Tag: data-breach
-
PrintSteal: Unmasking a Large-Scale KYC Document Fraud Operation
A recent investigation by CloudSEK has exposed PrintSteal, a vast cybercriminal operation engaged in the fraudulent generation and First seen on securityonline.info Jump to article: securityonline.info/printsteal-unmasking-a-large-scale-kyc-document-fraud-operation/
-
Hacked health firm HCRG demanded journalist ‘take down’ data breach reporting, citing UK court order
DataBreaches.net declined to comply, citing a lack of jurisdiction. First seen on techcrunch.com Jump to article: techcrunch.com/2025/03/06/hacked-health-firm-hcrg-demanded-journalist-take-down-data-breach-reporting-citing-uk-court-order/
-
Why Understanding Your Secrets is the Key to Faster Remediation
Up to 27 days to fix a leaked secret? We feel your pain. Explore how contextual secrets management helps you take control, cut remediation time, and strengthen your security posture. Don’t just detect, understand your secrets. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/why-understanding-your-secrets-is-the-key-to-faster-remediation/
-
Thousands of public school workers impacted by cyberattack on retirement plan administrator
A December 2024 cyberattack on a prominent administrator for retirement plans has exposed the information of thousands of public school teachers and employees across the U.S. First seen on therecord.media Jump to article: therecord.media/thousands-of-public-school-workers-impacted-data-breach
-
PrintSteal Cybercrime Group Mass-Producing Fake Aadhaar PAN Cards
A large-scale cybercrime operation dubbed >>PrintSteal
-
Rite Aid Agrees to $6.8M Data Breach Lawsuit Settlement
Provisional Agreement Tied to Ransomware Attack Affecting 2.2 Million Customers. American pharmacy chain giant Rite Aid reached a $6.8 million agreement to settle a data breach class action lawsuit, which includes a pledge to improve its cybersecurity practices. The breach involved a ransomware group stealing data pertaining to 2.2 million customers. First seen on govinfosecurity.com…
-
Over 37,000 VMware ESXi servers vulnerable to ongoing attacks
Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-37-000-vmware-esxi-servers-vulnerable-to-ongoing-attacks/
-
NHS investigating how API flaw exposed patient data
NHS patient data was left vulnerable by a flaw in an application programming interface used at online healthcare provider Medefer First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366620174/NHS-investigating-how-API-flaw-exposed-patient-data
-
Over 10,000 WordPress Sites Exposed by Donation Plugin Code Execution Vulnerability
A critical security flaw in the widely usedGiveWP Donation Plugin and Fundraising Platformhas left over 10,000 WordPress websites vulnerable to remote code execution attacks since March 3, 2025. Tracked as CVE-2025-0912, the vulnerability allows unauthenticated attackers to hijack sites by exploiting a deserialization flaw in versions 3.19.4 and earlier. Vulnerability Overview The vulnerability stems from […]…
-
Microsoft pushes a lot of products on users, but here’s one cybersecurity can embrace
Tags: access, attack, authentication, best-practice, business, cisa, cloud, cybersecurity, data-breach, defense, governance, government, identity, mfa, microsoft, monitoring, password, phishing, service, siemEntra monitors for suspicious activity: Entra monitors for activities that are more than likely being carried out by attackers. So, for example, the following actions are monitored:Users with leaked credentials.Sign-ins from anonymous IP addresses.Impossible travel to atypical locations.Sign-ins from infected devices.Sign-ins from IP addresses with suspicious activity.Sign-ins from unfamiliar locations.You can set a threshold for…
-
Over 820K airport lost and found records leaked by unsecured databases
Tags: data-breachFirst seen on scworld.com Jump to article: www.scworld.com/brief/over-820k-airport-lost-and-found-records-leaked-by-unsecured-databases
-
49,000+ Access Management Systems Worldwide Exposed to Major Security Gaps
A recent study conducted by Dutch IT security consultancy Modat has revealed alarming vulnerabilities in over 49,000 access management systems (AMS) worldwide. These systems, designed to control and secure access to buildings and sensitive areas, are reportedly plagued by misconfigurations that leave them exposed to cybercriminals. The findings underscore a global issue affecting industries such…
-
Misconfigured access management systems expose global enterprises to security risks
Tags: access, attack, authentication, control, credentials, cyberattack, cybersecurity, data, data-breach, detection, finance, Internet, monitoring, network, regulation, risk, technology, update, vulnerabilityRegional and industry-wide exposure: The investigation found a disproportionate concentration of exposed AMS in Europe, with Italy emerging as a key hotspot, reporting 16,678 exposed systems. Mexico and Vietnam followed, with 5,940 and 5,035 systems exposed, respectively.The US recorded 1,966 vulnerable systems, while other technologically advanced nations such as Canada and Japan showed comparatively lower…
-
BigAnt Server 0-Day Vulnerability Lets Attackers Run Malicious Code Remotely
A critical vulnerability in BigAntSoft’s enterprise chat server software has exposed ~50 internet-facing systems to unauthenticated remote code execution attacks. Designated CVE-2025-0364, this exploit chain enables attackers to bypass authentication protocols, create administrative accounts, and execute malicious PHP code on vulnerable servers running BigAnt Server v5.6.06 and earlier. CVE-2025-0364: Authentication Bypass to PHP Code Execution The…
-
Privacy Roundup: Week 9 of Year 2025
Tags: access, android, apple, attack, backdoor, breach, browser, cctv, control, cyber, cybersecurity, data, data-breach, encryption, endpoint, exploit, firmware, flaw, government, group, hacker, Internet, jobs, law, leak, malware, office, password, phishing, privacy, regulation, router, scam, service, software, switch, technology, threat, tool, update, vpn, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 23 FEB 2025 – 1 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Rubrik rotates authentication keys after log server breach
Rubrik disclosed last month that one of its servers hosting log files was breached, causing the company to rotate potentially leaked authentication keys. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/rubrik-rotates-authentication-keys-after-log-server-breach/
-
Data breach liability strains cyber execs, says SolarWinds CISO
First seen on scworld.com Jump to article: www.scworld.com/brief/data-breach-liability-strains-cyber-execs-says-solarwinds-ciso
-
Meta fired about 20 employees because they had leaked “confidential information outside the company,” with more firings expected.
Tags: data-breachFirst seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/meta-fired-about-20-employees-because-they-had-leaked-confidential-information-outside-the-company-with-more-firings-expected/
-
3rd March Threat Intelligence Report
Tags: breach, cyberattack, data, data-breach, email, group, hacker, intelligence, ransomware, threatOrange Group has confirmed a cyberattack on its Romanian branch, in which a hacker linked to the HellCat ransomware group stole 6.5GB of data over a month. The breach exposed 380,000 email […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2025/3rd-march-threat-intelligence-report/
-
Top Data Breaches of February 2025
February 2025 saw a series of high-impact data breaches affecting industries ranging from healthcare and finance to cloud services and government agencies. These incidents exposed sensitive data, disrupted operations, and… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/top-data-breaches-of-february-2025/
-
Indian Stock Broker Angel One Discloses Data Breach
Indian stock broker Angel One says client information was compromised in a data breach involving its AWS account. The post Indian Stock Broker Angel One Discloses Data Breach appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/indian-stock-broker-angel-one-discloses-data-breach/
-
Black Basta Leak Offers Glimpse Into Group’s Inner Workings
A massive hoard of internal chats has been leaked from Black Basta, rivalling the Conti leaks of late February 2022. The post Black Basta Leak Offers Glimpse Into Group’s Inner Workings appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/black-basta-leak-offers-glimpse-into-groups-inner-workings/
-
JavaGhost: Exploiting Amazon IAM Permissions for Phishing Attacks
Unit 42 researchers have observed a threat actor group known as JavaGhost exploiting misconfigurations in Amazon Web Services (AWS) environments to conduct sophisticated phishing campaigns. Active for over five years, JavaGhost has pivoted from website defacement to leveraging compromised cloud infrastructure for financial gain. The group’s attacks stem from exposed long-term AWS access keys, which…
-
Toronto Zoo Issues Final Notification on Cyberattack and Data Breach
The Toronto Zoo has disclosed a cyberattack that targeted the Zoo in early January 2024. The zoo has since conducted an extensive analysis to understand the full scope of the breach and notify those affected. After months of work, the Toronto Zoo is now issuing a final notification to individuals whose data was exposed in…
-
Ransomware access playbook: What Black Basta’s leaked logs reveal
Tags: access, breach, credentials, cybercrime, dark-web, data, data-breach, extortion, group, login, malware, password, ransomware, service, software, theft, threat, toolFrom infostealer to ransomware: Infostealers are malware programs designed to scrape login information stored inside browser password stores and other applications. These threats are increasingly being offered as a service on cybercriminal forums, and according to a recent study, their prevalence has increased three-fold over the past year. The information stolen by such tools, known…
-
Is Your Secrets Rotation Getting Better?
Can Your Secrets Rotation Stand the Test of Time? Ask yourself: is your organization’s secrets rotation process as secure and efficient as it can be? Where the average cost of a data breach is $3.86 million according to a study by IBM, having an airtight secrets rotation is essential for business survival and prosperity. Understanding……
-
Cyberangriff auf eine Universität in Jamaika
Cyberattack shuts down NCU systems, students warned of data breach First seen on jamaica-gleaner.com Jump to article: jamaica-gleaner.com/article/news/20250224/cyberattack-shuts-down-ncu-systems-students-warned-data-breach