Tag: data-breach
-
Qatar National Bank Breach Explained: How the Attack Happened and What’s Next
Tags: attack, breach, credentials, cybersecurity, data, data-breach, finance, group, hacker, middle-eastIn a significant cybersecurity incident, Qatar National Bank (QNB), Trend Micro reports that one of the Middle East’s largest financial institutions, suffered a data breach attributed to the Turkish hacker group Bozkurt Hackers. The attackers leaked a 1.5-gigabyte file containing sensitive customer information, including bank credentials, payment card details, and personal data. The Breach Details…
-
LockBit Internal Data Leak Reveals Payload Creation Methods and Ransom Demands
Tags: breach, cyber, data, data-breach, group, infrastructure, Internet, leak, lockbit, ransom, ransomware, service, tacticsThe notorious ransomware group LockBit inadvertently suffered a major data breach, exposing the inner workings of their ransomware-as-a-service (RaaS) operations. This leak, which surfaced on the internet after remaining undetected for months, has offered invaluable insights into the group’s internal processes, from ransomware payload creation to negotiation tactics with victims. Glimpse into LockBit’s Infrastructure The…
-
Coinbase says recent data breach impacts 69,461 customers
Coinbase, a cryptocurrency exchange with over 100 million customers, revealed that a recent data breach in which cybercriminals stole customer and corporate data affected 69,461 individuals First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/coinbase-says-recent-data-breach-impacts-69-461-customers/
-
Threat intelligence platform buyer’s guide: Top vendors, selection advice
Tags: ai, attack, automation, breach, cloud, computing, credentials, crowdstrike, cyber, cybersecurity, dark-web, data, data-breach, deep-fake, detection, dns, edr, email, endpoint, exploit, finance, firewall, fraud, gartner, google, group, guide, identity, incident response, infrastructure, intelligence, kubernetes, law, malicious, malware, microsoft, mitigation, monitoring, network, open-source, phishing, privacy, risk, service, siem, soar, soc, sophos, sql, supply-chain, technology, threat, tool, vpn, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) found that since 2023 the majority of exploits were zero days, meaning exploiting heretofore unknown methods. And according to the latest Verizon Data Breach Investigations report (DBIR), the percentage of AI-assisted malicious emails doubled to 10% of the totals they observed over the past two years, making staying…
-
Serviceaide data breach exposed info of 483K Catholic Health patients
First seen on scworld.com Jump to article: www.scworld.com/news/serviceaide-data-breach-exposed-info-of-483k-catholic-health-patients
-
4G Calling (VoLTE) flaw allowed to locate any O2 customer with a phone call
A flaw in O2 4G Calling (VoLTE) leaked user location data via network responses due to improper IMS standard implementation. A flaw in 4G Calling (VoLTE) service of the UK telecom O2 exposed user location data through network responses due to flaws in the IMS standard implementation. 4G Calling, also known as VoLTE (Voice over…
-
VanHelsing ransomware builder leaked on hacking forum
The VanHelsing ransomware-as-a-service operation published the source code for its affiliate panel, data leak blog, and Windows encryptor builder after an old developer tried to sell it on the RAMP cybercrime forum. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vanhelsing-ransomware-builder-leaked-on-hacking-forum/
-
Debt Collector Data Breach Affects 200,000 Harbin Clinic Patients
A data breach at Nationwide Recovery Services compromised data of 200,000 Harbin Clinic patients First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/debt-collector-breach-affects/
-
8 KI-Sicherheitsrisiken, die Unternehmen übersehen
Tags: access, ai, api, application-security, authentication, cisco, ciso, compliance, cyber, cyberattack, cybersecurity, data, data-breach, framework, governance, hacker, injection, LLM, RedTeam, risk, risk-management, security-incident, software, threat, tool, vulnerabilityIn ihrem Wettlauf um Produktivitätssteigerungen durch generative KI übersehen die meisten Unternehmen die damit verbundenen Sicherheitsrisiken.Laut einer Studie des Weltwirtschaftsforums, die in Zusammenarbeit mit Accenture durchgeführt wurde, versäumen es 63 Prozent der Unternehmen, die Sicherheit von KI-Tools vor deren Einsatz zu überprüfen. Dadurch gehen sie eine Reihe von Risiken für ihr Unternehmen ein.Dies gilt sowohl…
-
LockBit Leak Shows Affiliates Use Pressure Tactics, Rarely Get Paid
Weeks after LockBit ransomware breach, leaked data reveals how affiliates generate ransomware, set ransom demands, and often walk away unpaid. First seen on hackread.com Jump to article: hackread.com/lockbit-leak-affiliates-pressure-tactics-rarely-paid/
-
Cyberattack on Serviceaide Compromises Data of 480,000 Catholic Health Patients
Data breach at Serviceaide, Inc., a technology vendor for Catholic Health, exposed sensitive information belonging to approximately 480,000 patients. The incident, caused by an improperly secured Elasticsearch database, left names, Social Security numbers, medical records, and login credentials publicly accessible for nearly seven weeks. While forensic analysts found no direct evidence of data misuse, the…
-
Your Data, Your Responsibility: Securing Your Organization’s Future in the Cloud
Tags: access, ai, application-security, attack, best-practice, breach, business, cloud, compliance, control, cyberattack, data, data-breach, dora, encryption, finance, framework, gartner, GDPR, google, ibm, infrastructure, international, mfa, network, PCI, phishing, privacy, regulation, risk, saas, service, strategy, threatYour Data, Your Responsibility: Securing Your Organization’s Future in the Cloud madhav Tue, 05/20/2025 – 04:37 Cloud adoption has fundamentally changed the way businesses operate, offering scalability, agility, and cost efficiencies that were unimaginable just a decade ago. But with this shift comes a necessary conversation: the cloud can also introduce complex security risks without…
-
‘Whatever we did was not enough’: How Salt Typhoon slipped through the government’s blind spots
Seven sources tell CyberScoop that a lack of coordination and miscommunication between federal agencies and the telecommunications industry left critical networks exposed to the Chinese hacking group. First seen on cyberscoop.com Jump to article: cyberscoop.com/salt-typhoon-us-government-response/
-
UK’s Legal Aid Agency discloses a data breach following April cyber attack
The UK’s Legal Aid Agency suffered a cyberattack in April and has now confirmed that sensitive data was stolen during the incident. The Legal Aid Agency (LAA) revealed that it had suffered a cyberattack on its systems on April 23. The Legal Aid Agency (LAA), part of the UK Ministry of Justice, ensures access to…
-
Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization
Tags: attack, backdoor, china, data-breach, email, group, hacker, hacking, international, phishing, spear-phishing, tactics, threatThreat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi Arabia with a previously undocumented backdoor dubbed MarsSnake.ESET, which first discovered the hacking group’s intrusions targeting the entity in March 2023 and again a year later, said the activity leverages spear-phishing emails using First…
-
O2 VoLTE Flaw Allows Tracking of Customers’ Locations Through Phone Calls
Significant privacy vulnerability in O2 UK’s Voice over LTE (VoLTE) implementation was recently discovered, allowing any caller to access precise location data of call recipients. The security flaw, which exposed sensitive information through IMS (IP Multimedia Subsystem) signaling messages, has now been resolved according to O2, who contacted the researcher on May 19, 2025, to…
-
Debt Collector Hack Affects Long List of Clients, Patients
Healthcare Providers Are Among Nationwide Recovery Service Data Breach Victims. A 2024 hacking incident at a debt collection firm has affected a growing list of clients and at least hundreds of thousands of individuals so far, including 210,000 patients of Harbin Clinic in Georgia and nearly 90,000 patients of Texas-based Vitruvian Health, also known as…
-
Legal Aid Agency Warns Lawyers, Defendants on Data Breach
The online service has since been shut down as the agency grapples with the cyberattack, though it assures the public that those most in need of legal assistance will still be able to access help. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/legal-aid-agency-data-breach
-
How to protect your data after a cyber-attack
What to do you if you’re worried your information may have fallen into the wrong handsAnother cyber-attack has hit the headlines this one involving the personal data of <a href=”https://www.theguardian.com/law/2025/may/19/significant-amount-of-personal-data-accessed-in-legal-aid-agency-data-breach-says-moj”>hundreds of thousands of legal aid applicants in England and Wales.It comes hard on the heels of recent cyber-attacks that caused huge disruption at <a href=”https://www.theguardian.com/business/marksspencer”>Marks…
-
Volkswagen Car Hack Exposes Owner’s Personal Data and Service Records
Tech-savvy Volkswagen owner has uncovered critical security flaws in the My Volkswagen app that potentially exposed sensitive personal data and vehicle information of thousands of customers. The vulnerabilities, which have since been patched, allowed anyone with access to a vehicle’s VIN number to retrieve comprehensive owner data, service records, and potentially control connected features without…
-
Cocospy stalkerware apps go offline after data breach
The trio of spyware apps, hacked earlier this year, no longer work. First seen on techcrunch.com Jump to article: techcrunch.com/2025/05/19/cocospy-stalkerware-apps-go-offline-after-data-breach/
-
UK Legal Aid Agency confirms applicant data stolen in data breach
The United Kingdom’s Legal Aid Agency (LAA) has confirmed that a recent cyberattack is more serious than first believed, with hackers stealing a large trove of sensitive applicant data in a data breach. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/uk-legal-aid-agency-confirms-applicant-data-stolen-in-data-breach/
-
Massives Datenleck in Cloud-Speichern
Durch falsch konfigurierte Speicher-Buckets bei mehreren großen Cloud-Anbietern sind 200 Milliarden Dateien öffentlich einsehbar.Forscher der Cybersicherheitsfirma Cyble warnen vor einem massiven Datenleck in Cloud-Speichern. Bei einer Schwachstellenanalyse identifizierten sie insgesamt mehr als 660.000 ungeschützte Buckets, die auf sieben große Cloud-Plattformen verteilt sind. Darunter sollen sich mehr als 200 Milliarden gefährdete Dateien befinden. Besonders brisant: Nach…
-
SK Telecom USIM Data Compromise: Millions of Customers at Risk
SK Telecom faces a major data breach affecting millions. Learn how to protect your USIM data and stay secure with our comprehensive guide. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/sk-telecom-usim-data-compromise-millions-of-customers-at-risk/
-
UK government confirms massive data breach following hack of Legal Aid Agency
A large cache of sensitive data about people who applied for legal aid in the U.K. is potentially in the possession of cybercriminals, the government said. First seen on therecord.media Jump to article: therecord.media/uk-legal-aid-agency-data-breach
-
Kriminalität: Krypto-Entführer gelangen über Datenlecks an Postadressen
Schon der Hack einer Marketingdatenbank reicht aus, um Krypto-Vermögende in Gefahr zu bringen. In Frankreich fordern diese nun mehr Schutz von der Regierung. First seen on golem.de Jump to article: www.golem.de/news/kriminalitaet-krypto-entfuehrer-gelangen-ueber-datenlecks-an-postadressen-2505-196326.html
-
Confluence Servers Under Attack: Hackers Leverage Vulnerability for RDP Access and Remote Code Execution
Tags: access, attack, breach, cve, cyber, data-breach, exploit, flaw, hacker, injection, network, remote-code-execution, threat, vulnerabilityThreat actors exploited a known vulnerability, CVE-2023-22527, a template injection flaw in Atlassian Confluence servers exposed to the internet. This exploit facilitated remote code execution (RCE), enabling attackers to gain initial access and establish a foothold within targeted networks. The breach, first detected through network traffic from IP address 45.227.254.124 running a >>whoami
-
Health Care Data Breach Costs BreachForums Admin $700,000 Fine
Conor Brian Fitzpatrick, the 22-year-old former administrator of cybercrime forum Breachforums, will forfeit approximately $700,000 to settle a civil lawsuit stemming from a healthcare data breach. The settlement marks a rare instance where a cybercriminal’s assets will directly compensate victims of a data breach. Fitzpatrick, known online as >>Pompompurin,
-
Legal aid hack: data from hundreds of thousands of people accessed, says MoJ
Data including criminal records downloaded in ‘significant’ cyber-attack at Legal Aid Agency in April, ministry confirmsThe personal data of hundreds of thousands of legal aid applicants in England and Wales dating back to 2010, including criminal records and financial details, has been accessed and downloaded in a “significant” cyber-attack.Officials admit that the data may have…