Tag: data-breach
-
Cisco Rejects Kraken Ransomware’s Data Breach Claims
Cisco denies recent data breach claims by the Kraken ransomware group, stating leaked credentials are from a resolved 2022 incident. Learn more about Cisco’s response and the details of the original attack. First seen on hackread.com Jump to article: hackread.com/cisco-rejects-kraken-ransomware-data-breach-claim/
-
PowerSchool breach exposed special education status, mental health data and parent restraining orders
Sensitive student information including special education status, mental health details, disciplinary notes and parental restraining orders were exposed in the recent hack targeting PowerSchool, highlighting how easily troves of unique personal data can be obtained by hackers. First seen on therecord.media Jump to article: therecord.media/powerschool-breach-exposed-special-ed-status-mental-health-data
-
Apple issues emergency patches to contain an ‘extremely sophisticated attack’ on targeted individuals
Security researcher uncovers the exploit: The vulnerability was discovered by Bill Marczak, a senior researcher at Citizen Lab, a digital rights research group at the University of Toronto’s Munk School.Marczak took to social media to urge users to update their devices immediately, stating: “Update your iPhones”¦ again! iOS 18.3.1 out today with a fix for…
-
Datenleck bei Vorwerk: Hacker stehlen Rezeptwelt-Nutzerdaten
Hacker haben sich Zugriff auf das Forum Rezeptwelt.de von Vorwerk verschafft.Wer die Küchenmaschine Thermomix von Vorwerk besitzt, nutzt auch oft dessen offizielle Plattform Rezeptwelt.de. Hackern ist es nun gelungen, persönliche Daten von Nutzern abzugreifen. ‘Wir haben festgestellt, dass es zu einem unautorisierten Zugriff auf einen nachgeordneten Server eines unserer externen Dienstleister gekommen ist, durch den…
-
12,000+ KerioControl Firewalls Exposed to 1-Click RCE Attack
Tags: attack, cve, cyber, cybersecurity, data-breach, exploit, firewall, flaw, rce, remote-code-execution, vulnerabilityCybersecurity researchers caution that over 12,000 instances of GFI KerioControl firewalls remain unpatched and vulnerable to a critical security flaw (CVE-2024-52875) that could be exploited for remote code execution (RCE) with minimal effort. The Shadowserver Foundation has been tracking this vulnerability and issuing daily reports since February 5, 2025. Critical Vulnerability Overview CVE-2024-52875 is a…
-
Over 12,000 KerioControl firewalls exposed to exploited RCE flaw
Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-12-000-keriocontrol-firewalls-exposed-to-exploited-rce-flaw/
-
HPE is notifying individuals affected by a December 2023 attack
Hewlett Packard Enterprise (HPE) has begun notifying individuals affected by a December 2023 attack carried out by Russia-linked threat actors. Hewlett Packard Enterprise has started notifying individuals whose personal information was exposed in a December 2023 cyber attack. In January 2024, Hewlett Packard Enterprise (HPE) revealed that alleged Russia-linked cyber espionage group Midnight Blizzard gained access to…
-
Privacy Roundup: Week 6 of Year 2025
Tags: access, ai, api, apple, backdoor, breach, browser, cctv, chrome, control, credit-card, cybersecurity, data, data-breach, encryption, exploit, firmware, framework, germany, government, group, leak, malware, monitoring, phishing, privacy, regulation, risk, router, scam, service, software, spy, technology, threat, tool, update, vpn, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 2 FEB 2025 – 8 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Datenleck durch GenAI-Nutzung
Tags: ai, chatgpt, ciso, compliance, data-breach, gartner, LLM, risk, strategy, tool, training, vulnerabilityViele Mitarbeiter teilen sensible Unternehmensdaten, wenn sie generative KI-Apps anwenden.Laut einem aktuellen Bericht über Gen-AI-Datenlecks von Harmonic enthielten 8,5 Prozent der Mitarbeiteranfragen an beliebte LLMs sensible Daten, was zu Sicherheits-, Compliance-, Datenschutz- und rechtlichen Bedenken führte.Der Security-Spezialist hat im vierten Quartal 2024 Zehntausende von Eingabeaufforderungen an ChatGPT, Copilot, Gemini, Claude und Perplexity analysiert. Dabei stellte…
-
Handala Hackers Claim Massive Data Breach on Israeli Police, Leak 350,000 Files
Iranian-linked hackers claim to have breached Israeli police systems, stealing 2.1TB of sensitive data. Police deny the breach. Learn more about the alleged hack and its implications. First seen on hackread.com Jump to article: hackread.com/handala-hackers-israeli-police-breach-data-leak/
-
Georgia Hospital Alerts 120,000 Individuals of Data Breach
Memorial Hospital and Manor, located in Bainbridge, Georgia, has alerted 120,000 individuals that their data was breached following a ransomware attack last November First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/georgia-hospital-120000-data-breach/
-
âš¡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]
In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket”, each one seems minor until it becomes the entry point for an attack.This week, we’ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system…
-
Cisco Data Breach Ransomware Group Allegedly Breached Internal Network
Tags: breach, cisco, credentials, cyber, dark-web, data, data-breach, group, infrastructure, network, password, ransomware, windowsSensitive credentials from Cisco’s internal network and domain infrastructure were reportedly made public due to a significant data breach. According to a Cyber Press Research report, the new Kraken ransomware group has allegedly leaked a dataset on their dark web blog, which appears to be a dump of hashed passwords from a Windows Active Directory…
-
Ransomware attackers turn to workers for data breach access
First seen on scworld.com Jump to article: www.scworld.com/news/ransomware-attackers-turn-to-workers-for-data-breach-access
-
Label maker Avery says ransomware investigation also found credit-card scraper
An investigation into a ransomware attack led label-maker Avery Products to also find malware that was skimming credit card details from transactions on its website, according to a data breach notification by the company. First seen on therecord.media Jump to article: therecord.media/avery-products-ransomware-data-breach-notification
-
3,000 exposed ASP.NET keys could perform code injection attacks
First seen on scworld.com Jump to article: www.scworld.com/news/3000-exposed-asp-net-keys-could-perform-code-injection-attacks
-
Report reveals security failures in PowerSchool data breach
First seen on scworld.com Jump to article: www.scworld.com/brief/report-reveals-security-failures-in-powerschool-data-breach
-
Millions of job applicant records exposed by Foh&Boh
First seen on scworld.com Jump to article: www.scworld.com/brief/millions-of-job-applicant-records-exposed-by-fohboh
-
HPE notifies employees of data breach after Russian Office 365 hack
Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company’s Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hpe-notifies-employees-of-data-breach-after-russian-office-365-hack/
-
ISMG Editors: AI Security Wake-Up Call From DeepSeek
Tags: ai, api, ciso, data, data-breach, governance, leak, open-source, risk, risk-management, vulnerabilityAlso: Addressing AI Vulnerabilities and Governance Challenges. DeepSeek, an advanced open-source AI model, is under scrutiny for its safety guardrails failing multiple security tests and a data leak that exposed user information and API keys. Sam Curry, CISO at Zscaler, discusses AI security, risk management and upcoming U.S. policy changes. First seen on govinfosecurity.com Jump…
-
Microsoft warns 3K exposed ASP.NET machine keys at risk of weaponization
An unknown threat actor recently used an exposed key for code injection cyberattacks.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-warns-3k-exposed-aspnet-machine-keys-at-risk-of-weaponization/739551/
-
US health system notifies 882,000 patients of August 2023 breach
Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-health-system-notifies-882-000-patients-of-august-2023-breach/
-
HPE begins notifying data breach victims after Russian government hack
Hackers with Russian foreign intelligence were blamed for the breach, which also targeted Microsoft. First seen on techcrunch.com Jump to article: techcrunch.com/2025/02/07/hpe-begins-notifying-data-breach-victims-after-russian-government-hack/
-
7,000 Exposed Ollama APIs Leave DeepSeek AI Models Wide Open to Attack
UpGuard discovers exposed Ollama APIs revealing DeepSeek model adoption globally. See where these AI models are running and the security risks involved. First seen on hackread.com Jump to article: hackread.com/exposed-ollama-apis-leave-deepseek-ai-models-attack/
-
Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks
Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers’ pathway.The tech giant’s threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET First seen…
-
Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys
A ViewState code injection attack spotted by Microsoft threat researchers in December 2024 could be easily replicated by other attackers, the company warned. >>In the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/07/iis-servers-compromised-asp-net-machine-keys-viewstate-code-injection/