Thu.Jan 19, 2023

article thumbnail

New T-Mobile Breach Affects 37 Million Accounts

Krebs on Security

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts. Image: customink.com In a filing today with the U.S.

article thumbnail

T-Mobile Says Hackers Stole Data of 37 Million Customers

Data Breach Today

Unauthorized Party Obtained Access to Company API for Approximately 6 Weeks T-Mobile disclosed Thursday that hackers had access for approximately 6 weeks to an application programming interface that exposed customer data including names, dates of birth and email addresses. No payment information or passwords were part of the breach, the company said.

Passwords 245
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

PayPal Breach Exposed PII of Nearly 35K Accounts

Dark Reading

The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data.

article thumbnail

Victims' Known Ransom Payments to Ransomware Groups Decline

Data Breach Today

Evidence Suggests Victims Ponied Up 40% Less in Ransom Payments, Researchers Say The total amount of ransom payments being sent by victims to ransomware groups appears to have taken a big dip, declining by 40% from $766 million in 2021 to $457 million in 2022 due to victims simply being unwilling to pay, blockchain intelligence firm Chainalysis reports.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Attackers Crafted Custom Malware for Fortinet Zero-Day

Dark Reading

The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China.

131
131

More Trending

article thumbnail

Security Analysis of Threema

Schneier on Security

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between diff

Security 118
article thumbnail

BlueVoyant CEO on How to Remediate Supply Chain Defense Bugs

Data Breach Today

Jim Rosenthal on Why Supply Chain Tools Must Go Beyond Detection and Include Fixes BlueVoyant has strengthened its ability to monitor the remediation of supply chain issues and integrate that with questionnaire activity, CEO Jim Rosenthal says. Existing supply chain tools tend to generate lots of risk information but then put the burden on the client to interact with suppliers.

Risk 130
article thumbnail

NortonLifeLock Says Customer Accounts were Compromised in Credential-Stuffing Attack

IT Governance

NortonLifeLock customers have been warned that their accounts may have been compromised in a security breach. The company, which specialises in antivirus software and identity theft protection, said that 925,000 people were targeted in a credential-stuffing attack. Customers’ full names, phone numbers and mailing addresses are thought to have been exposed in the incident.

Passwords 105
article thumbnail

BitKeep to Reimburse Hacking Victims by March

Data Breach Today

The Crypto Wallet to Launch Compensation Portal Soon for Further Details Cryptocurrency wallet BitKeep says it will compensate victims of a December 2022 hack that cost the users $8 million. The wallet says it will pay victims in USDT stablecoin to counter asset fluctuation. This isn't the first time BitKeep has made customers whole following a hack.

IT 130
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Phishing For Industrial Control Systems

KnowBe4

Mandiant has published a report describing phishing emails that have breached organizations in the industrial sector. Mandiant explains that the majority of phishing attacks are untargeted and opportunistic. Most attackers wait to see which organizations they can compromise, and then decide how to monetize their successful attacks.

Phishing 100
article thumbnail

Ransomware Remains Top Cyberthreat, Former NCSC Chief Says

Data Breach Today

Ciaran Martin Warns High-Profile Attacks Will Increase in 2023 The former head of the U.K.'s National Cyber Security Centre warns that destructive ransomware targeting large enterprises is likely to surge in 2023, adding that recent attacks on Royal Mail and The Guardian newspaper are examples of these early-stage attacks.

article thumbnail

Critical Microsoft Azure RCE flaw impacted multiple services

Security Affairs

Researchers found a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure. Researchers from Ermetic found a remote code execution flaw, dubbed EmojiDeploy, that impacts Microsoft Azure services and other cloud services including Function Apps, App Service and Logic Apps. The issue is achieved through CSRF (Cross-site request forgery) on the ubiquitous SCM service Kudu.

article thumbnail

BitSight CEO on Going From Security Ratings to Managing Risk

Data Breach Today

Steve Harvey on Why Boards Want to Understand the Risk Factors, Not Just the Rating Security ratings provide a strong indication of potential risk, but boards increasingly want to drill into the underlying risk factors, says CEO Steve Harvey. BitSight has invested in both workflows around third-party risk and research and identification of CVEs on behalf of government agencies.

Risk 130
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Is ChatGPT A World Changing Technology? (And Will We All Become “Centaurs”?)

John Battelle's Searchblog

Watching the hype cycle build around OpenAI’s ChatGPT, I can’t help but wonder when the first New York Times or Atlantic story comes out calling the top – declaring the whole thing just another busted Silicon Valley fantasy, this year’s version of crypto or the metaverse. Anything tagged as “ the talk of Davos ” is destined for a ritual media takedown, after all.

article thumbnail

Royal Mail Starts Limited Delivery Abroad After Cyberattack

Data Breach Today

UK Postal Service Testing Workarounds to Tackle Ransomware-Induced Package Backlog The United Kingdom's Royal Mail says it can again deliver simple letters to international destinations as it enters a second week of grappling with the fallout of a ransomware attack. It is testing operational workarounds to reduce its backlog of packages to be delivered.

article thumbnail

Cisco fixes SQL Injection flaw in Unified CM

Security Affairs

A high-severity flaw (CVE-2023-20010) was found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition. Cisco fixed a high-severity SQL injection flaw, tracked as CVE-2023-20010 (CVSS score of 8.1), in Unified Communications Manager and Unified Communications Manager Session Management Edition. Unified Communications Manager solutions provide reliable, secure, scalable, and manageable call control and session management.

article thumbnail

EmojiDeploy Attack Chain Targets Misconfigured Azure Service

Dark Reading

Multiple misconfigurations in a service that underpins many Azure features could have allowed an attacker to remotely compromise a cloud user's system.

Cloud 142
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog

Security Affairs

US CISA added the vulnerability CVE-2022-44877 in CentOS Control Web Panel utility to its Known Exploited Vulnerabilities Catalog. The US CISA added the Centos Web Panel 7 unauthenticated remote code execution flaw ( CVE-2022-44877 ) to its Known Exploited Vulnerabilities Catalog. The flaw impacts the software before 0.9.8.1147, it was addressed with the release of 0.9.8.1147 version on October 25, 2022.

IT 91
article thumbnail

How South Africa's Largest Law Firm Was Fined R5.5m for Not Educating Customers

KnowBe4

Africa’s largest law firm ordered to pay R5.5 million to a woman who fell victim to a hacking syndicate. When Judith Hawarden was buying a house, hackers changed the bank account number in a PDF emailed to her by ENSafrica, the law firm handling the conveyancing.

article thumbnail

Experts released PoC exploit for critical Zoho ManageEngine RCE flaw

Security Affairs

Researchers released Proof-of-concept exploit code for remote code execution flaw CVE-2022-47966 impacting multiple Zoho ManageEngine products. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The issue also impacts products that had the feature enabled in the past.

IT 89
article thumbnail

What we can learn from the ACC 2022 State of Cybersecurity Report

OpenText Information Management

Recently, the Association of Corporate Counsel (ACC) Foundation, in collaboration with Ernst & Young, LLP, released the 2022 State of Cybersecurity Report, An In-house Perspective. The report contained several interesting findings regarding the growing influence of corporate legal departments on their organization’s cybersecurity strategy. Let’s look at some of the report findings and four recommendations … The post What we can learn from the ACC 2022 State of Cybersecurity Report appe

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Mailchimp discloses a new security breach, the second one in 6 months

Security Affairs

Popular email marketing and newsletter platform Mailchimp was hacked and the data of dozens of customers were exposed. The popular email marketing and newsletter platform Mailchimp was hacked twice in the past six months. The news of a new security breach was confirmed by the company, the incident exposed the data of 133 customers. Threat actors targeted the company’s employees and contractors to gain access to an internal support and account admin tool. “On January 11, the Mailchim

article thumbnail

A Sneaky Ad Scam Tore Through 11 Million Phones

WIRED Threat Level

Some 1,700 spoofed apps, 120 targeted publishers, 12 billion false ad requests per day—Vastflux is one of the biggest ad frauds ever discovered.

article thumbnail

As Social Engineering Tactics Change, So Must Your Security Training

Dark Reading

Craft specific awareness training for high-exposure teams like finance, and reinforce other critical awareness training across the organization.

article thumbnail

EU Publishes New NIS2 Cyber Directive Imposing Liability and Obligations on Senior Management

Data Matters

On 17 January 2023, the new Network and Information Systems Security Directive (“ NIS2 Directive ”), which is aimed at establishing a minimum level of cybersecurity standards across the EU and is set to replace its predecessor (the NIS or “ NIS1 Directive ” ), entered into force. The new NIS2 Directive aims to further harmonize and strengthen cybersecurity and resilience throughout the EU in response to a continued increase in digitization and rise in cyber (and in particular ransomware) threats

article thumbnail

A Tale of Two Case Studies: Using LLMs in Production

Speaker: Tony Karrer, Ryan Barker, Grant Wiles, Zach Asman, & Mark Pace

Join our exclusive webinar with top industry visionaries, where we'll explore the latest innovations in Artificial Intelligence and the incredible potential of LLMs. We'll walk through two compelling case studies that showcase how AI is reimagining industries and revolutionizing the way we interact with technology. Some takeaways include: How to test and evaluate results 📊 Why confidence scoring matters 🔐 How to assess cost and quality 🤖 Cross-platform cost vs. quality tr

article thumbnail

Ethically Exploiting Vulnerabilities: A Play-by-Play

Dark Reading

There's a fine line between a hacker and an attacker, but it pays to be proactive. Consider tests by ethical hackers, a red team, or pen testers, and then bolster your company's defenses against malicious attacks.

IT 73
article thumbnail

Make data protection a 2023 competitive differentiator

IBM Big Data Hub

Data privacy regulations, such as the General Data Protection Regulation (GDPR) in the European Union or the California Consumer Privacy Act (CCPA) in the state of California, are inescapable. By 2024, for instance, 75% of the entire world’s population will have its personal data protected by encryption, multifactor authentication, masking and erasure, as well as data resilience.

article thumbnail

Name That Toon: Poker Hand

Dark Reading

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

84