Security Affairs

AUGUST 9, 2022

Microsoft Patch Tuesday security updates for August 2022 addressed a zero-day attack remote code execution vulnerability in Windows. Most of the flaws, 64, are escalation of privilege issues, followed by remote code execution, 31, and 12 information disclosure. No No RCE CVE-2022-34716.NET No No RCE CVE-2022-34716.NET

Security 122

Security Cloud IT Information Security 122

IT Governance

MAY 15, 2024

Physical access control, physical security monitoring, CCTV, and more When we hear the term ‘information security’ – or, for that matter, ‘ISO 27001’ – our thoughts usually turn straight to cyber security. However, physical security is also an important aspect of information and data security.

Security 52

Security Information Security Access Cloud 52

eSecurity Planet

MAY 3, 2022

Databases contain some of the most critical data in enterprises, so vulnerabilities in them are serious issues. From Q1 2021 to Q1 2022, the team discovered 399,200 exposed databases due to those efforts. Also read: Database Security: 7 Best Practices & Tips. ” See our picks for the Top Database Security Solutions.

Security 128

Security Risk Information Security Data breaches 128

Security Affairs

JANUARY 30, 2022

A researcher disclosed an exploit for a Windows local privilege elevation issue (CVE-2022-21882) that allows anyone to gain admin privileges in Windows 10. The security researchers RyeLv has publicly released an exploit for a Windows local privilege elevation flaw ( CVE-2022-21882 ) that allows anyone to gain admin privileges in Windows 10.

Authentication 85

Authentication Ransomware Security Access 85

Security Affairs

NOVEMBER 2, 2023

Okta warns approximately 5,000 employees that their personal information was compromised due to a third-party vendor data breach. “On October 12, 2023, Rightway informed Okta that an unauthorized actor gained access to an eligibility census file maintained by Rightway in its provision of services to Okta.

Data breaches 117

Data breaches Insurance Access Authentication 117

Security Affairs

OCTOBER 26, 2022

International ticketing services company See Tickets disclosed a data breach that exposed customers’ payment card details. Ticketing service company See Tickets disclosed a data breach, and threat actors might have accessed customers’ payment card details. Follow me on Twitter: @securityaffairs and Facebook.

Data breaches 90

Data breaches Access Security IT 90

Security Affairs

MAY 20, 2023

Luxottica has finally confirmed the 2021 data breach that exposed the personal information of 70 million customers. On May 12, the cybersecurity expert Andrea Draghetti noticed that a threat actor released data belonging to Luxottica speculating a new databreach. Luxottica Group S.p.A.

Data breaches 91

Data breaches Retail Sales Ransomware 91

Security Affairs

OCTOBER 29, 2022

Twilio suffered another brief security incident in June 2022, the attack was conducted by the same threat actor of the August hack. “Our investigation also led us to conclude that the same malicious actors likely were responsible for a brief security incident that occurred on June 29, 2022. Pierluigi Paganini.

Security 105

Security Phishing Authentication Access 105

Security Affairs

MARCH 22, 2023

US health services company Independent Living Systems (ILS) discloses a data breach that impacted more than 4 million individuals. US health services company Independent Living Systems (ILS) disclosed a data breach that exposed personal and medical information for more than 4 million individuals. million individuals.

Data breaches 85

Data breaches Insurance Cybersecurity Access 85

Security Affairs

SEPTEMBER 28, 2022

Elbit Systems of America, a subsidiary of defense giant Elbit Systems, disclosed a data breach after Black Basta ransomware gang claimed to have hacked it. Now the company has confirmed the data breach that took place on June 8, 2022 and impacted 369 people. Elbit Systems of America, LLC is a U.S. Pierluigi Paganini.

Data breaches 87

Data breaches Ransomware Encryption Cybersecurity 87

Security Affairs

MAY 15, 2023

National pharmacy network PharMerica discloses a data breach that impacted more than 5.8 National pharmacy network PharMerica disclosed a data breach that exposed the personal information of 5,815,591 individuals. In response to the incident, the company enhanced its technical security measures. million individuals.

Data breaches 87

Data breaches Cybersecurity Insurance Ransomware 87

Thales Cloud Protection & Licensing

MARCH 23, 2022

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies. Thu, 03/24/2022 - 05:00. The 2022 Thales Data Threat Report, based on data from a survey of almost 2,800 respondents from 17 countries across the globe, illustrates these trends and changes. 2022 Report. 2021 Report.

Risk 126

Risk Security Encryption Ransomware 126

Security Affairs

MAY 28, 2023

Swiss electrification and automation technology giant ABB confirmed it has suffered a data breach after a ransomware attack. billion in revenue for 2022. Once discovered the security breach, ABB closed VPN connections with its customers to prevent the threat from spreading. ABB has more than 105,000 employees and has $29.4

Data breaches 90

Data breaches Ransomware Access Cybersecurity 90

Security Affairs

OCTOBER 6, 2022

The City of Tucson, Arizona disclosed a data breach, the incident was discovered in May 2022 and impacted 123,500 individuals. The security breach was discovered at the end of May 2022 and concluded the investigation in September. ” reads the data breach notice.”On ” states the letter.

Data breaches 85

Data breaches Access Security IT 85

Security Affairs

JULY 5, 2023

Swedish data protection watchdog warns companies against using Google Analytics due to the risk of surveillance operated by the US government. The Swedish data protection watchdog warned businesses against using Google Analytics due to the risk of surveillance carried out by the US government.

Analytics 83

Analytics Personal data GDPR Privacy 83

Security Affairs

APRIL 7, 2023

Multinational IT corporation MSI (Micro-Star International) confirms security breach after Money Message ransomware gang claimed the hack. Today MSI confirmed the security breach, it confirmed that threat actors had access to some of its information service systems.

Ransomware 89

Ransomware Security Manufacturing Cybersecurity 89

Security Affairs

JANUARY 23, 2024

The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022. The man is responsible for the cyber attacks that in 2022 hit the Australian insurance provider Medibank. “ In November 2022, Medibank announced that personal data belonging to around 9.7M

Government 99

Government Insurance Ransomware Data breaches 99

Security Affairs

JULY 29, 2022

Threat actors used multiple npm packages to target Discord users with malware designed to steal their payment card data. A malicious campaign targeting Discord users leverages multiple npm packages to deliver malware that steals their payment card information, Kaspersky researchers warn. 2022-07-17 20:28:29 small-sm 4.2.0

Passwords 104

Passwords Authentication Security IT 104

Security Affairs

OCTOBER 26, 2023

Boffins devised a new iLeakage side-channel speculative execution attack exploits Safari to steal sensitive data from Macs, iPhones, and iPads. The researchers disclosed the attack technique to Apple on September 12, 2022 (408 days before public release).

Passwords 108

Passwords Paper IT Security 108

Security Affairs

MAY 4, 2024

The company has yet to disclose a data breach e never mentioned in its update that it was the victim of a ransomware attack. Another concern for companies affected by ransomware is the potential exfiltration of data. As proof of the data breach, the group published images of passports, ID cards and medical analyses.

Ransomware 101

Ransomware Data breaches Personal data Phishing 101

Security Affairs

APRIL 17, 2022

GitHub reported that threat actors used stolen OAuth user tokens to exfiltrate private data from several organizations. GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. ” reads the post published by the company.

Access 106

Access Cybersecurity Security Authentication 106

Security Affairs

SEPTEMBER 16, 2022

On Monday, September 12, 2022, Akamai mitigated the largest DDoS attack ever that hit one of its European customers. Mpps Cumulative Attacks 75 201 IPs Targeted 512 1813 Vector UDP UDP Distribution 1 location 6 locations Date of Attack July 21, 2022 September 12, 2022 Top Scrubbing Locations HKG, LON, TYO HKG, TYO, LON.

Security 89

Security IT Information Security 89

Security Affairs

DECEMBER 13, 2022

LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The LockBit ransomware gang claims to have stolen 76Gb from the California Department of Finance and is threatening to leak the stolen data if the victims will not pay the ransom by December 24. Pierluigi Paganini.

Ransomware 129

Ransomware Military Cybersecurity Security 129

Security Affairs

AUGUST 6, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security 80

Security Military Phishing Sales 80

Security Affairs

JUNE 6, 2024

The FBI is informing victims of LockBit ransomware it has obtained over 7,000 LockBit decryption keys that could allow some of them to decrypt their data. “Additionally, from our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online.”

Energy and Utilities 107

Energy and Utilities Ransomware Agriculture Encryption 107

Security Affairs

JUNE 15, 2023

Help us #StopRansomware by visiting [link] pic.twitter.com/G5jpxtB0Fw — Cybersecurity and Infrastructure Security Agency (@CISAgov) June 14, 2023 The LockBit ransomware operation was the most active in 2022 and according to the researchers it is one of the most prolific RaaS in 2023. law enforcement). Red, LockBit 3.0/Black,

Ransomware 89

Ransomware Cybersecurity Agriculture Education 89

Security Affairs

MAY 22, 2023

billion fine for transferring European user data to the US. billion for transferring user data to the US. This is the biggest fine since the adoption of the General Data Protection Regulation (GDPR) by the European Union (EU) on May 25, 2018. Data Privacy Framework on December 13, 2022. The EU-U.S.

GDPR 83

GDPR Personal data Privacy Data Privacy 83

The Last Watchdog

AUGUST 1, 2023

1, 2023– AppViewX , a leader in automated machine identity management (MIM) and application infrastructure security, today announced the results of a research study conducted by Enterprise Management Associates (EMA) on SSL/TLS Certificate Security. New York, NY, Aug.

Risk 100

Risk Compliance Security Information Security 100

Security Affairs

JUNE 14, 2022

Organizations face the constant need to protect these APIs from attacks so they can protect organizational data. Organizations are rapidly opening their ecosystem through Application Programming Interfaces (API) by ensuring seamless access to data and interaction with external software components and services. Prioritize Security.

Security 79

Security Authentication Encryption Access 79

Security Affairs

AUGUST 22, 2023

The company, with reported revenue of $950 million in 2022, is a trusted strategic partner to more than 40 US Federal agencies. On May 15th, the Cybernews research team discovered an open Kibana instance containing sensitive information regarding Belcan, their employees, and internal infrastructure.

Passwords 85

Passwords Military Manufacturing Analytics 85

Security Affairs

JANUARY 18, 2023

Researchers at the security firm Orca discovered that four different Microsoft Azure services were vulnerable to server-side request forgery (SSRF) attacks. hostname, security group, MAC address and user-data) and potentially retrieve tokens, perform lateral movement and execute arbitrary code. Pierluigi Paganini.

Authentication 97

Authentication Cloud Metadata Access 97

Security Affairs

MAY 28, 2022

In April, GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. The attackers abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm.

Metadata 141

Metadata Passwords Archiving Access 141

Hunton Privacy

OCTOBER 19, 2022

On October 12, 2022, New York Attorney General Letitia James announced that her office had secured a $1.9 million penalty from e-commerce retailer Zoetop, owner of SHEIN and ROMWE, following an improperly handled data breach. In addition to paying New York $1.9

Data breaches 64

Data breaches Passwords Retail Cybersecurity 64

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

Compliance madhav Tue, 09/19/2023 - 05:17 It is essential for any business that stores, processes, and transmits payment card information to comply with the Payment Card Industry Data Security Standard (PCI DSS). Consumers’ payment data is a compelling target for criminals who continue to circumvent IT security defenses.

Compliance 77

Compliance Financial Services Data breaches Encryption 77

Security Affairs

MAY 8, 2023

MSI confirmed the security breach, it revealed that threat actors had access to some of its information service systems. The Money Message group initially threatened to publish the stolen files by April 12, 2023, if the company will not pay the ransom. Previously we already described the BG pkeys leak impact.

Data breaches 82

Data breaches Ransomware Manufacturing Authentication 82

Security Affairs

JANUARY 23, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds VMware vCenter Server Out-of-Bounds Write bug to its Known Exploited Vulnerabilities catalog. It serves as a centralized and comprehensive management platform for VMware’s virtualized data centers. In October, VMware addressed the flaw CVE-2023-34048 (CVSS score 9.8).

IT 115

IT Cybersecurity Cloud Risk 115

IT Governance

NOVEMBER 23, 2023

The financial sector is quite heavily regulated, and involves a lot of confidential data. You’d therefore expect that the sector fares better at data security than your average organisation. So to account for seasonality, we’ve only looked at Q2–Q4 for all four years (2019–2022). What do the statistics say?

Risk 104

Risk Data breaches Authentication Financial Services 104