Tag: data-breach
-
Privacy Roundup: Week 6 of Year 2025
Tags: access, ai, api, apple, backdoor, breach, browser, cctv, chrome, control, credit-card, cybersecurity, data, data-breach, encryption, exploit, firmware, framework, germany, government, group, leak, malware, monitoring, phishing, privacy, regulation, risk, router, scam, service, software, spy, technology, threat, tool, update, vpn, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 2 FEB 2025 – 8 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Datenleck durch GenAI-Nutzung
Tags: ai, chatgpt, ciso, compliance, data-breach, gartner, LLM, risk, strategy, tool, training, vulnerabilityViele Mitarbeiter teilen sensible Unternehmensdaten, wenn sie generative KI-Apps anwenden.Laut einem aktuellen Bericht über Gen-AI-Datenlecks von Harmonic enthielten 8,5 Prozent der Mitarbeiteranfragen an beliebte LLMs sensible Daten, was zu Sicherheits-, Compliance-, Datenschutz- und rechtlichen Bedenken führte.Der Security-Spezialist hat im vierten Quartal 2024 Zehntausende von Eingabeaufforderungen an ChatGPT, Copilot, Gemini, Claude und Perplexity analysiert. Dabei stellte…
-
Handala Hackers Claim Massive Data Breach on Israeli Police, Leak 350,000 Files
Iranian-linked hackers claim to have breached Israeli police systems, stealing 2.1TB of sensitive data. Police deny the breach. Learn more about the alleged hack and its implications. First seen on hackread.com Jump to article: hackread.com/handala-hackers-israeli-police-breach-data-leak/
-
Georgia Hospital Alerts 120,000 Individuals of Data Breach
Memorial Hospital and Manor, located in Bainbridge, Georgia, has alerted 120,000 individuals that their data was breached following a ransomware attack last November First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/georgia-hospital-120000-data-breach/
-
âš¡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]
In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket”, each one seems minor until it becomes the entry point for an attack.This week, we’ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system…
-
Cisco Data Breach Ransomware Group Allegedly Breached Internal Network
Tags: breach, cisco, credentials, cyber, dark-web, data, data-breach, group, infrastructure, network, password, ransomware, windowsSensitive credentials from Cisco’s internal network and domain infrastructure were reportedly made public due to a significant data breach. According to a Cyber Press Research report, the new Kraken ransomware group has allegedly leaked a dataset on their dark web blog, which appears to be a dump of hashed passwords from a Windows Active Directory…
-
Ransomware attackers turn to workers for data breach access
First seen on scworld.com Jump to article: www.scworld.com/news/ransomware-attackers-turn-to-workers-for-data-breach-access
-
Label maker Avery says ransomware investigation also found credit-card scraper
An investigation into a ransomware attack led label-maker Avery Products to also find malware that was skimming credit card details from transactions on its website, according to a data breach notification by the company. First seen on therecord.media Jump to article: therecord.media/avery-products-ransomware-data-breach-notification
-
3,000 exposed ASP.NET keys could perform code injection attacks
First seen on scworld.com Jump to article: www.scworld.com/news/3000-exposed-asp-net-keys-could-perform-code-injection-attacks
-
Report reveals security failures in PowerSchool data breach
First seen on scworld.com Jump to article: www.scworld.com/brief/report-reveals-security-failures-in-powerschool-data-breach
-
Millions of job applicant records exposed by Foh&Boh
First seen on scworld.com Jump to article: www.scworld.com/brief/millions-of-job-applicant-records-exposed-by-fohboh
-
ISMG Editors: AI Security Wake-Up Call From DeepSeek
Tags: ai, api, ciso, data, data-breach, governance, leak, open-source, risk, risk-management, vulnerabilityAlso: Addressing AI Vulnerabilities and Governance Challenges. DeepSeek, an advanced open-source AI model, is under scrutiny for its safety guardrails failing multiple security tests and a data leak that exposed user information and API keys. Sam Curry, CISO at Zscaler, discusses AI security, risk management and upcoming U.S. policy changes. First seen on govinfosecurity.com Jump…
-
HPE notifies employees of data breach after Russian Office 365 hack
Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company’s Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hpe-notifies-employees-of-data-breach-after-russian-office-365-hack/
-
Microsoft warns 3K exposed ASP.NET machine keys at risk of weaponization
An unknown threat actor recently used an exposed key for code injection cyberattacks.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-warns-3k-exposed-aspnet-machine-keys-at-risk-of-weaponization/739551/
-
US health system notifies 882,000 patients of August 2023 breach
Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-health-system-notifies-882-000-patients-of-august-2023-breach/
-
HPE begins notifying data breach victims after Russian government hack
Hackers with Russian foreign intelligence were blamed for the breach, which also targeted Microsoft. First seen on techcrunch.com Jump to article: techcrunch.com/2025/02/07/hpe-begins-notifying-data-breach-victims-after-russian-government-hack/
-
7,000 Exposed Ollama APIs Leave DeepSeek AI Models Wide Open to Attack
UpGuard discovers exposed Ollama APIs revealing DeepSeek model adoption globally. See where these AI models are running and the security risks involved. First seen on hackread.com Jump to article: hackread.com/exposed-ollama-apis-leave-deepseek-ai-models-attack/
-
Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks
Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers’ pathway.The tech giant’s threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET First seen…
-
Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys
A ViewState code injection attack spotted by Microsoft threat researchers in December 2024 could be easily replicated by other attackers, the company warned. >>In the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/07/iis-servers-compromised-asp-net-machine-keys-viewstate-code-injection/
-
PowerSchool data breach affected 16,000 students in the UK
The edtech giant has begun notifying individuals outside of the US and Canada affected by the breach First seen on techcrunch.com Jump to article: techcrunch.com/2025/02/07/powerschool-data-breach-affected-16000-students-in-the-uk/
-
Eine Million deutsche Nutzer betroffen: Datenleck bei Thermomix
Insgesamt drei Millionen Datensätze bietet ein Unbekannter im Darknet zum Verkauf an. Quelle ist das Rezepteforum des Herstellers. First seen on heise.de Jump to article: www.heise.de/news/Datenleck-bei-Thermomix-Daten-von-1-Million-deutscher-Nutzer-im-Darknet-10273696.html
-
Datenschutzvorfall im Online-Forum Rezeptwelt.de (Feb. 2025)
Unschöne Geschichte, auf die mich gleich zwei Leser aufmerksam gemacht haben (danke dafür). Das zu Vorwerk gehörende Online-Forum rezeptwelt.de informiert seine Nutzer über einen Sicherheitsvorfall, den es bei einem externen Dienstleister gab, und bei dem wohl die Nutzerdaten betroffen sind. … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/02/07/datenschutzvorfall-im-online-forum-rezeptwelt-de/
-
Sicherheitsexperten enthüllen triviale Datenlecks bei Legaltechs
Zwei Legaltechs helfen Bürgern bei der Durchsetzung rechtlicher Ansprüche. Doch deren Daten standen teilweise ungeschützt im Netz, wie Hacker herausfanden. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsexperten-enthuellen-triviale-Datenlecks-bei-Legaltechs-10272273.html
-
GreenSpot APT Phishes 163.com Users with Spoofed Domains
A recent report from Threat Hunting Platform Hunt.io has exposed an ongoing phishing campaign orchestrated by GreenSpot First seen on securityonline.info Jump to article: securityonline.info/greenspot-apt-phishes-163-com-users-with-spoofed-domains/
-
S. Korea’s Notorious Sex Crime Hub Ya-moon Hacked, User Data Leaked
Ya-moon, S. Korea’s notorious sex crime hub operating since 1990, hacked; user data leaked, exposing CSAM, exploitation, and illicit activities. First seen on hackread.com Jump to article: hackread.com/s-koreas-crime-hub-ya-moon-hacked-user-data-leak/
-
Microsoft says attackers use exposed ASP.NET keys to deploy malware
Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-says-attackers-use-exposed-aspnet-keys-to-deploy-malware/