed in recent weeks. This breach underscores vulnerabilities in legacy systems and raises concerns about the company’s ability to safeguard sensitive client data. Details of the Breach According to a Cyber Security News report, the breach was…
-
Nach Cyberangriff: Oracle gesteht Abfluss von Kundendaten nur inoffiziell
Oracle verhält sich zu einem Datenleck ungewöhnlich schweigsam. Immerhin sollen erste betroffene Kunden nun informiert worden sein. First seen on golem.de Jump to article: www.golem.de/news/nach-cyberangriff-oracle-gesteht-datenleck-nur-inoffiziell-2504-195022.html
-
Royal Mail untersucht Datenleck
Der britische Postdienst Royal Mail untersucht Hinweise auf ein Datenleck. Hintergrund könnte der gleiche wie bei dem Fall von Samsung Deutschland sein.Rund zwei Jahre nach der massiven Ransomware-Attacke auf Royal Mail kursieren aktuell Hinweise auf einen neuen Cybervorfall. Am 31. März behauptete ein Hacker namens ‘GHNA” in einem Darknet-Forum, dass er 144 Gigabyte Daten bei…
-
Oracle Confirms Cloud Hack
Oracle has confirmed suffering a data breach but the tech giant is apparently trying to downplay the impact of the incident. The post Oracle Confirms Cloud Hack appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/oracle-confirms-cloud-hack/
-
Nach Cyberangriff: Oracle gesteht Datenleck nur inoffiziell
Oracle verhält sich zu einem Datenleck ungewöhnlich schweigsam. Immerhin sollen erste betroffene Kunden inzwischen informiert worden sein. First seen on golem.de Jump to article: www.golem.de/news/nach-cyberangriff-oracle-gesteht-datenleck-nur-inoffiziell-2504-195022.html
-
AI programming copilots are worsening code security and leaking more secrets
Tags: access, ai, api, application-security, attack, authentication, best-practice, breach, ceo, ciso, container, control, credentials, cybersecurity, data, data-breach, github, government, incident response, injection, least-privilege, LLM, monitoring, open-source, openai, password, programming, risk, skills, software, strategy, tool, training, vulnerabilityOverlooked security controls: Ellen Benaim, CISO at enterprise content mangement firm Templafy, said AI coding assistants often fail to adhere to the robust secret management practices typically observed in traditional systems.”For example, they may insert sensitive information in plain text within source code or configuration files,” Benaim said. “Furthermore, because large portions of code are…
-
39M secrets exposed: GitHub rolls out new security tools
39 Million Secrets Leaked on GitHub in 2024 GitHub found 39M secrets leaked in 2024 and launched new tools to help developers and organizations secure sensitive data in code. Microsoft-owned code hosting platform GitHub announced the discovery of 39 million secrets leaked in 2024. The exposure of this sensitive information poses a serious risk to…
-
Unbefugter Zugriff bei einer Rechtsanwaltskammer in Texas, USA
Texas State Bar warns of data breach after INC ransomware claims attack First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/texas-state-bar-warns-of-data-breach-after-inc-ransomware-claims-attack/