Tag: data-breach
-
Indian Stock Broker Angel One Discloses Data Breach
Indian stock broker Angel One says client information was compromised in a data breach involving its AWS account. The post Indian Stock Broker Angel One Discloses Data Breach appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/indian-stock-broker-angel-one-discloses-data-breach/
-
Black Basta Leak Offers Glimpse Into Group’s Inner Workings
A massive hoard of internal chats has been leaked from Black Basta, rivalling the Conti leaks of late February 2022. The post Black Basta Leak Offers Glimpse Into Group’s Inner Workings appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/black-basta-leak-offers-glimpse-into-groups-inner-workings/
-
JavaGhost: Exploiting Amazon IAM Permissions for Phishing Attacks
Unit 42 researchers have observed a threat actor group known as JavaGhost exploiting misconfigurations in Amazon Web Services (AWS) environments to conduct sophisticated phishing campaigns. Active for over five years, JavaGhost has pivoted from website defacement to leveraging compromised cloud infrastructure for financial gain. The group’s attacks stem from exposed long-term AWS access keys, which…
-
Toronto Zoo Issues Final Notification on Cyberattack and Data Breach
The Toronto Zoo has disclosed a cyberattack that targeted the Zoo in early January 2024. The zoo has since conducted an extensive analysis to understand the full scope of the breach and notify those affected. After months of work, the Toronto Zoo is now issuing a final notification to individuals whose data was exposed in…
-
Ransomware access playbook: What Black Basta’s leaked logs reveal
Tags: access, breach, credentials, cybercrime, dark-web, data, data-breach, extortion, group, login, malware, password, ransomware, service, software, theft, threat, toolFrom infostealer to ransomware: Infostealers are malware programs designed to scrape login information stored inside browser password stores and other applications. These threats are increasingly being offered as a service on cybercriminal forums, and according to a recent study, their prevalence has increased three-fold over the past year. The information stolen by such tools, known…
-
Is Your Secrets Rotation Getting Better?
Can Your Secrets Rotation Stand the Test of Time? Ask yourself: is your organization’s secrets rotation process as secure and efficient as it can be? Where the average cost of a data breach is $3.86 million according to a study by IBM, having an airtight secrets rotation is essential for business survival and prosperity. Understanding……
-
Cyberangriff auf eine Universität in Jamaika
Cyberattack shuts down NCU systems, students warned of data breach First seen on jamaica-gleaner.com Jump to article: jamaica-gleaner.com/article/news/20250224/cyberattack-shuts-down-ncu-systems-students-warned-data-breach
-
Meta fired 20 employees for leaking information, more firings expected
Meta fired about 20 employees because they had leaked “confidential information outside the company,” with more firings expected. Meta fired about 20 employees for leaking confidential information outside the company, with more firings expected. “We tell employees when they join the company, and we offer periodic reminders, that it is against our policies to leak…
-
Hackers can Crack Into Car Cameras Within Minutes Exploiting Vulnerabilities
Tags: breach, cctv, conference, cyber, cybersecurity, data, data-breach, exploit, hacker, hacking, privacy, technology, vulnerabilityAt the upcoming Black Hat Asia 2025 conference, cybersecurity experts will unveil a groundbreaking vulnerability in modern dashcam technology, exposing how hackers can exploit these devices to breach privacy and steal sensitive data. The session, titled DriveThru Car Hacking: Fast Food, Faster Data Breach, will be held on April 3, 2025, at Marina Bay Sands,…
-
DragonForce Ransomware Group Targets Saudi Arabia with Large-Scale Data Breach
The DragonForce ransomware group has launched a major cyberattack against organizations in Saudi Arabia, marking its first known First seen on securityonline.info Jump to article: securityonline.info/dragonforce-ransomware-group-targets-saudi-arabia-with-large-scale-data-breach/
-
Attackers could hack smart solar systems and cause serious damages
Hackers reveal security flaws in smart solar systems, exposing risks to national power grids as global reliance on solar energy grows. DW investigated the risks of cyber attacks exploiting vulnerabilities in smart solar systems while the demand for solar energy grows. The German news outlet DW interviewed hackers who’ve exposed security flaws in rooftop installations…
-
Leaked Chat Logs Reveal Black Basta’s Dark Night of the Soul
After Disrupting Ascension Health, Black Basta Forecast Reprisals From FBI, Moscow We are pentesters, not murderers, ransomware group Black Basta claimed in its negotiations with victim Ascension Healthcare in May 2024, after its attack led to widespread disruptions and patient safety alerts. Leaked chat logs reveal the group feared resulting reprisals from the FBI and…
-
Employment screening provider data breach affects 3.3M people
The attack is one of several in recent years targeting the employment services industry.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/DISA-data-breach-affects-33m-people/741112/
-
Inside the Minds of Cybercriminals: A Deep Dive into Black Basta’s Leaked Chats”¯
“¯ The leaked internal chat communications of the Black Basta ransomware group offer an unprecedented view into how cybercriminals operate, plan attacks, and evade detection. The Veriti Research team analyzed these chat logs, revealing our favorite exploits, security measures they bypass, and the defenses they fear most. Veriti Research analyzed these chat communications, exposing: “¯ Vulnerabilities……
-
In Other News: Krispy Kreme Breach Cost, Pwn2Own Berlin, Disney Hack Story
Noteworthy stories that might have slipped under the radar: Krispy Kreme data breach costs $11M, Pwn2Own moves to Berlin, the story of the 2024 Disney hack. The post In Other News: Krispy Kreme Breach Cost, Pwn2Own Berlin, Disney Hack Story appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/in-other-news-krispy-kreme-breach-cost-pwn2own-berlin-disney-hack-story/
-
Enthüllungen zur Ransomware Black-Basta zeigen erhebliche Sicherheitslücken
Ein kürzliches Datenleck hat die internen Chat-Protokolle der Ransomware-Gruppe Black-Basta offengelegt und zeigt alarmierende Sicherheitslücken in Unternehmensnetzwerken auf. Die geleakten Informationen bieten seltene Einblicke in die Angriffstaktiken der Gruppe und verdeutlichen gravierende Schwachstellen, die von Cyberkriminellen gezielt ausgenutzt werden. Zielgerichtete Angriffe auf bekannte Schwachstellen und Fehlkonfigurationen Black-Basta nutzt systematisch ungeschützte RDP-Server, schwache Authentifizierungsmechanismen sowie […]…
-
DeepSeek Data Leak Exposes 12,000 Hardcoded API Keys and Passwords
A sweeping analysis of the Common Crawl dataset”, a cornerstone of training data for large language models (LLMs) like DeepSeek”, has uncovered 11,908 live API keys, passwords, and credentials embedded in publicly accessible web pages. The leaked secrets, which authenticate successfully with services ranging from AWS to Slack and Mailchimp, highlight systemic risks in AI…
-
Cyberattack on Australia’s Genea: Stolen Patient Data Hits the Dark Web
The Termite ransomware group has allegedly leaked sensitive patient data following the Genea cyberattack, targeting one of Australia’s leading fertility providers. On February 26, 2025, the Termite ransomware group claimed responsibility for breaching Genea Pty Ltd’s systems. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/genea-cyberattack/
-
5 things to know about ransomware threats in 2025
Tags: access, attack, authentication, awareness, backup, breach, ciso, cloud, control, credentials, cyber, dark-web, data, data-breach, defense, detection, encryption, exploit, extortion, finance, fraud, group, healthcare, identity, incident response, infrastructure, Internet, iot, law, leak, mfa, monitoring, network, password, ransom, ransomware, risk, scam, service, software, sophos, supply-chain, technology, threat, tool, update, vpn, vulnerability, zero-day2. Mid-size organizations are highly vulnerable: Industry data shows mid-size organizations remain highly vulnerable to ransomware attacks. “CISOs need to be aware that ransomware is no longer just targeting large companies, but now even mid-sized organizations are at risk. This awareness is crucial,” says Christiaan Beek, senior director, threat analytics, at Rapid7.Companies with annual revenue…
-
Millions of WordPress Websites Vulnerable to Script Injection Due to Plugin Flaw
A critical security vulnerability in theEssential Addons for Elementorplugin, installed on over 2 million WordPress websites, has exposed sites to script injection attacks via malicious URL parameters. The flaw, tracked as CVE-2025-24752 and scoring 7.1 (High) on the CVSS scale, allowed attackers to execute reflected cross-site scripting (XSS) attacks by exploiting insufficient input sanitization in the plugin’s password reset…
-
2,850+ Ivanti Connect Secure Devices Exposed to Potential Cyberattacks
Tags: cyber, cyberattack, cybersecurity, data-breach, exploit, flaw, government, infrastructure, ivanti, network, risk, vpn, vulnerabilityA sweeping cybersecurity alert has emerged as researchers identify 2,850+ unpatched Ivanti Connect Secure devices worldwide, leaving organizations vulnerable to exploitation through the critical flaw designated CVE-2025-22467. The findings, published by cybersecurity watchdog Shadowserver Foundation, reveal systemic risks to virtual private network (VPN) infrastructures relied upon by enterprises and government agencies for secure remote access. Vulnerability Scope and…
-
US Employee Background Check Firm Hacked, 3 Million Records Exposed
DISA Global Solutions, a Houston-based provider of employee background checks and workplace safety services, disclosed a significant cybersecurity incident exposing the personal information of over3.3 million individuals, including 15,198 Maine residents. The breach occurred on February 9, 2024, but was not detected until April 22, 2024, according to a data breach notification filed with the…
-
Have I Been Pwned adds 284M accounts stolen by infostealer malware
The Have I Been Pwned data breach notification service has added over 284 million accounts stolen by information stealer malware and found on a Telegram channel. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/have-i-been-pwned-adds-284m-accounts-stolen-by-infostealer-malware/
-
Intelligence mined from exposed Black Basta internal chats
First seen on scworld.com Jump to article: www.scworld.com/brief/intelligence-mined-from-exposed-black-basta-internal-chats
-
HHS Slaps Warby Parker With $1.5M Penalty Over Data Breach
First seen on scworld.com Jump to article: www.scworld.com/brief/hhs-slaps-warby-parker-with-1-5m-penalty-over-data-breach
-
House Dems say DOGE is leaving publicly exposed entry points into government systems
A letter from a trio of lawmakers says the group has “left multiple government agencies vulnerable to cyberattacks” from foreign entities. First seen on cyberscoop.com Jump to article: cyberscoop.com/house-dems-say-doge-is-leaving-publicly-exposed-entry-points-into-government-systems/
-
Background check, drug testing provider DISA suffers data breach
DISA Global Solutions, a Texas-based company that provides employment screening services (including drug and alcohol testing and background checks) for over 55,000 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/25/background-check-drug-testing-provider-disa-suffers-data-breach/