Thu.Jan 19, 2023

article thumbnail

New T-Mobile Breach Affects 37 Million Accounts

Krebs on Security

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years.

Security 228
article thumbnail

T-Mobile Says Hackers Stole Data of 37 Million Customers

Data Breach Today

Unauthorized Party Obtained Access to Company API for Approximately 6 Weeks T-Mobile disclosed Thursday that hackers had access for approximately 6 weeks to an application programming interface that exposed customer data including names, dates of birth and email addresses.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

EmojiDeploy Attack Chain Targets Misconfigured Azure Service

Dark Reading

Multiple misconfigurations in a service that underpins many Azure features could have allowed an attacker to remotely compromise a cloud user's system

Cloud 114
article thumbnail

Victims' Known Ransom Payments to Ransomware Groups Decline

Data Breach Today

article thumbnail

Subsurface: The Ultimate Data Lakehouse Conference

Speaker: Panel Speakers

We’ve just opened registration for Subsurface LIVE 2023! Learn how to innovate with open source technologies such as Apache Arrow, Delta Lake, and more. Register now to secure your spot at Subsurface LIVE being held March 1-2, 2023.

article thumbnail

PayPal Breach Exposed PII of Nearly 35K Accounts

Dark Reading

The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data

More Trending

article thumbnail

Attackers Crafted Custom Malware for Fortinet Zero-Day

Dark Reading

The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China

114
114
article thumbnail

BlueVoyant CEO on How to Remediate Supply Chain Defense Bugs

Data Breach Today

Jim Rosenthal on Why Supply Chain Tools Must Go Beyond Detection and Include Fixes BlueVoyant has strengthened its ability to monitor the remediation of supply chain issues and integrate that with questionnaire activity, CEO Jim Rosenthal says.

article thumbnail

Massive Adware Campaign Shuttered

Dark Reading

Mainly Apple iOS in-app ads were targeted, injecting malicious JavaScript code to rack up phony views

99
article thumbnail

BitKeep to Reimburse Hacking Victims by March

Data Breach Today

The Crypto Wallet to Launch Compensation Portal Soon for Further Details Cryptocurrency wallet BitKeep says it will compensate victims of a December 2022 hack that cost the users $8 million. The wallet says it will pay victims in USDT stablecoin to counter asset fluctuation.

article thumbnail

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

article thumbnail

Security Analysis of Threema

Schneier on Security

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers.

article thumbnail

Lessons to Learn From CircleCI's Breach Investigation

Data Breach Today

Beware: Malware Bypassed Antivirus; Attackers Reused Stolen Single Sign-On Tokens Essential reading for network defenders: CircleCI's report into its recent breach, which began when malware infected an engineer's laptop.

article thumbnail

As Social Engineering Tactics Change, So Must Your Security Training

Dark Reading

Craft specific awareness training for high-exposure teams like finance, and reinforce other critical awareness training across the organization

article thumbnail

Ransomware Remains Top Cyberthreat, Former NCSC Chief Says

Data Breach Today

Ciaran Martin Warns High-Profile Attacks Will Increase in 2023 The former head of the U.K.'s

article thumbnail

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

article thumbnail

Cybersecurity in the Metaverse Will Require New Approaches

eSecurity Planet

Despite challenges faced by Meta and others, there remains optimism for the metaverse. The PwC 2022 U.S. Business and Consumer Metaverse Survey highlights this. The survey, which included over 5,000 consumers and 1,000 U.S.

article thumbnail

BitSight CEO on Going From Security Ratings to Managing Risk

Data Breach Today

Steve Harvey on Why Boards Want to Understand the Risk Factors, Not Just the Rating Security ratings provide a strong indication of potential risk, but boards increasingly want to drill into the underlying risk factors, says CEO Steve Harvey.

Risk 130
article thumbnail

Name That Toon: Poker Hand

Dark Reading

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card

87
article thumbnail

Royal Mail Starts Limited Delivery Abroad After Cyberattack

Data Breach Today

UK Postal Service Testing Workarounds to Tackle Ransomware-Induced Package Backlog The United Kingdom's Royal Mail says it can again deliver simple letters to international destinations as it enters a second week of grappling with the fallout of a ransomware attack.

article thumbnail

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

article thumbnail

Ethically Exploiting Vulnerabilities: A Play-by-Play

Dark Reading

There's a fine line between a hacker and an attacker, but it pays to be proactive. Consider tests by ethical hackers, a red team, or pen testers, and then bolster your company's defenses against malicious attacks

IT 87
article thumbnail

Phishing For Industrial Control Systems

KnowBe4

Mandiant has published a report describing phishing emails that have breached organizations in the industrial sector. Mandiant explains that the majority of phishing attacks are untargeted and opportunistic.

article thumbnail

Roaming Mantis Uses DNS Changers to Target Users via Compromised Public Routers

Dark Reading

86
article thumbnail

Is ChatGPT A World Changing Technology? (And Will We All Become “Centaurs”?)

John Battelle's Searchblog

Watching the hype cycle build around OpenAI’s ChatGPT, I can’t help but wonder when the first New York Times or Atlantic story comes out calling the top – declaring the whole thing just another busted Silicon Valley fantasy, this year’s version of crypto or the metaverse.

article thumbnail

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

article thumbnail

Critical Microsoft Azure RCE flaw impacted multiple services

Security Affairs

Researchers found a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure.

article thumbnail

How South Africa's Largest Law Firm Was Fined R5.5m for Not Educating Customers

KnowBe4

Africa’s largest law firm ordered to pay R5.5 million to a woman who fell victim to a hacking syndicate. When Judith Hawarden was buying a house, hackers changed the bank account number in a PDF emailed to her by ENSafrica, the law firm handling the conveyancing.

article thumbnail

Cisco fixes SQL Injection flaw in Unified CM

Security Affairs

A high-severity flaw (CVE-2023-20010) was found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition.

article thumbnail

Pwned or Bot

Troy Hunt

It's fascinating to see how creative people can get with breached data. Of course there's all the nasty stuff (phishing, identity theft, spam), but there are also some amazingly positive uses for data illegally taken from someone else's system.

article thumbnail

7 Ways to Supercharge Your ABM Strategy with Real-Time Intent

Streaming real-time intent is a homerun for marketing and sales’ account-based marketing (ABM) strategies. With real-time buyer insights, you can be first-in-line to provide solutions and lead better, hyper-personalized conversations.

article thumbnail

SynSaber Releases ICS Vulnerabilities & CVEs Report Covering Second Half of 2022

Dark Reading

ICS/OT cybersecurity firm finds 35% of CVEs in second half of 2022 unpatchable

article thumbnail

NortonLifeLock Says Customer Accounts were Compromised in Credential-Stuffing Attack

IT Governance

NortonLifeLock customers have been warned that their accounts may have been compromised in a security breach. The company, which specialises in antivirus software and identity theft protection, said that 925,000 people were targeted in a credential-stuffing attack.

IT 71
article thumbnail

The Media Industry Is the Most Vulnerable to Cyber Attacks, Report Shows

Dark Reading

The report highlights concerning security stats following two years of extreme tech growth