Tag: data-breach
-
Feel Relieved with Efficient Secrets Rotation
Is Your Organization Optimally Protecting Its Non-Human Identities? I bring this pertinent issue to light. Non-Human Identities (NHIs) and Secrets Security Management are essential components in maintaining cybersecurity integrity. But without an effective strategy in place, your organization could be vulnerably exposed to breaches and data leaks. In particular, inadequate Secrets Rotation is a common……
-
Ascension reveals personal data of 437,329 patients exposed in cyberattack
A data breach at Ascension, caused by a former partner’s compromise, exposed the health information of over 430,000 patients. Ascension is one of the largest private healthcare systems in the United States, ranking second in the United States by the number of hospitals as of 2019. At the end of April, the company notified patients that their personal and health information…
-
Why You Should Segment RDP SSH
Securing remote access pathways often feels like an endless battle against evolving threats. Attackers continually search for exposed protocols, especially those that provide direct or near-direct access to critical systems. Remote Desktop Protocol (RDP) and Secure Shell (SSH) stand out… Read More First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/why-you-should-segment-rdp-ssh/
-
FBI warns that end of life devices are being actively targeted by threat actors
Tags: access, antivirus, attack, authentication, botnet, china, cisco, control, credentials, cve, data-breach, exploit, firewall, firmware, Hardware, identity, infection, intelligence, Internet, malware, network, password, router, sans, service, software, technology, threat, tool, update, vulnerabilityLinksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550, WRT320N, WRT310N, WRT610NCradlepoint E100Cisco M10Threat actors, notably Chinese state-sponsored actors, are successfully exploiting known vulnerabilities in routers exposed to the web through pre-installed remote management software, according to the FBI. They then install malware, set up a botnet, and sell proxy services or launch coordinated attacks.”The…
-
Data breach confirmed by Insight Partners
First seen on scworld.com Jump to article: www.scworld.com/brief/data-breach-confirmed-by-insight-partners
-
LockBit Ransomware Gang Hacked, Operations Data Leaked
Exposed data from LockBit’s affiliate panel includes Bitcoin addresses, private chats with victim organizations, and user information such as credentials. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/lockbit-ransomware-gang-hacked-data-leaked
-
Ascension says recent data breach affects over 430,000 patients
Ascension, one of the largest private healthcare systems in the United States, has revealed that a data breach disclosed last month affects the personal and healthcare information of over 430,000 patients. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ascension-says-recent-data-breach-affects-over-430-000-patients/
-
Insight Partners Data Breach: Bigger Impact Than Anticipated
The investigation is ongoing, but the VC giant intends to inform affected customers on a rolling basis as more of the breach details come to light. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/insight-partners-data-breach-bigger-impact
-
Datenleck bei Pearson: Cyberangriff trifft großen Medienkonzern
Die Angreifer haben wohl auf von Pearson genutzte Clouddienste zugegriffen und allerhand Daten ausgeleitet. Millionen von Menschen sollen betroffen sein. First seen on golem.de Jump to article: www.golem.de/news/daten-abgeflossen-cyberangriff-trifft-medienkonzern-pearson-2505-196050.html
-
FreeDrain Phishing Attack Targets Users to Steal Financial Login Credentials
PIVOTcon, joint research by Validin and SentinelLABS has exposed FreeDrain, an industrial-scale cryptocurrency phishing operation that has been stealthily siphoning digital assets for years. This sophisticated campaign leverages search engine optimization (SEO) manipulation, free-tier web services, and intricate redirection techniques to target unsuspecting users of cryptocurrency wallets such as Trezor, MetaMask, and Ledger. Sophisticated Cryptocurrency…
-
LockBit ransomware gang breached, secrets exposed
Oh dear, what a shame, never mind. First seen on tripwire.com Jump to article: www.tripwire.com/state-of-security/lockbit-ransomware-gang-breached-secrets-exposed
-
LockBit hacked: What does the leaked data show?
The affiliate panel of the infamous LockBit Ransomware-as-a-Service (RaaS) group has been hacked and defaced, showing a link to a MySQL database dump ostensibly containing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/09/lockbit-hacked-data-leaked/
-
Zugangsdaten: Passwörter von Doge-Mitarbeiter per Malware erbeutet
Eine private Mail-Adresse eines Doge-Mitarbeiters soll in 51 bekannten Datenlecks enthalten sein. Zudem sind seine Zugangsdaten in mehreren Stealer-Logs aufgetaucht. First seen on golem.de Jump to article: www.golem.de/news/zugangsdaten-infostealer-malware-erbeutet-passwoerter-von-doge-mitarbeiter-2505-196043.html
-
Azure Storage Utility Vulnerability Allows Privilege Escalation to Root Access
A critical vulnerability discovered by Varonis Threat Labs has exposed users of Microsoft Azure’s AI and High-Performance Computing (HPC) workloads to a potential privilege escalation attack. The flaw, found in a utility pre-installed on select Azure Linux virtual machines, made it possible for an unprivileged local user to gain root access-a severe breach of the…
-
A timeline of South Korean telco giant SKT’s data breach
In April, South Korea’s telco giant SK Telecom (SKT) was hit by a cyberattack that led to the theft of personal data on approximately 23 million customers, equivalent to almost half of the country’s 52 million residents. At a National Assembly hearing in Seoul on Thursday, SKT chief executive Young-sang Ryu said about 250,000 users…
-
LockBit Ransomware Hacked: Database and Victim Chats Leaked
LockBit ransomware website hacked! Sensitive data leaked, including Bitcoin keys. Learn about the breach and how to secure your organization. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/lockbit-ransomware-hacked-database-and-victim-chats-leaked/
-
Data breach exposes LockBit ransomware gang
First seen on scworld.com Jump to article: www.scworld.com/brief/data-breach-exposes-lockbit-ransomware-gang
-
DOGE software engineer’s computer infected by info-stealing malware
The presence of credentials in leaked “stealer logs” indicates his device was infected. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/05/doge-software-engineers-computer-infected-by-info-stealing-malware/
-
The LockBit ransomware site was breached, database dump was leaked online
Lockbit ransomware group has been compromised, attackers stole and leaked data contained in the backend infrastructure of their dark web site. Hackers compromised the dark web leak site of the LockBit ransomware gang and defaced it, posting a message and a link to the dump of the MySQL database of its backend affiliate panel. >>Don’t…
-
LockBit’s Dark Web Domains Hacked, Internal Data and Wallets Leaked
LockBit’s dark web domains were hacked, exposing internal data, affiliate tools, and over 60,000 Bitcoin wallets in a… First seen on hackread.com Jump to article: hackread.com/lockbits-dark-web-domains-hacked/
-
Silence is Golden for Breach Prevention, Not Reporting
Not Just Ransomware But Verbal Disclosure of Personal Data Common, Watchdog Finds Two decades after California Senate Bill 1386 introduced the world to data breach notifications, organizations have collectively battened down their cybersecurity hatches and fixed the problem once and for all. Of course, I’m joking, with the results of recent data breach root cause…
-
IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers
A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux, and macOS systems to local privilege escalation attacks, enabling non-privileged users to gain root or SYSTEM-level access. Designated as CVE-2025-26168 and CVE-2025-26169, these flaws affect versions 1.4.3 and earlier of the software, posing severe risks to industrial, enterprise, and managed service…
-
38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
Cybersecurity researchers have exposed what they say is an “industrial-scale, global cryptocurrency phishing operation” engineered to steal digital assets from cryptocurrency wallets for several years.The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin.”FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io First seen on thehackernews.com Jump to article:…
-
From Managing Vulnerabilities to Managing Exposure: The Critical Shift You Can’t Ignore
Tags: ai, attack, best-practice, breach, business, cloud, computing, control, cyber, cybersecurity, data, data-breach, endpoint, identity, infrastructure, intelligence, Internet, office, risk, service, software, strategy, technology, threat, tool, vulnerability, vulnerability-managementVulnerability management remains core to reducing cyber risk, but as the attack surface grows, teams need a risk-driven strategy that looks beyond vulnerabilities to see the bigger picture. Discover how exposure management unifies data and prioritizes real exposures, keeping teams proactive and ahead of cyber threats. The limits of siloed security Over the years, the…
-
New Attack Exploits X/Twitter Ad URL Feature to Deceive Users
Silent Push Threat Analysts have recently exposed a sophisticated financial scam leveraging a vulnerability in X/Twitter’s advertising display URL feature to deceive users. This attack manipulates the platform’s URL display mechanism to present a legitimate-looking link, such as “From CNN[.]com,” while redirecting unsuspecting victims to a malicious cryptocurrency scam site impersonating Apple’s brand. This campaign,…
-
Iranian Hackers Posing as Model Agency to Target Victims
Unit 42, the threat intelligence arm of Palo Alto Networks, has exposed a covert operation likely orchestrated by Iranian cyber actors. The campaign involves a fraudulent website, megamodelstudio[.]com, meticulously designed to impersonate the Hamburg-based Mega Model Agency. Cyberespionage Campaign Uncovered Registered on February 18, 2025, and hosted at IP address 64.72.205[.]32 since March 1, 2025,…
-
LockBit Ransomware Hacked, Insider Secrets Exposed
The data dump will likely shed light on LockBit’s recent activity and help law enforcement trace cryptocurrency transactions First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lockbit-ransomware-hacked-insider/
-
ExternalSurface-Management mit Modulen für Social-Media und Datenlecks
Outpost24 hat seine External Attack Surface Management-Plattform um zwei wichtige Produktkomponenten im Bereich Digital Risk Protection (DRP) erweitert: die Module Social Media und Data Leakage. Mit diesen neuen DRP-Komponenten erhalten Unternehmen erweiterte Möglichkeiten, um digitale Bedrohungen frühzeitig zu erkennen, gezielt zu analysieren und wirksam zu beseitigen. Digitale Risiken entstehen heute nicht nur auf bekannten Kanälen…