April, 2021

533 Million Facebook Account Records Posted to Forum

Data Breach Today

Facebook Says Data Comes from Previously Reported 2019 Incident A security researcher found more than 500 million Facebook records made available for free on the darknet, exposing basic user information including any phone numbers associated with accounts.

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Krebs on Security

Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

MY TAKE: How SMBs can improve security via ‘privileged access management’ (PAM) basics

The Last Watchdog

As digital transformation kicks into high gear, it’s certainly not getting any easier to operate IT systems securely, especially for small- and medium-sized businesses. Related: Business-logic attacks target commercial websites. SMBs are tapping into cloud infrastructure and rich mobile app experiences, making great leaps forward in business agility, the same as large enterprises.

Access 156

The FBI Is Now Securing Networks Without Their Owners’ Permission

Schneier on Security

In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange.

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Joker malware infected 538,000 Huawei Android devices

Security Affairs

More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store.

More Trending

Facebook Tries to 'Scrape' Its Way Through Another Breach

Data Breach Today

Social Network Attempts 'Not Hacking' Spin on Theft of 533 Million Users' Details Facebook has been attempting to dismiss the appearance of a massive trove of user data by claiming it wasn't hacked, but scraped.

IT 266

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles.

GUEST ESSAY: The missing puzzle piece in DevSecOps — seamless source code protection

The Last Watchdog

We live in a time where technology is advancing rapidly, and digital acceleration is propelling development teams to create web applications at an increasingly faster rhythm. The DevOps workflow has been accompanying the market shift and becoming more efficient every day – but despite those efforts, there was still something being overlooked: application security. Related: ‘Fileless’ attacks on the rise.

Signal Adds Cryptocurrency Support

Schneier on Security

According to Wired , Signal is adding support for the cryptocurrency MobileCoin, “a form of digital cash designed to work efficiently on mobile devices while protecting users’ privacy and even their anonymity.”

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Personal data of 1.3 million Clubhouse users leaked online

Security Affairs

An SQL database containing the personal data of 1.3 million Clubhouse users was leaked online for free, a few days after LinkedIn and Facebook suffered similar leaks. Researchers from Cyber News have discovered that the personal data of 1.3

Signal Adds a Payments Feature—With Cryptocurrency

WIRED Threat Level

The encrypted messaging app is integrating support for MobileCoin in a bid to keep up with the features offered by its more mainstream rivals. Security Security / Privacy

US Pulls Back Curtain on Russian Cyber Operations

Data Breach Today

Foreign Intelligence Service's Techniques, Partners Revealed While the Biden administration is betting that the latest round of sanctions aimed at Russia and its economy will help deter the country's cyber operations, several U.S.

IT 254

Ubiquiti All But Confirms Breach Response Iniquity

Krebs on Security

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

A next-gen cloud data lake architecture has emerged that brings together the best attributes of the data warehouse and the data lake. This new open data architecture is built to maximize data access with minimal data movement and no data copies.

GUEST ESSAY: ‘Identity Management Day’ highlights the importance of securing digital IDs

The Last Watchdog

The second Tuesday of April has been christened “ Identity Management Day ” by the Identity Defined Security Alliance, a trade group that provides free, vendor-neutral cybersecurity resources to businesses. Related: The role of facial recognition. Today, indeed, is a good a time as any to raise awareness about cyber exposures that can result from casually or improperly managing and securing digital identities.

Welcoming the Ukrainian Government to Have I Been Pwned

Troy Hunt

Another month, another national government to bring onto Have I Been Pwned. This time it's the Ukrainian National Cybersecurity Coordination Center who now has access to monitor all their government domains via API domain search, free of charge.

Data of 533 million Facebook users leaked in a hacking forum for free

Security Affairs

On April 3, a user has leaked the phone numbers and personal data of 533 million Facebook users in a hacking forum for free online. Bad news for Facebook, a user in a hacking forum has published the phone numbers and personal data of 533 million Facebook users.

Oh Look, LinkedIn Also Has a 500M User Data Leak

WIRED Threat Level

Plus: A bad Zoom bug, a billion-dollar cocaine bust, and more of the week's top security news. Security Security / Security News

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Texas Man Charged With Planning to Bomb AWS Data Center

Data Breach Today

DOJ: Suspect Believed He Could Disrupt 70% of Internet Traffic A Texas man is facing a federal charge after he allegedly tried to buy explosives from an undercover FBI agent to bomb an AWS data center in Virginia, according to the Justice Department.

249
249

Ransom Gangs Emailing Victim Customers for Leverage

Krebs on Security

Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.

SHARED INTEL: IT pros gravitate to ‘passwordless’ authentication to improve security, boost agility

The Last Watchdog

Passwordless authentication as a default parameter can’t arrive too soon. Related: Top execs call for facial recognition to be regulated. The good news is that passwordless technologies are not only ready for prime time, they appear to be gaining traction in ways that suggest we’re on the cusp of a period of wide-scale adoption. That’s the upshot of a new report, The State of Passwordless Security 2021 , put out by HYPR , a New York City-based supplier of advanced authentication systems.

Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021

Dark Reading

The 2021 Pwn2Own is among the largest in its history, with 23 separate entries targeting 10 products

IT 109

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Firmware attacks, a grey area in cybersecurity of organizations

Security Affairs

A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack.

Data Breaches, Class Actions and Ambulance Chasing

Troy Hunt

This post has been brewing for a while, but the catalyst finally came after someone (I'll refer to him as Jimmy) recently emailed me regarding the LOQBOX data breach from 2020.

A Tale of 3 Data 'Leaks': Clubhouse, LinkedIn, Facebook

Data Breach Today

Confusion Over Hacking, Scraping and Amassing Highlights Data Lockdown Imperative Criminals love to amass and sell vast quantities of user data, but not all such data sets necessarily pose a fresh risk to users.

Risk 244

Note to Self: Create Non-Exhaustive List of Competitors

Krebs on Security

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. NYSE:IT ] — a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry.

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Wi-Fi Devices as Physical Object Sensors

Schneier on Security

The new 802.11bf standard will turn Wi-Fi devices into object sensors: In three years or so, the Wi-Fi specification is scheduled to get an upgrade that will turn wireless devices into sensors capable of gathering data about the people and objects bathed in their signals.

Microsoft Warns of Malware Delivery via Google URLs

Dark Reading

A new campaign abuses legitimate website contact forms to send URLs that ultimately deliver the IcedID banking Trojan

102
102

This man was planning to kill 70% of Internet in a bomb attack against AWS

Security Affairs

The FBI arrested a man for allegedly planning a bomb attack against Amazon Web Services (AWS) to kill about 70% of the internet.