Tag: data-breach
-
Cisco Data Breach Ransomware Group Allegedly Breached Internal Network
Tags: breach, cisco, credentials, cyber, dark-web, data, data-breach, group, infrastructure, network, password, ransomware, windowsSensitive credentials from Cisco’s internal network and domain infrastructure were reportedly made public due to a significant data breach. According to a Cyber Press Research report, the new Kraken ransomware group has allegedly leaked a dataset on their dark web blog, which appears to be a dump of hashed passwords from a Windows Active Directory…
-
Ransomware attackers turn to workers for data breach access
First seen on scworld.com Jump to article: www.scworld.com/news/ransomware-attackers-turn-to-workers-for-data-breach-access
-
Label maker Avery says ransomware investigation also found credit-card scraper
An investigation into a ransomware attack led label-maker Avery Products to also find malware that was skimming credit card details from transactions on its website, according to a data breach notification by the company. First seen on therecord.media Jump to article: therecord.media/avery-products-ransomware-data-breach-notification
-
3,000 exposed ASP.NET keys could perform code injection attacks
First seen on scworld.com Jump to article: www.scworld.com/news/3000-exposed-asp-net-keys-could-perform-code-injection-attacks
-
Report reveals security failures in PowerSchool data breach
First seen on scworld.com Jump to article: www.scworld.com/brief/report-reveals-security-failures-in-powerschool-data-breach
-
Millions of job applicant records exposed by Foh&Boh
First seen on scworld.com Jump to article: www.scworld.com/brief/millions-of-job-applicant-records-exposed-by-fohboh
-
ISMG Editors: AI Security Wake-Up Call From DeepSeek
Tags: ai, api, ciso, data, data-breach, governance, leak, open-source, risk, risk-management, vulnerabilityAlso: Addressing AI Vulnerabilities and Governance Challenges. DeepSeek, an advanced open-source AI model, is under scrutiny for its safety guardrails failing multiple security tests and a data leak that exposed user information and API keys. Sam Curry, CISO at Zscaler, discusses AI security, risk management and upcoming U.S. policy changes. First seen on govinfosecurity.com Jump…
-
HPE notifies employees of data breach after Russian Office 365 hack
Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company’s Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hpe-notifies-employees-of-data-breach-after-russian-office-365-hack/
-
Microsoft warns 3K exposed ASP.NET machine keys at risk of weaponization
An unknown threat actor recently used an exposed key for code injection cyberattacks.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-warns-3k-exposed-aspnet-machine-keys-at-risk-of-weaponization/739551/
-
US health system notifies 882,000 patients of August 2023 breach
Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-health-system-notifies-882-000-patients-of-august-2023-breach/
-
HPE begins notifying data breach victims after Russian government hack
Hackers with Russian foreign intelligence were blamed for the breach, which also targeted Microsoft. First seen on techcrunch.com Jump to article: techcrunch.com/2025/02/07/hpe-begins-notifying-data-breach-victims-after-russian-government-hack/
-
7,000 Exposed Ollama APIs Leave DeepSeek AI Models Wide Open to Attack
UpGuard discovers exposed Ollama APIs revealing DeepSeek model adoption globally. See where these AI models are running and the security risks involved. First seen on hackread.com Jump to article: hackread.com/exposed-ollama-apis-leave-deepseek-ai-models-attack/
-
Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks
Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers’ pathway.The tech giant’s threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET First seen…
-
Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys
A ViewState code injection attack spotted by Microsoft threat researchers in December 2024 could be easily replicated by other attackers, the company warned. >>In the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/07/iis-servers-compromised-asp-net-machine-keys-viewstate-code-injection/
-
PowerSchool data breach affected 16,000 students in the UK
The edtech giant has begun notifying individuals outside of the US and Canada affected by the breach First seen on techcrunch.com Jump to article: techcrunch.com/2025/02/07/powerschool-data-breach-affected-16000-students-in-the-uk/
-
Eine Million deutsche Nutzer betroffen: Datenleck bei Thermomix
Insgesamt drei Millionen Datensätze bietet ein Unbekannter im Darknet zum Verkauf an. Quelle ist das Rezepteforum des Herstellers. First seen on heise.de Jump to article: www.heise.de/news/Datenleck-bei-Thermomix-Daten-von-1-Million-deutscher-Nutzer-im-Darknet-10273696.html
-
Datenschutzvorfall im Online-Forum Rezeptwelt.de (Feb. 2025)
Unschöne Geschichte, auf die mich gleich zwei Leser aufmerksam gemacht haben (danke dafür). Das zu Vorwerk gehörende Online-Forum rezeptwelt.de informiert seine Nutzer über einen Sicherheitsvorfall, den es bei einem externen Dienstleister gab, und bei dem wohl die Nutzerdaten betroffen sind. … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/02/07/datenschutzvorfall-im-online-forum-rezeptwelt-de/
-
Sicherheitsexperten enthüllen triviale Datenlecks bei Legaltechs
Zwei Legaltechs helfen Bürgern bei der Durchsetzung rechtlicher Ansprüche. Doch deren Daten standen teilweise ungeschützt im Netz, wie Hacker herausfanden. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsexperten-enthuellen-triviale-Datenlecks-bei-Legaltechs-10272273.html
-
GreenSpot APT Phishes 163.com Users with Spoofed Domains
A recent report from Threat Hunting Platform Hunt.io has exposed an ongoing phishing campaign orchestrated by GreenSpot First seen on securityonline.info Jump to article: securityonline.info/greenspot-apt-phishes-163-com-users-with-spoofed-domains/
-
S. Korea’s Notorious Sex Crime Hub Ya-moon Hacked, User Data Leaked
Ya-moon, S. Korea’s notorious sex crime hub operating since 1990, hacked; user data leaked, exposing CSAM, exploitation, and illicit activities. First seen on hackread.com Jump to article: hackread.com/s-koreas-crime-hub-ya-moon-hacked-user-data-leak/
-
Microsoft says attackers use exposed ASP.NET keys to deploy malware
Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-says-attackers-use-exposed-aspnet-keys-to-deploy-malware/
-
OpenAI Data Breach Threat Actor Allegedly Claims 20 Million Logins for Sale
Tags: breach, credentials, cyber, cybersecurity, data, data-breach, email, login, openai, password, threatOpenAI may have become the latest high-profile target of a significant data breach. A threat actor has surfaced on underground forums, claiming possession of email and password credentials for a staggering 20 million OpenAI accounts. This alleged breach has raised serious concerns among tech users and cybersecurity experts worldwide. The threat actor, who remains anonymous,…
-
DeepSeek’s New Jailbreak Method Reveals Full System Prompt
The Wallarm Security Research Team unveiled a new jailbreak method targeting DeepSeek, a cutting-edge AI model making waves in the global market. This breakthrough has exposed DeepSeek’s full system prompt”, sparking debates about the security vulnerabilities of modern AI systems and their implications for ethical AI governance. What Is a Jailbreak in AI? AI jailbreaks…
-
Thousands of McKinney, Texas, residents impacted by October data breach
The Dallas suburb said its government systems were breached on October 31 but security systems only discovered the incident two weeks later. First seen on therecord.media Jump to article: therecord.media/thousands-mckinney-texas-residents-impacted
-
International Civil Aviation Organization (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists
The International Civil Aviation Organization (ICAO) is investigating a data breach affecting system and employee security. The International Civil Aviation Organization (ICAO), a specialized agency of the United Nations, is investigating a significant data breach that has raised concerns about the security of its systems and employees data. In the updated statement published by ICAO,…
-
Why CRQ Methodologies Should Be Usable, Defensible, and Informative
In a thoroughly digital world, cyber incidents can have a huge financial impact, with the average cost of a data breach skyrocketing to $4.88 million. Still, too many businesses struggle Read More First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/why-crq-methodologies-should-be-usable-defensible-and-informative/
-
Passwortwechseln war gestern
Wie Verbraucherinnen und Verbraucher ihre Benutzerkonten absichern können. Am 1. Februar war der Ändere-dein-Passwort-Tag. Die Idee: Für den Fall, dass ein Passwort unbemerkt in einem Datenleck enthalten war, sollen Verbraucherinnen und Verbraucher ihre Passwörter vorsorglich ändern. Tatsächlich ist dieser Ratschlag jedoch überholt. Regelmäßige, anlassunabhängige Passwortwechsel führen erfahrungsgemäß dazu, dass zunehmend schwächere Passwörter genutzt werden…. First…