Security Affairs

JANUARY 22, 2024

Cybersecurity researcher Bob Dyachenko and CyberNews researchers discovered the largest data leak ever discovered. The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The largest number of records, 1.4

Phishing 128

Phishing Passwords Data breaches Cybersecurity 128

Security Affairs

MARCH 13, 2024

The Akira ransomware gang claimed the theft of 430 GB of data from the university’s systems. 430 gb of internal data. The Department of Public Safety discovered the security breach on September 27, 2023, and investigated the incident. Akira Ransomware posts Stanford University.

Ransomware 110

Ransomware Data breaches Passwords Access 110

Security Affairs

DECEMBER 10, 2022

Censys researchers warn of more than 4,000 vulnerable Pulse Connect Secure hosts exposed to the Internet. Pulse Connect Secure is a widely-deployed SSL VPN solution for remote and mobile users, for this reason, it is a target of attacks by multiple threat actors. ” reads the post published by Censys.

Security 107

Security IT Information Security 107

IT Governance

MARCH 25, 2021

Cyber Essentials is one of the most cost-effective ways of bolstering your organisation’s information security. The UK government-backed scheme is designed to help organisations address common weaknesses without having to spend a fortune overhauling their cyber security practices. The cost of Cyber Essentials Plus.

Government 124

Government Information Security Data breaches Risk 124

Security Affairs

JANUARY 4, 2022

UScellular, one of the largest wireless carriers in the US, has disclosed a data breach after the hack suffered in December 2021. UScellular has disclosed a data breach after the attack that compromised the company’s billing system in December 2021. ” reads the data breach notification letter.

Data breaches 113

Data breaches Retail Access Communications 113

Security Affairs

OCTOBER 26, 2022

International ticketing services company See Tickets disclosed a data breach that exposed customers’ payment card details. Ticketing service company See Tickets disclosed a data breach, and threat actors might have accessed customers’ payment card details. Follow me on Twitter: @securityaffairs and Facebook.

Data breaches 90

Data breaches Access Security IT 90

Security Affairs

JANUARY 12, 2022

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. “Some telemetry data is shown below. 2021-12-22 18:38:18 2021-12-23 11:33:58.

Manufacturing 134

Manufacturing File names Archiving Encryption 134

Security Affairs

FEBRUARY 10, 2022

The FBI reported that US citizens have lost more than $68 million to SIM swapping attacks in 2021, the number of complaints since 2018 and associated losses have increased almost fivefold. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.”

Passwords 93

Passwords Authentication Retail Education 93

Security Affairs

DECEMBER 1, 2021

Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. Mozilla has addressed a heap-based buffer overflow vulnerability (CVE-2021-43527) in its cross-platform Network Security Services (NSS) set of cryptography libraries. ” wrote Ormandy.

Libraries 121

Libraries Security CMS Communications 121

Hunton Privacy

OCTOBER 15, 2021

On October 12, 2021, New Jersey Acting Attorney General Andrew J. Bruck and the Division of Consumer Affairs announced a settlement with Diamond Institute for Infertility and Menopause, LLC, over a data breach that compromised the personal information of 14,663 patients, including 11,071 New Jersey residents.

Data breaches 103

Data breaches Privacy Insurance Information Security 103

Security Affairs

JANUARY 4, 2022

Hospitality chain McMenamins disclosed a data breach after a recent ransomware attack. Hospitality chain McMenamins discloses a data breach after a ransomware attack that took place on December 12. According to the company, threat actors have stolen data of individuals employed between July 1, 2010, and December 12, 2021.

Data breaches 102

Data breaches Ransomware Insurance Sales 102

Security Affairs

JULY 9, 2021

Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March. Bloomberg was informed about the payment by two people familiar with the attack.

Data breaches 142

Data breaches Insurance Ransomware Encryption 142

Security Affairs

NOVEMBER 10, 2023

McLaren Health Care (McLaren) experienced a data breach that compromised the sensitive personal information of approximately 2.2 McLaren Health Care (McLaren) disclosed a data breach that occurred between late July and August. The security breach exposed the sensitive personal information of 2,192,515 people.

Data breaches 109

Data breaches Ransomware Insurance Manufacturing 109

Security Affairs

JULY 28, 2021

The ‘Cost of a Data Breach’ report commissioned by IBM Security states that the cost of a data breach exceeded $4.2 The study highlights the significant impact of the ongoing pandemic on the cost of data breaches and the effort to contain them. ” states IBM Security. ” states IBM Security.

Data breaches 137

Data breaches Ransomware Security Cloud 137

Thales Cloud Protection & Licensing

MARCH 23, 2022

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies. The 2022 Thales Data Threat Report, based on data from a survey of almost 2,800 respondents from 17 countries across the globe, illustrates these trends and changes. Malware and accidental human error are the biggest security threats.

Risk 126

Risk Security Encryption Ransomware 126

Hunton Privacy

APRIL 28, 2021

On April 27, 2021, the Portuguese Data Protection Authority ( Comissão Nacional de Proteção de Dados , the “CNPD”) ordered the National Institute of Statistics (the “INE”) to suspend, within 12 hours, any international transfers of personal data to the U.S. service provider to legitimize the data transfers.

Personal data 137

Personal data Access Security IT 137

Security Affairs

JULY 13, 2021

American clothing brand and retailer Guess discloses a data breach after the February ransomware attack and is notifying the affected customers. In February, American fashion brand Guess was hit by a ransomware attack, now the company is disclosing a data breach and is notifying affected customers. Pierluigi Paganini.

Retail 96

Retail Data breaches Ransomware Access 96

Security Affairs

NOVEMBER 22, 2021

Utah-based radiology medical center Utah Imaging Associates discloses a data breach that impacted 583,643 former and current patients. Utah Imaging Associates (UIA) discloses a security breach, on September 4, 2021 the company claims to have detected and blocked a cyber attack. Pierluigi Paganini.

Data breaches 91

Data breaches Insurance Cybersecurity Security 91

Data Matters

NOVEMBER 2, 2022

Pursuant to legislation passed in 2021, covered entities and business associates subject to HIPAA and facing potential regulatory enforcement may receive some credit lessening to reduce enforcement penalties if they had implemented Recognized Security Practices (RSPs) within the prior 12 months.

Security 88

Security Privacy Cybersecurity Information Security 88

Security Affairs

OCTOBER 31, 2021

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 338 appeared first on Security Affairs. Dark HunTOR: Police arrested 150 people in dark web drug bust ?

Security 80

Security Artificial Intelligence Ransomware Sales 80

Security Affairs

MAY 28, 2022

In April, GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. The attackers abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm.

Metadata 141

Metadata Passwords Archiving Access 141

Security Affairs

JULY 8, 2023

Google released July security updates for Android that addressed tens of vulnerabilities, including three actively exploited flaws. July security updates for Android addressed more than 40 vulnerabilities, including three flaws that were actively exploited in targeted attacks. ” reads the security bulletin. .

Libraries 96

Libraries Security Access IT 96

Krebs on Security

SEPTEMBER 15, 2021

TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned. TTEC has not responded to requests for comment.

Ransomware 335

Ransomware Sales Encryption Information Security 335

Security Affairs

FEBRUARY 24, 2022

Yesterday, researchers from cybersecurity firms ESET and Broadcom’s Symantec discovered a new data wiper malware that was employed in a recent wave of attacks that hit hundreds of machines in Ukraine. New information shared by Symantec on the data wiper attacks revealed that, in some cases, threat actors used a GoLang-based ransomware decoy.

Ransomware 94

Ransomware File names Cybersecurity Security 94

Security Affairs

DECEMBER 14, 2021

Google has released Chrome 96.0.4664.110 to address a high-severity zero-day vulnerability, tracked as CVE-2021-4102 , exploited in the wild. Google released security updates to address five vulnerabilities in the Chrome web browser, including a high-severity zero-day flaw, tracked as CVE-2021-4102 , exploited in the wild.

Security 99

Security IT Information Security 99

Security Affairs

APRIL 7, 2022

Experts discovered a vulnerability, tracked as CVE-2022-22292, which can be exploited to compromise Android 9, 10, 11, and 12 devices. Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292 , in Android 9, 10, 11, and 12 devices. ” reads the advisory published by Kryptowire.

Cybersecurity 130

Cybersecurity Security Access Information Security 130

Security Affairs

SEPTEMBER 26, 2021

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 333 appeared first on Security Affairs. If you want to also receive for free the international press subscribe here.

Security 58

Security Ransomware Phishing Sales 58

IT Governance

MARCH 1, 2022

The cyber security industry, much like the rest of the world, is on edge. Our figures for this month are comparatively low – with 83 data breaches and cyber attacks accounting for 5,127,241 breached records – but there is a sense that we are on the brink of something. Data breaches. Financial information. Cyber attacks.

Data breaches 134

Data breaches Ransomware Government Blockchain 134

Security Affairs

JULY 13, 2021

NetBlocks reported partial disruption to social media and messaging platforms in Cuba from 12 July 2021 shortly after Cubans went to the streets to protest the government. The post Social media partially disrupted in Cuba amid anti-government protests appeared first on Security Affairs. Source Fox News. .”

Government 95

Government Communications Access Security 95

Security Affairs

JANUARY 23, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds VMware vCenter Server Out-of-Bounds Write bug to its Known Exploited Vulnerabilities catalog. It serves as a centralized and comprehensive management platform for VMware’s virtualized data centers. CISA orders federal agencies to fix this vulnerability by February 12, 2024.

IT 115

IT Cybersecurity Cloud Risk 115

Security Affairs

MARCH 7, 2023

Security researchers warn of hacking attempts in the wild exploiting critical vulnerabilities in VMware NSX Manager. Cyber security firm Wallarm is warning of ongoing attacks exploiting the critical flaws, tracked as CVE-2021-39144 (CVSS score of 9.8) and CVE-2022-31678 (CVSS score of 9.1), in VMware NSX Manager.

Libraries 90

Libraries Authentication Cloud Security 90

Security Affairs

FEBRUARY 12, 2021

Security expert Dhiraj Mishra analyzed the popular instant messaging app Telegram and identified some failures in terms of handling the users’ data. Summary: While understanding the implementation of various security and privacy measures in Telegram, I identified that telegram fails again in terms of handling the users data.

Privacy 106

Privacy Security Information Security IT 106

Thales Cloud Protection & Licensing

MAY 18, 2021

Tue, 05/18/2021 - 12:57. The past 12 months have seen dramatic changes for organizations as they adapted to the pandemic to maintain business operations and continue their digital transformation. Focusing on protecting data in the cloud, we have seen that many cloud service providers are offering native security solutions.

Encryption 71

Encryption Cloud Digital transformation Authentication 71

Security Affairs

APRIL 28, 2021

Google released updates for Chrome 90 that address a new serious issue, tracked as CVE-2021-21227 , in the V8 JavaScript engine used by the web browser. Google has released security updates for Chrome 90 that address a new high severity vulnerability, tracked as CVE-2021-21227, that resides in the V8 JavaScript engine used by the web browser.

Cybersecurity 84

Cybersecurity Security IT Information Security 84

Security Affairs

AUGUST 27, 2021

Researchers from Cloud security company Wiz disclosed technical details of a now-fixed Azure Cosmos database vulnerability, dubbed ChaosDB , that could have been potentially exploited by attackers to gain full admin access to other customers’ database instances without any authorization. .

Cloud 120

Cloud Access Security Risk 120

Security Affairs

DECEMBER 14, 2023

. “A Russian, suspected of having recovered in cryptocurrencies the money taken from French victims of the powerful Hive ransomware , dismantled in January, was arrested last week, AFP learned on Tuesday December 12 from the judicial police.” anti-cybercrime (Ofac).”

Ransomware 115

Ransomware Blockchain Manufacturing Analytics 115

Security Affairs

MARCH 13, 2021

The Small Computer Systems Interface defined both a parallel I/O bus and a data protocol to connect a wide variety of peripherals (disk drives, tape drives, modems, printers, scanners, optical drives, test equipment, and medical devices) to a host computer. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Security 140

Security Risk Access IT 140