Tag: data
-
Privacy oversight board finds FBI does not buy real-time location data
The report, which is based on an investigation begun by the Privacy and Civil Liberties Oversight Board (PCLOB) in 2017, provides an overview of what open-source information the FBI consults in such investigations. First seen on therecord.media Jump to article: therecord.media/pclob-finds-fbi-does-not-use-real-time-location-data
-
Salesforce-linked data breach claims 200+ victims, has ShinyHunters’ fingerprints all over it
They keep coming back for more First seen on theregister.com Jump to article: www.theregister.com/2025/11/20/salesforce_gainsight_breach/
-
$5M Settlement in Geisinger Health, Nuance Insider Breach
Class Action Litigation and Criminal Case Focus on Actions of an Ex-Tech Worker. A federal court has granted preliminary approval of a $5 million settlement in class action litigation filed against Pennsylvania-based Geisinger Health and Nuance Communications – now part of Microsoft – involving a 2023 insider data breach affecting more than 1 million Geisinger…
-
CVE-2025-50165: Critical Flaw in Windows Graphics Component
IntroductionIn May 2025, Zscaler ThreatLabz discovered CVE-2025-50165, a critical remote code execution (RCE) vulnerability with a CVSS score of 9.8 that impacts the Windows Graphics Component. The vulnerability lies within windowscodecs.dll, and any application that uses this library as a dependency is vulnerable to compromise, such as a Microsoft Office document. For example, attackers can exploit the…
-
Breach Roundup: Cloudflare Outage Root Cause
Also: Fortinet Flaws, Aisuru Botnet and Dutch Police Seize Bulletproof Host Servers. This week, the root cause of the Cloudflare outage, active exploitation of Fortinet flaws, Logitech disclosed a data breach, Microsoft headed off a record-breaking botnet attack, Dutch police seized bulletproof hosting servers and Princeton University disclosed a data breach after a phishing attack.…
-
Another Salesforce-linked data breach has ShinyHunters’ fingerprints all over it
They keep coming back for more First seen on theregister.com Jump to article: www.theregister.com/2025/11/20/salesforce_gainsight_breach/
-
Another Salesforce-linked data breach has ShinyHunters’ fingerprints all over it
They keep coming back for more First seen on theregister.com Jump to article: www.theregister.com/2025/11/20/salesforce_gainsight_breach/
-
Sturnus Malware Hijacks Signal and WhatsApp, Taking Full Device Control
MTI Security researchers have uncovered a new, particularly advanced Android banking trojan, dubbed Sturnus, that targets users’ financial and personal data with an unprecedented level of device control and operational stealth. Distinct from conventional mobile malware, Sturnus not only supports the typical arsenal of credential theft and whole device takeover but also demonstrates the ability…
-
Sturnus Malware Hijacks Signal and WhatsApp, Taking Full Device Control
MTI Security researchers have uncovered a new, particularly advanced Android banking trojan, dubbed Sturnus, that targets users’ financial and personal data with an unprecedented level of device control and operational stealth. Distinct from conventional mobile malware, Sturnus not only supports the typical arsenal of credential theft and whole device takeover but also demonstrates the ability…
-
Milvus Proxy Flaw Lets Attackers Forge Headers and Skip Authorization
A critical authentication bypass vulnerability in the Milvus vector database could allow attackers to gain administrative access without credentials. The flaw exists in how the Milvus Proxy component handles HTTP headers, treating user-controlled data as trusted internal credentials. Critical Security Risk in Vector Database Milvus, an open-source vector database widely used for generative AI applications,…
-
Salesforce says some of its customers’ data was accessed after Gainsight breach
Salesforce said it’s investigating an incident where hackers compromised some of its customers’ data after breaching customer experience company Gainsight. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/20/salesforce-says-some-of-its-customers-data-was-accessed-after-gainsight-breach/
-
Hacker claims to steal 2.3TB data from Italian rail group, Almavia
Data from Italy’s national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization’s IT services provider, Almaviva. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacker-claims-to-steal-23tb-data-from-italian-rail-group-almavia/
-
New Android malware can capture private messages, researchers warn
The malware can monitor everything displayed on a phone in real time, including contacts, full message threads and the content of encrypted chats, by accessing data after it has been decrypted by legitimate apps. First seen on therecord.media Jump to article: therecord.media/new-android-malware-captures-private-messages
-
Everest Ransomware Says It Breached Brazilian Energy Giant Petrobras
Everest ransomware claims to have stolen over 180GB of seismic survey data from Petrobras, demanding contact through qTox with a countdown in place. First seen on hackread.com Jump to article: hackread.com/everest-ransomware-brazil-petrobras-breach/
-
Salesforce investigates customer data theft via Gainsight breach
Salesforce says it revoked refresh tokens linked to Gainsight-published applications while investigating a new wave of data theft attacks targeting customers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/salesforce-investigates-customer-data-theft-via-gainsight-breach/
-
What Are Digital Footprints? Understanding Your Online Identity
Every click, post, and search leaves a data trail online, and it’s called a digital footprint. Digital footprints are a record of a person’s online activity across all websites, apps, and social media platforms. Whether you’re uploading photos, using your favorite streaming app, or simply browsing the web, you’re creating a lasting digital mark ……
-
Swedish welfare authorities suspend ‘discriminatory’ AI model
A machine learning model used by Sweden’s social security agency to flag benefit fraud has been discontinued following investigations by media outlets and the country’s data protection watchdog First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366634703/Swedish-welfare-authorities-suspend-discriminatory-AI-model
-
Turn your Windows 11 migration into a security opportunity
Windows 11 migration is inevitable as Windows 10 support ends, and unsupported systems create major security and ransomware risks. Acronis explains how to use this migration to review backups, strengthen cybersecurity, and ensure data stays recoverable. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/turn-your-windows-11-migration-into-a-security-opportunity/
-
WhatsApp ‘Eternidade’ Trojan Self-Propagates Through Brazil
The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/whatsapp-eternidade-trojan-self-propagates-brazil
-
New Eternidade Stealer Uses WhatsApp to Steal Banking Data
Trustwave SpiderLabs warns of Eternidade Stealer, a new banking trojan spreading via personalised WhatsApp messages. Find out how this malicious software bypasses security checks and deploys fake login screens for major banks and wallets. First seen on hackread.com Jump to article: hackread.com/eternidade-stealer-whatsapp-steal-banking-data/
-
SSL Certificate And SiteLock Security: Which One Do You Need?
What is an SSL Certificate? An SSL certificate is a digital file that verifies a website’s identity and establishes an encrypted connection between the server and a web browser. An SSL certificate allows for the safe transmission of sensitive data, including usernames and passwords, payment information, or personal details, by encrypting it via cryptographic protocolsRead…
-
China”‘linked PlushDaemon hijacks DNS via ‘EdgeStepper’ to weaponize software updates
Hijacked update to backdoor deployment: With the network device serving as a stealthy redirect, PlushDaemon then exploits the hijacked update channel to gain access to end-systems. ESET observed how typical victim software (such as a Chinese input-method application) issues an HTTP GET to its update server, but because DNS was hijacked, the request lands at…
-
3 ways CISOs can win over their boards this budget season
Tip 2: Go beyond compliance standards: It’s no secret that compliance and regulations drive nearly 80% of CISOs’ budget justifications. Industry standards like HIPAA and SOC2 can offer a guiding framework for a program, but with evolving threats from AI, the rise of quantum computing and increasingly complex third-party risk, CISOs need to think of…
-
VeeamPlatform v13 soll der neue Standard für Cyberresilienz, Datenschutz, und KI-gestützte Intelligenz werden
Veeam bringt Veeam-Data-Platform v13 auf den Markt eine innovative Weiterentwicklung, die den Standard für Cyberresilience, intelligenten Datenschutz und Datenfreiheit im Zeitalter der KI neu definiert. Diese Version stellt eine grundlegende Innovation der vertrauenswürdigsten Datenplattform der Branche dar. Veeam-Data-Platform v13 wurde entwickelt, um zeitgenössischen Herausforderungen wie unerbittlichen Ransomware-Angriffen, schnellen Veränderungen digitaler Infrastruktur und laufenden KI-Innovationen […]…
-
Datenschutz und Souveränität – EU Data Act: Warum Europas Gesundheitsdaten noch nicht souverän sind
Tags: dataFirst seen on security-insider.de Jump to article: www.security-insider.de/eu-data-act-warum-europas-gesundheitsdaten-noch-nicht-souveraen-sind-a-d2144a610d384b690161e7b1cbbca667/