Tag: data-breach
-
CloudSEK Disputes Oracle Over Data Breach Denial with New Evidence
Oracle is caught up in a cybersecurity mess right now, with claims about a massive data breach affecting… First seen on hackread.com Jump to article: hackread.com/cloudsek-disputes-oracle-data-breach-denial-evidence/
-
Wheelchair Firm Ramps Up Notices to 500,000 for Email Hack
Large Health Data Breach Started With Phishing Lure in Employees’ Email. Tennessee-based Numotion, one of the largest U.S. providers of wheelchairs and other health-related mobility products is notifying nearly 500,000 people of a 2024 email hacking incident that potentially compromised their personal and health-related information. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/wheelchair-firm-ramps-up-notices-to-500000-for-email-hack-a-27814
-
Widespread Keenetic Router Data Breach Uncovered
First seen on scworld.com Jump to article: www.scworld.com/brief/widespread-keenetic-router-data-breach-uncovered
-
Oracle Cloud Data Breach Claims Repudiated
First seen on scworld.com Jump to article: www.scworld.com/brief/oracle-cloud-data-breach-claims-repudiated
-
Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked
Oracle Cloud breach exposed 6M records from 140k+ tenants. Learn how attackers exploited vulnerabilities and steps organizations must take to secure data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/trends/oracle-cloud-breach-6m-records-140k-tenants-risk/
-
Hackers steal sensitive data from Pennsylvania county during ransomware attack
The government of Union County in central Pennsylvania said a recent ransomware attack exposed information related to law enforcement and other government business. First seen on therecord.media Jump to article: therecord.media/union-county-pennsylvania-ransomware-attack
-
Four Members of Hacker Group Behind 90 Worldwide Data Breaches Exposed
A recent investigation by Group-IB has shed light on a notorious cybercriminal operating under multiple aliases, including ALTDOS, DESORDEN, GHOSTR, and 0mid16B. This individual was responsible for over 90 data breaches globally, primarily targeting companies in Asia and other regions. The threat actor’s modus operandi involved compromising internet-facing Windows servers, exfiltrating sensitive data, and extorting…
-
NTT Communications bestätigt potentielles Datenleck im Feb. 2025
Ein Blog-Leser hatte mich vor einigen Tagen auf eine Mitteilung von NTT Communications hingewiesen, in der Anfang März 2025 ein potentielles Informationsleck eingestanden wird. Es ist nicht das erste Mal, wo das Unternehmen so etwas bestätigt. Hier einige Informationen zu … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/24/ntt-communications-bestaetigt-potentielles-datenleck-im-feb-2025/
-
WordPress Plugin Vulnerability Opens Door to SQL Injection Exploits
A critical vulnerability in the popular WordPress plugin GamiPress has been uncovered, leaving users exposed to unauthenticated SQL injection attacks. The issue, assigned the identifier CVE-2024-13496, carries a high CVSS 3.1 score of 7.5, indicating significant potential for exploitation. CVE-2024-13496 was discovered during a security assessment of GamiPress version 7.2.1. The vulnerability affects all versions…
-
California AG Reminds 23andMe Customers of Data Deletion Rights Amid Bankruptcy Filing
Two years after a data breach that compromised almost seven million customers, 23andMe’s CEO has resigned as the company files for bankruptcy First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/california-23andme-data-rights/
-
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories’ CI/CD Secrets Exposed
The supply chain attack involving the GitHub Action “tj-actions/changed-files” started as a highly-targeted attack against one of Coinbase’s open-source projects, before evolving into something more widespread in scope.”The payload was focused on exploiting the public CI/CD flow of one of their open source projects agentkit, probably with the purpose of leveraging it for further compromises,”…
-
Data breach refuted by Baidu after user info leak
First seen on scworld.com Jump to article: www.scworld.com/brief/data-breach-refuted-by-baidu-after-user-info-leak
-
Software Firm Notifying Patients, Practices of Data Exposure
Researcher Found Unsecured Database Server Containing 1,864 GB of OrthoMinds’ Data. An orthodontic practice software vendor is notifying an undisclosed number of patients that their data was exposed to the internet for 10 days last November. The security researcher who discovered the data leak said the incident appears to have lasted longer and affected more…
-
Over 150 US Government Database Servers Vulnerable to Internet Exposure
A recent open-source investigation has uncovered one of the largest exposures of US government data to cyber threats. More than 150 government database servers are currently exposed to the internet, leaving sensitive personal and national security information at an unprecedented risk of cyberattacks. The Scope of the Problem The investigation, conducted using data from Shodan,…
-
UAT-5918 Hackers Exploit N-Day Vulnerabilities in Exposed Web and Application Servers
Tags: access, credentials, cyber, cybersecurity, data-breach, exploit, group, hacker, healthcare, infrastructure, theft, threat, vulnerabilityA recent cybersecurity threat, identified as UAT-5918, has been actively targeting entities in Taiwan, particularly those in critical infrastructure sectors such as telecommunications, healthcare, and information technology. This advanced persistent threat (APT) group is believed to be motivated by establishing long-term access for information theft and credential harvesting. UAT-5918 gains initial access by exploiting known…
-
Infosys to Pay $17.5M in Settlement for 2023 Data Breach
Infosys, a leading IT services company, has announced that it has reached an agreement in principle to settle a series of class action lawsuits related to a data breach incident involving its subsidiary, Infosys McCamish Systems LLC. The proposed settlement involves a payment of $17.5 million to resolve all allegations without admitting liability. Background of…
-
Datenschutzvorfall bei Mensa International (März 2025)
Kurze Information für Angehörige von Unis und Hochschulen. Mir ist gerade die Information zugegangen, dass Mensa International mit Sitz in Großbritannien im März 2025 einen Datenschutzvorfall hatte. Betroffene auch in Deutschland werden wohl per E-Mail informiert. Es ist nicht … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/21/datenschutzvorfall-bei-mensa-international-maerz-2025/
-
Pennsylvania State Education Association data breach impacts 500,000 individuals
A data breach at the Pennsylvania State Education Association exposed the personal information of over 500,000 individuals. The Pennsylvania State Education Association (PSEA) suffered a data breach that impacted 517,487 individuals. PSEA is a labor union representing teachers, education support professionals, and other school employees in Pennsylvania. It advocates for public education, negotiates contracts, and…
-
Nearly 2M hit by SpyX data breach
First seen on scworld.com Jump to article: www.scworld.com/brief/nearly-2m-hit-by-spyx-data-breach
-
Infosys Pay $17.5M to Settle Data Breach Lawsuits
First seen on scworld.com Jump to article: www.scworld.com/brief/infosys-pay-17-5m-to-settle-data-breach-lawsuits
-
Breach Roundup: A WhatsApp Flaw Ushered in Spyware
Also: France Temporarily Lifts Pavel Durov’s Travel Ban Amid Telegram Probe. This week, Paragon Solutions spread through WhatsApp, France suspended Pavel Durov’s travel ban, Vapor malware hit 60M Android users, state-backed hackers exploit a Windows flaw, Western Alliance Bank exposed customers data, Apple fixed a passwords bug, and a sperm bank exposed customer information. First…
-
Israeli Spyware Graphite Targeted WhatsApp with 0-Click Exploit
Citizen Lab’s investigation reveals sophisticated spyware attacks exploiting WhatsApp vulnerabilities, implicating Paragon Solutions. Learn how their research exposed these threats and the implications for digital privacy. First seen on hackread.com Jump to article: hackread.com/israeli-spyware-graphite-hit-whatsapp-0-click-exploit/
-
GitHub Action supply chain attack exposed secrets in 218 repos
The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the supply chain attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-action-supply-chain-attack-exposed-secrets-in-218-repos/
-
500,000 Impacted by Pennsylvania Teachers Union Data Breach
Pennsylvania State Education Association says the personal information of over 500,000 individuals was stolen in a data breach. The post 500,000 Impacted by Pennsylvania Teachers Union Data Breach appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/500000-impacted-by-pennsylvania-teachers-union-data-breach/
-
SpyX Data Breach Exposes Personal Information of Nearly 2 Million Users
SpyX, a company known for developing spyware, has experienced a data breach that compromised the personal information of nearly 2 million users. As per a report posted by Have I been Pwned, the breach, which occurred on June 24, 2024, exposed a wide array of sensitive data, including email addresses, IP addresses, device information, geographic…
-
70% of leaked secrets remain active two years later
Long-lived plaintext credentials have been involved in most breaches over the last several years, according to GitGuardian. When valid credentials, such as API keys, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/20/leaked-secrets-threats-in-cybersecurity/
-
Data breach at stalkerware SpyX affects close to 2 million, including thousands of Apple users
Another consumer-grade spyware operation was hacked in June 2024, which exposed thousands of Apple Account credentials. First seen on techcrunch.com Jump to article: techcrunch.com/2025/03/19/data-breach-at-stalkerware-spyx-affects-close-to-2-million-including-thousands-of-apple-users/
-
Pennsylvania education union data breach hit 500,000 people
The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pennsylvania-education-union-data-breach-hit-500-000-people/
-
Critical vulnerability in AMI MegaRAC BMC allows server’ takeover
Tags: access, advisory, api, apt, attack, authentication, control, credentials, cve, cyberespionage, cybersecurity, data, data-breach, endpoint, exploit, firewall, firmware, flaw, group, infrastructure, Internet, linux, malicious, malware, network, ransomware, supply-chain, technology, training, update, vulnerabilityth vulnerability that Eclypsium researchers found in MegaRAC, the BMC firmware implementation from UEFI/BIOS vendor American Megatrends (AMI). BMCs are microcontrollers present on server motherboards that have their own firmware, dedicated memory, power, and network ports and are used for out-of-band management of servers when their main operating systems are shut down.Administrators can access BMCs…