FreshRSS

🔒
☐ ☆ ✇ The Hacker News

U.K. Electoral Commission Breach Exposes Voter Data of 40 Million Britons

By THN — August 9th 2023 at 06:30
The U.K. Electoral Commission on Tuesday disclosed a "complex" cyber attack on its systems that went undetected for over a year, allowing the threat actors to access years worth of voter data belonging to 40 million people. "The incident was identified in October 2022 after suspicious activity was detected on our systems," the regulator said. "It became clear that hostile actors had first
☐ ☆ ✇ The Hacker News

"Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches

By THN — August 3rd 2023 at 09:20
A hacktivist group known as Mysterious Team Bangladesh has been linked to over 750 distributed denial-of-service (DDoS) attacks and 78 website defacements since June 2022. "The group most frequently attacks logistics, government, and financial sector organizations in India and Israel," Singapore-headquartered cybersecurity firm Group-IB said in a report shared with The Hacker News. "The group is
☐ ☆ ✇ The Hacker News

Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches

By THN — July 28th 2023 at 05:07
Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. This includes a specific class of bugs called Insecure Direct Object Reference (IDOR), a type of access control flaw that occurs when an
☐ ☆ ✇ The Hacker News

New SEC Rules Require U.S. Companies to Reveal Cyber Attacks Within 4 Days

By THN — July 27th 2023 at 06:49
The U.S. Securities and Exchange Commission (SEC) on Wednesday approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a "material" impact on their finances, marking a major shift in how computer breaches are disclosed. "Whether a company loses a factory in a fire — or millions of files in a cybersecurity
☐ ☆ ✇ The Hacker News

How to Protect Patients and Their Privacy in Your SaaS Apps

By The Hacker News — July 24th 2023 at 12:10
The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven’t changed in 2023. The U.S. Government’s Office for Civil Rights reported 145 data breaches in the United States during the first quarter of this year. That follows 707 incidents a year ago, during which over 50 million records were
☐ ☆ ✇ The Hacker News

Owner of BreachForums Pleads Guilty to Cybercrime and Child Pornography Charges

By THN — July 18th 2023 at 06:23
Conor Brian Fitzpatrick, the owner of the now-defunct BreachForums website, has pleaded guilty to charges related to his operation of the cybercrime forum as well as having child pornography images. The development, first reported by DataBreaches.net last week, comes nearly four months after Fitzpatrick (aka pompompurin) was formally charged in the U.S. with conspiracy to commit access device
☐ ☆ ✇ The Hacker News

JumpCloud Blames 'Sophisticated Nation-State' Actor for Security Breach

By THN — July 18th 2023 at 03:26
A little over a week after JumpCloud reset API keys of customers impacted by a security incident, the company said the intrusion was the work of a sophisticated nation-state actor. The adversary "gained unauthorized access to our systems to target a small and specific set of our customers," Bob Phan, chief information security officer (CISO) at JumpCloud, said in a post-mortem report. "The
☐ ☆ ✇ The Hacker News

JumpCloud Resets API Keys Amid Ongoing Cybersecurity Incident

By Swati Khandelwal — July 7th 2023 at 06:17
JumpCloud, a provider of cloud-based identity and access management solutions, has swiftly reacted to an ongoing cybersecurity incident that impacted some of its clients. As part of its damage control efforts, JumpCloud has reset the application programming interface (API) keys of all customers affected by this event, aiming to protect their valuable data. The company has informed the concerned
☐ ☆ ✇ The Hacker News

Why Honeytokens Are the Future of Intrusion Detection

By The Hacker News — May 10th 2023 at 11:15
A few weeks ago, the 32nd edition of RSA, one of the world's largest cybersecurity conferences, wrapped up in San Francisco. Among the highlights, Kevin Mandia, CEO of Mandiant at Google Cloud, presented a retrospective on the state of cybersecurity. During his keynote, Mandia stated: "There are clear steps organizations can take beyond common safeguards and security tools to strengthen their
☐ ☆ ✇ The Hacker News

MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web

By Ravie Lakshmanan — May 8th 2023 at 15:23
The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security firm Binarly, said in a tweet over the weekend. "It appears that Intel Boot Guard may not be
☐ ☆ ✇ The Hacker News

Western Digital Confirms Customer Data Stolen by Hackers in March Breach

By Ravie Lakshmanan — May 8th 2023 at 14:06
Digital storage giant Western Digital confirmed that an "unauthorized third party" gained access to its systems and stole personal information belonging to the company's online store customers. "This information included customer names, billing and shipping addresses, email addresses and telephone numbers," the San Jose-based company said in a disclosure last week. "In addition, the database
☐ ☆ ✇ The Hacker News

Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen

By Ravie Lakshmanan — April 14th 2023 at 10:22
Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company's MyBB forum database containing user data and private messages. What's more, the unknown threat actors attempted to sell the data dump comprising 400,635 Kodi users on the now-defunct BreachForums cybercrime marketplace. "MyBB admin logs show the account of a trusted but currently
☐ ☆ ✇ The Hacker News

FBI Cracks Down on Genesis Market: 119 Arrested in Cybercrime Operation

By Ravie Lakshmanan — April 6th 2023 at 09:01
A joint international law enforcement operation has dismantled Genesis Market, an illegal online marketplace that specialized in the sale of stolen credentials associated with email, bank accounts, and social media platforms. Coinciding with the infrastructure seizure, the major crackdown, which involved authorities from 17 countries, culminated in 119 arrests and 208 property searches in 13
☐ ☆ ✇ The Hacker News

Protect Your Company: Ransomware Prevention Made Easy

By The Hacker News — April 5th 2023 at 11:49
Every year hundreds of millions of malware attacks occur worldwide, and every year businesses deal with the impact of viruses, worms, keyloggers, and ransomware. Malware is a pernicious threat and the biggest driver for businesses to look for cybersecurity solutions.  Naturally, businesses want to find products that will stop malware in its tracks, and so they search for solutions to do that.
☐ ☆ ✇ The Hacker News

Western Digital Hit by Network Security Breach - Critical Services Disrupted!

By Ravie Lakshmanan — April 3rd 2023 at 11:41
Data storage devices maker Western Digital on Monday disclosed a "network security incident" that involved unauthorized access to its systems. The breach is said to have occurred on March 26, 2023, enabling an unnamed third party to gain access to a "number of the company's systems." Following the discovery of the hack, Western Digital said it has initiated incident response efforts and enlisted
☐ ☆ ✇ The Hacker News

20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison

By Ravie Lakshmanan — March 27th 2023 at 15:18
Conor Brian Fitzpatrick, the 20-year-old founder and the administrator of the now-defunct BreachForums has been formally charged in the U.S. with conspiracy to commit access device fraud. If proven guilty, Fitzpatrick, who went by the online moniker "pompompurin," faces a maximum penalty of up to five years in prison. He was arrested on March 15, 2023. "Cybercrime victimizes and steals financial
☐ ☆ ✇ The Hacker News

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

By Ravie Lakshmanan — March 25th 2023 at 05:51
OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week. The glitch, which came to light on March 20, 2023, enabled certain users to view brief descriptions of other users' conversations from the chat history sidebar, prompting the company to
☐ ☆ ✇ The Hacker News

BreachForums Administrator Baphomet Shuts Down Infamous Hacking Forum

By Ravie Lakshmanan — March 22nd 2023 at 04:37
In a sudden turn of events, Baphomet, the current administrator of BreachForums, said in an update on March 21, 2023, that the hacking forum has been officially taken down but emphasized that "it's not the end." "You are allowed to hate me, and disagree with my decision but I promise what is to come will be better for us all," Baphomet noted in a message posted on the BreachForums Telegram
☐ ☆ ✇ The Hacker News

New Cyber Platform Lab 1 Decodes Dark Web Data to Uncover Hidden Supply Chain Breaches

By The Hacker News — March 20th 2023 at 10:44
2022 was the year when inflation hit world economies, except in one corner of the global marketplace – stolen data. Ransomware payments fell by over 40% in 2022 compared to 2021. More organisations chose not to pay ransom demands, according to findings by blockchain firm Chainalysis. Nonetheless, stolen data has value beyond a price tag, and in risky ways you may not expect. Evaluating stolen
☐ ☆ ✇ The Hacker News

Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York

By Ravie Lakshmanan — March 18th 2023 at 05:59
U.S. law enforcement authorities have arrested a 21-year-old New York man in connection with running the infamous BreachForums hacking forum under the online alias "Pompompurin." The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators "spent hours inside and outside of a home in Peekskill." "At one point, investigators
☐ ☆ ✇ The Hacker News

Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency

By Ravie Lakshmanan — March 16th 2023 at 06:34
Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC).
☐ ☆ ✇ The Hacker News

Does Your Help Desk Know Who's Calling?

By The Hacker News — March 9th 2023 at 12:25
Phishing, the theft of users' credentials or sensitive data using social engineering, has been a significant threat since the early days of the internet – and continues to plague organizations today, accounting for more than 30% of all known breaches. And with the mass migration to remote working during the pandemic, hackers have ramped up their efforts to steal login credentials as they take
☐ ☆ ✇ The Hacker News

Dutch Police Arrest 3 Hackers Involved in Massive Data Theft and Extortion Scheme

By Ravie Lakshmanan — February 27th 2023 at 07:12
The Dutch police announced the arrest of three individuals in connection with a "large-scale" criminal operation involving data theft, extortion, and money laundering. The suspects include two 21-year-old men from Zandvoort and Rotterdam and an 18-year-old man without a permanent residence. The arrests were made on January 23, 2023. It's estimated that the hackers stole personal data belonging
☐ ☆ ✇ The Hacker News

Coinbase Employee Falls for SMS Scam in Cyber Attack, Limited Data Exposed

By Ravie Lakshmanan — February 21st 2023 at 10:13
Popular cryptocurrency exchange platform Coinbase disclosed that it experienced a cybersecurity attack that targeted its employees. The company said its "cyber controls prevented the attacker from gaining direct system access and prevented any loss of funds or compromise of customer information." The incident, which took place on February 5, 2023, resulted in the exposure of a "limited amount of
☐ ☆ ✇ The Hacker News

Breaking the Security "Black Box" in DBs, Data Warehouses and Data Lakes

By The Hacker News — February 16th 2023 at 11:12
Security teams typically have great visibility over most areas, for example, the corporate network, endpoints, servers, and cloud infrastructure. They use this visibility to enforce the necessary security and compliance requirements. However, this is not the case when it comes to sensitive data sitting in production or analytic databases, data warehouses or data lakes. Security teams have to
☐ ☆ ✇ The Hacker News

Reddit Suffers Security Breach Exposing Internal Documents and Source Code

By Ravie Lakshmanan — February 10th 2023 at 04:28
Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The company blamed it on a "sophisticated and highly-targeted phishing attack" that took place on February 5, 2023, aimed at its employees. The attack
☐ ☆ ✇ The Hacker News

Sydney Man Sentenced for Blackmailing Optus Customers After Data Breach

By Ravie Lakshmanan — February 8th 2023 at 15:00
A Sydney man has been sentenced to an 18-month Community Correction Order (CCO) and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers. The unnamed individual, 19 when arrested in October 2022 and now 20, used the leaked records stolen from the security lapse to orchestrate an SMS-based extortion scheme. The suspect
☐ ☆ ✇ The Hacker News

Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down?

By The Hacker News — February 2nd 2023 at 10:04
Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion – with a T, not a B – it’s no wonder that cybersecurity is top of mind for leaders across all industries and regions. However, despite growing attention and budgets for cybersecurity in recent years, attacks have only become
☐ ☆ ✇ The Hacker News

LastPass Parent Company GoTo Suffers Data Breach, Customers' Backups Compromised

By Ravie Lakshmanan — January 25th 2023 at 07:43
LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products, the company said. "The
☐ ☆ ✇ The Hacker News

Mailchimp Suffers Another Security Breach Compromising Some Customers' Information

By Ravie Lakshmanan — January 19th 2023 at 05:33
Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers. "The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee
☐ ☆ ✇ The Hacker News

Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident

By Ravie Lakshmanan — January 14th 2023 at 08:41
DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "sophisticated attack" took place on December 16, 2022, and that the malware went undetected by its antivirus
☐ ☆ ✇ The Hacker News

Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System

By Ravie Lakshmanan — January 12th 2023 at 07:21
Twitter on Wednesday said that its investigation found "no evidence" that users' data sold online was obtained by exploiting any security vulnerabilities in its systems. "Based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems," the company said in a statement. "The data
☐ ☆ ✇ The Hacker News

Mitigate the LastPass Attack Surface in Your Environment with this Free Tool

By The Hacker News — January 5th 2023 at 10:51
The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best practices are not followed is a wild understatement. The reality is that there
☐ ☆ ✇ The Hacker News

LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen

By Ravie Lakshmanan — December 23rd 2022 at 04:07
The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted password vaults by using data siphoned from the earlier break-in. Among the data stolen are "basic
☐ ☆ ✇ The Hacker News

Why PCI DSS 4.0 Should Be on Your Radar in 2023

By The Hacker News — December 14th 2022 at 12:30
Protecting customer data is critical for any business accepting online payment information. The Payment Card Industry Data Security Standard (PCI DSS), created by leading credit card companies, establishes best practices for protecting consumers' information. By adhering to these standards, businesses can ensure that their customer's personal and financial information is secure.  The PCI DSS
☐ ☆ ✇ The Hacker News

Hackers Leak Another Set of Medibank Customer Data on the Dark Web

By Ravie Lakshmanan — December 1st 2022 at 13:17
Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. "We are in the process of analyzing the data, but the data released appears to be the data we believed the criminal stole," the Australian health insurer said. "While our investigation continues there
☐ ☆ ✇ The Hacker News

LastPass Suffers Another Security Breach; Exposed Some Customers Information

By Ravie Lakshmanan — December 1st 2022 at 09:35
Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo," LastPass CEO Karim Toubba said. GoTo, formerly called LogMeIn, acquired LastPass
☐ ☆ ✇ The Hacker News

French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm

By Ravie Lakshmanan — November 30th 2022 at 11:57
The French data protection watchdog on Tuesday fined electricity provider Électricité de France (EDF) €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements. The Commission nationale de l'informatique et des libertés (CNIL) said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the 
☐ ☆ ✇ The Hacker News

Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches

By Ravie Lakshmanan — November 30th 2022 at 09:33
The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches. To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity's adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information,
☐ ☆ ✇ The Hacker News

Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users' Data

By Ravie Lakshmanan — November 29th 2022 at 08:25
Ireland's Data Protection Commission (DPC) has levied fines of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry initiated by the European regulator on April 14, 2021, close on the heels of a leak of a "collated
☐ ☆ ✇ The Hacker News

Indian Government Publishes Draft of Digital Personal Data Protection Bill 2022

By Ravie Lakshmanan — November 19th 2022 at 13:30
The Indian government on Friday released a draft version of the much-awaited data protection regulation, making it the fourth such effort since it was first proposed in July 2018. The Digital Personal Data Protection Bill, 2022, as it's called, aims to secure personal data, while also seeking users' consent in what the draft claims is "clear and plain language" describing the exact kinds of
☐ ☆ ✇ The Hacker News

Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack

By Ravie Lakshmanan — November 7th 2022 at 15:24
Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident. The attack, according to the company, was detected in its IT network on October 12 in a manner that it said was "consistent with the precursors to a ransomware event," prompting it to isolate its systems, but not
☐ ☆ ✇ The Hacker News

Twilio Reveals Another Breach from the Same Hackers Behind the August Hack

By Ravie Lakshmanan — October 29th 2022 at 10:25
Communication services provider Twilio this week disclosed that it experienced another "brief security incident" in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information. The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in
☐ ☆ ✇ The Hacker News

Australian Health Insurer Medibank Suffers Breach Exposing 3.9 Million Customers' Data

By Ravie Lakshmanan — October 27th 2022 at 08:23
Australian health insurance firm Medibank on Wednesday disclosed that the personal information of all of its customers had been unauthorizedly accessed following a recent ransomware attack. In an update to its ongoing investigation into the incident, the firm said the attackers had access to "significant amounts of health claims data" as well as personal data belonging to its ahm health
☐ ☆ ✇ The Hacker News

CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware

By Ravie Lakshmanan — October 24th 2022 at 06:12
U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country. "The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022," the agencies said. The
☐ ☆ ✇ The Hacker News

Why Ransomware in Education on the Rise and What That Means for 2023

By The Hacker News — October 24th 2022 at 05:45
The breach of LA Unified School District (LAUSD) highlights the prevalence of password vulnerabilities, as criminal hackers continue to use breached credentials in increasingly frequent ransomware attacks on education. The Labor Day weekend breach of LAUSD brought significant districtwide disruptions to access to email, computers, and applications. It's unclear what student or employee data the
☐ ☆ ✇ The Hacker News

Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak

By Ravie Lakshmanan — October 21st 2022 at 10:12
Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication. "This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective
☐ ☆ ✇ The Hacker News

Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update

By Ravie Lakshmanan — October 19th 2022 at 10:09
Details have emerged about a previously undocumented and fully undetectable (FUD) PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted approximately 100 victims," Tomer Bar, director of security research at
☐ ☆ ✇ The Hacker News

64,000 Additional Patients Impacted by Omnicell Data Breach - What is Your Data Breach Action Plan?

By The Hacker News — October 12th 2022 at 11:03
In April 2022, Omnicell reported a data breach affecting nearly 62,000 patients. The company has revealed that the incident has impacted an additional 64,000 individuals. This brings the total number of patients affected to over 126,000.  Will you be the next victim like Omnicell? If you are overlooking the importance of data protection, attackers can get you in no time.  Explore the impact of
☐ ☆ ✇ The Hacker News

19-Year-Old Teen Arrested for Using Leaked Optus Breach Data in SMS Scam

By Ravie Lakshmanan — October 6th 2022 at 08:25
The Australian Federal Police (AFP) has arrested a 19-year-old teen from Sydney for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims. The suspect is said to have carried out a text message blackmail scam, demanding that the recipients transfer $2,000 to a bank account or risk getting their personal information misused for
☐ ☆ ✇ The Hacker News

Former Uber Security Chief Found Guilty of Data Breach Coverup

By Ravie Lakshmanan — October 6th 2022 at 06:57
A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. Sullivan has been convicted on two counts: One for obstructing justice by not reporting the incident and another for misprision. He faces a maximum of five years in prison for the
☐ ☆ ✇ The Hacker News

Telstra Telecom Suffers Data Breach Potentially Exposing Employee Information

By Ravie Lakshmanan — October 5th 2022 at 12:30
Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of its own. "There has been no breach of Telstra's systems," Narelle Devine, the company's chief information security officer for the Asia Pacific region, said. "And no customer account data was involved." <!--adsense--> It
☐ ☆ ✇ The Hacker News

Optus Hack Exposes Data of Nearly 2.1 Million Australian Telecom Customers

By Ravie Lakshmanan — October 4th 2022 at 07:06
Australian telecom giant Optus on Monday confirmed that nearly 2.1 million of its current and former customers suffered a leak of their personal information and at least one form of identification number as a result of a data breach late last month. The company also said it has engaged the services of Deloitte to conduct an external forensic assessment of the attack to "understand how it
☐ ☆ ✇ The Hacker News

Five Steps to Mitigate the Risk of Credential Exposure

By The Hacker News — September 29th 2022 at 11:45
Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft.  While CISOs are aware of growing identity threats and have multiple tools in their arsenal to help reduce the potential risk, the
☐ ☆ ✇ The Hacker News

Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme

By Ravie Lakshmanan — September 27th 2022 at 06:14
The Australian Federal Police (AFP) on Monday disclosed it's working to gather "crucial evidence" and that it's collaborating with overseas law enforcement authorities following the hack of telecom provider Optus. "Operation Hurricane has been launched to identify the criminals behind the alleged breach and to help shield Australians from identity fraud," the AFP said in a statement. The
☐ ☆ ✇ The Hacker News

London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches

By Ravie Lakshmanan — September 24th 2022 at 06:37
The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. "On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency said, adding "he remains in police custody." The department said the arrest was made as part of an investigation in
☐ ☆ ✇ The Hacker News

TikTok Denies Data Breach Reportedly Exposing Over 2 Billion Users' Information

By Ravie Lakshmanan — September 5th 2022 at 14:59
Popular short-form social video service TikTok denied reports that it was breached by a hacking group, after it claimed to have gained access to an insecure cloud server. "TikTok prioritizes the privacy and security of our users' data," the ByteDance-owned company told The Hacker News. "Our security team investigated these claims and found no evidence of a security breach." The denial follows
☐ ☆ ✇ The Hacker News

India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information

By Ravie Lakshmanan — August 30th 2022 at 07:00
Akasa Air, India's newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. According to security researcher Ashutosh Barot, the issue is rooted in the account registration process, leading to the exposure of details such as names, gender, email addresses, and phone numbers. The bug was identified on August 7,
☐ ☆ ✇ The Hacker News

Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer

By Ravie Lakshmanan — August 14th 2022 at 07:11
Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. The 29-year-old individual is "suspected of involvement in concealing criminal financial flows and facilitating money laundering" through the service, the Dutch Fiscal Information and
☐ ☆ ✇ The Hacker News

Overview of Top Mobile Security Threats in 2022

By The Hacker News — June 28th 2022 at 11:00
Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be.  Consider the recent discovery by Oversecured, a security startup. These experts observed the dynamic code loading and its potential dangers. Why is this a problem?
❌