Tag: data-breach
-
Red teaming Deepseek aka DeepSeek R1 Exposed: Security Flaws in China’s AI Model
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/red-teaming-deepseek-aka-deepseek-r1-exposed-security-flaws-in-chinas-ai-model/
-
312% Surge in Breach Notices That Could Have Been Prevented
Identity Theft Resource Center’s Lee on Lessons Learned From 2024 Mega-Breaches. Six mega cybersecurity incidents led to a record 1.7 billion data breach notices going out to victims in 2024 – a dramatic 312% increase over the previous year. Identity Theft Resource Center President James E. Lee says the increase exposes industry-wide failures in basic…
-
Zyxel CPE Zero-Day (CVE-2024-40891) Exploited in the Wild
Security researchers have raised alarms about active exploitation attempts targeting a newly discovered zero-day command injection vulnerability in Zyxel CPE Series devices, tracked as CVE-2024-40891. This critical vulnerability, which remains unpatched and undisclosed by the vendor, has left over 1,500 devices globally exposed to potential compromise, as reported by Censys. About the Vulnerability CVE-2024-40891 CVE-2024-40891 […]…
-
Vulnerability in Airline Integration Service enables A Hacker to Gain Entry To User Accounts
A recent security vulnerability in a widely used airline integration service has exposed millions of users to account takeovers, raising concerns over the safety of online travel services. Security researchers from Salt Labs discovered the flaw, which enabled hackers to access user accounts without authorization, potentially compromising sensitive information and airline loyalty points. The Exploit…
-
Hackers Seize Control of 3,000 Companies Through Critical Vulnerabilities
In a groundbreaking cybersecurity investigation, researchers identified several critical vulnerabilities in a target system, eventually gaining control over 3,000 subsidiary companies managed by a parent organization. The exploration leveraged flaws in API configurations, bypassed key security protocols, and exposed sensitive employee and customer data. This research spanned three weeks and demonstrated the persistent risks of…
-
Premium Panel Phishing Toolkit Exposed: Two Years of Global Attacks
Intrinsec’s Cyber Threat Intelligence (CTI) team has uncovered a sophisticated phishing toolkit, named >>Premium Panel
-
MGM agrees to pay $45 million to victims of 2019 data breach and 2023 ransomware attack
MGM Resorts International agreed to pay $45 million to settle multiple class action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. First seen on therecord.media Jump to article: therecord.media/mgm-agrees-45-million-payment-data-breach-ransomware-victims
-
Reverse engineering your test data: It’s not as safe as you think it is
Not all approaches to data de-identification and anonymization are created equal. Many approaches leave your data exposed to the very real risk of re-identification. Here’s how that can happen and how to avoid it. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/reverse-engineering-your-test-data-its-not-as-safe-as-you-think-it-is/
-
UHG’s PR Headache: How Did Breach Total Jump to 190 Million?
Experts Explain Complexity of Company’s Massive Data Breach Analysis Endeavor. UnitedHealth Group says its previously eye-popping estimate of 100 million people affected by last year’s attack on its Change Healthcare unit nearly doubled in recent months to a staggering 190 million victims. Why did it take so long for the company to figure out the…
-
OAuth Flaw Exposed Millions of Airline Users to Account Takeovers
The now-fixed vulnerability involved a major travel services company that’s integrated with dozens of airline websites worldwide. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/oauth-flaw-exposed-millions-airline-users-account-takeovers
-
Actively Exploited Fortinet Zero-Day Gives Attackers Super-Admin Privileges
The firewall specialist has patched the security flaw, which was responsible for a series of attacks reported earlier this month that compromised FortiOS and FortiProxy products exposed to the public Internet. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/actively-exploited-fortinet-zero-day-attackers-super-admin-privileges
-
Lynx Ransomware Group Unveiled with Sophisticated Affiliate Program
Group-IB researchers have exposed the highly organized affiliate platform and sophisticated operations of the Lynx Ransomware-as-a-Service group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lynx-ransomware-sophisticated/
-
SonicWall SMA 1000 series appliances left exposed on the internet
The company last week confirmed attackers are actively exploiting a critical vulnerability in the devices.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/sonicwall-sma-1000-exposed/738501/
-
PowerSchool starts notifying victims of massive data breach
Education software giant PowerSchool has started notifying individuals in the U.S. and Canada whose personal data was exposed in a late December 2024 cyberattack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/powerschool-starts-notifying-victims-of-massive-data-breach/
-
Neue Ransomware-Gruppe Funksec profitiert von LLMs
Tags: access, ai, cyberattack, data-breach, ddos, extortion, group, leak, LLM, mail, malware, powershell, ransomware, rust, service, tool, usa, windows -
PowerSchool begins notifying students and teachers after massive data breach
The edtech giant is notifying state attorneys general about the breach but won’t say how many individuals have been affected First seen on techcrunch.com Jump to article: techcrunch.com/2025/01/28/powerschool-begins-notifying-students-and-teachers-after-massive-data-breach/
-
Mega-Breaches Bump Up 2024 Victim Count
Identity Theft Resource Center Catalogs 3,158 Known US Incidents in 2024. The number of U.S. organizations falling victim to a data breach appears to be holding steady, as viewed on an annual basis, according to the latest annual data breach report from the Identity Theft Resource Center, which counted 3,158 reported data breaches in 2024,…
-
Mega Data Breaches Push US Victim Count to 1.7 Billion
The number of data breach victims increased 312% annually to exceed 1.7 billion in 2024, according to the ITRC 2024 Annual Data Breach Report First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mega-data-breaches-us-victim-17/
-
What Makes This “Data Privacy Day” Different?
Tags: access, ai, attack, breach, business, cloud, data, data-breach, finance, identity, infrastructure, malware, monitoring, phishing, privacy, ransomware, risk, scam, threat, tool, training, vulnerabilityAs we celebrate Data Privacy Day, Bernard Montel, Tenable’s EMEA Technical Director and Security Strategist, wants to remind us that we live in a digital world and that we need to protect it. With data breaches a daily occurrence, and AI changing the playing field, he urges everyone to “do better.” Launched in April 2006…
-
Deutscher Cloud-Provider: Massives Datenleck mit Daten von Bürgern Georgiens
Unschöne Geschichte, die einen deutschen Cloud-Provider betrifft, der Daten von fast allen Bewohnern Georgiens in einem Elasticsearch-Server gehostet hat. Leider war der Elasticsearch-Server ungeschützt per Internet erreichbar. Ein Sicherheitsforscher ist auf das Datenleck gestoßen und hat es gemeldet. Inzwischen ist … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/01/28/deutscher-cloud-provider-massives-datenleck-mit-daten-von-buergern-georgiens/
-
Privacy Roundup: Week 4 of Year 2025
Tags: access, ai, apt, attack, backup, botnet, breach, cctv, cve, cybersecurity, data, data-breach, detection, email, exploit, firmware, flaw, google, group, identity, infrastructure, korea, lazarus, leak, login, malicious, malware, north-korea, phishing, phone, privacy, regulation, remote-code-execution, risk, router, scam, service, software, startup, technology, threat, tool, update, virus, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 19 JAN 2025 – 25 JAN 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
TalkTalk confirms data breach involving a third-party platform
UK telecommunications firm TalkTalk disclosed a data breach after a threat actor announced the hack on a cybercrime forum. UK telecommunications company TalkTalk confirmed a data breach after a threat actor claimed responsibility for the cyber attack on a cybercrime forum and offered for sale alleged customer data. A threat actor named >>b0nd
-
New ransomware group Funksec is quickly gaining traction
Tags: access, ai, attack, computer, control, country, cybercrime, data, data-breach, ddos, detection, email, encryption, extortion, government, group, leak, LLM, malware, password, powershell, ransom, ransomware, russia, rust, service, threat, tool, usa, windowsThreat reports for December showed a newcomer to the ransomware-as-a-service (RaaS) landscape quickly climbing the ranks. Called Funksec, this group appears to be leveraging generative AI in its malware development and its founders are tied to hacktivist activity.Funksec was responsible for 103 out of 578 ransomware attacks tracked by security firm NCC Group in December,…
-
American National Insurance Company data likely stolen in MOVEit hack exposed
First seen on scworld.com Jump to article: www.scworld.com/brief/american-national-insurance-company-data-likely-stolen-in-moveit-hack-exposed
-
TalkTalk Confirms Data Breach, Downplays Impact
UK telecoms firm TalkTalk has confirmed falling victim to a data breach after a threat actor boasted about hacking it. The post TalkTalk Confirms Data Breach, Downplays Impact appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/talktalk-confirms-data-breach-downplays-impact/
-
UnitedHealth hikes number of Change cyberattack breach victims to 190M
The new estimate nearly doubles the company’s previous report of 100 million affected individuals, already the largest healthcare data breach ever reported to federal regulators. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/change-healthcare-attack-affects-190-million/738369/
-
Change Healthcare Now Counts 190 Million Data Breach Victims
Cost of Attack Has Reached $3.1 Billion for Parent Company UnitedHealth Group. One of the biggest data breaches of 2024 is even worse than previously reported, as the tally of Change Healthcare breach victims has now reached 190 million individuals, and costs tied to the attack $3.1 billion, according to its owner, U.S. health insurance…
-
A pickle in Meta’s LLM code could allow RCE attacks
Tags: ai, attack, breach, cve, cvss, data, data-breach, exploit, flaw, framework, github, LLM, malicious, ml, network, open-source, rce, remote-code-execution, software, supply-chain, technology, theft, vulnerabilityMeta’s large language model (LLM) framework, Llama, suffers a typical open-source coding oversight, potentially allowing arbitrary code execution on servers leading to resource theft, data breaches, and AI model takeover.The flaw, tracked as CVE-2024-50050, is a critical deserialization bug belonging to a class of vulnerabilities arising from the improper use of the open-source library (pyzmq)…
-
Change Healthcare Data Breach Impact Grows to 190 Million Individuals
The impact of the Change Healthcare ransomware-caused data breach has increased from 100 million to 190 million individuals. The post Change Healthcare Data Breach Impact Grows to 190 Million Individuals appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/change-healthcare-data-breach-impact-grows-to-190-million-individuals/