John Hanley of IBM Security shares 4 key findings from the highly acclaimed annual Cost of a Data Breach Report 2023 What is the IBM Cost of a Data Breach Report? The IBM Cost of a Data Breach Report is an annual report that provides organizations with quantifiable information about the financial impacts of breaches. […]
The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files. A brief description of the vulnerabilities is as follows – Disclosure of sensitive credentials and configuration in containerized deployments impacting graphapi versions from 0.2.0 to 0.3.0. (CVSS score: 10.0) […]
Identity and authentication management provider Okta on Friday disclosed that the recent support case management system breach affected 134 of its 18,400 customers. It further noted that the unauthorized intruder gained access to its systems from September 28 to October 17, 2023, and ultimately accessed HAR files containing session tokens that could be used for […]
Taiwanese networking equipment manufacturer D-Link has confirmed a data breach that led to the exposure of what it said is “low-sensitivity and semi-public information.” “The data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as early as 2015,” the company said. “The […]
Risk and financial advisory solutions provider Kroll on Friday disclosed that one of its employees fell victim to a “highly sophisticated” SIM swapping attack. The incident, which took place on August 19, 2023, targeted the employee’s T-Mobile account, the company said. “Specifically, T-Mobile, without any authority from or contact with Kroll or its employee, transferred […]
A hacktivist group known as Mysterious Team Bangladesh has been linked to over 750 distributed denial-of-service (DDoS) attacks and 78 website defacements since June 2022. “The group most frequently attacks logistics, government, and financial sector organizations in India and Israel,” Singapore-headquartered cybersecurity firm Group-IB said in a report shared with The Hacker News. “The group […]
Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. This includes a specific class of bugs called Insecure Direct Object Reference (IDOR), a type of access control flaw […]
Android-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated with thousands of Android users. “As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of messages collected on accounts,” LetMeSpy said in an announcement on its […]
The research that was published in the German daily Handelsblatt said that customers of Tesla Inc. lodged over 2,400 complaints about difficulties with self-acceleration and 1,500 complaints regarding issues with brakes between the years of 2015 and March 2022. According to reports, a big data dump that was based on a whistleblower’s breach of internal […]
Based on reports from Jeremiah Fowler, a non-password-protected database exposed nearly 360 million records related to a VPN. The database contained email addresses, device information, and even website references that users visited. According to the investigation, these records belonged to a VPN service provider named SuperVPN. Interestingly, there were 2 applications in both App Store […]
A part of the data that Toyota Motor Corporation entrusted to Toyota Connected Corporation to handle was found to have been made public as a result of misconfiguration of the cloud environment. Between November 6, 2013, and April 17, 2023, the breach made 2,150,000 users’ car-location data available for ten years. “It turned out that some […]
The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company’s private code signing keys on their dark website. “Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem,” Alex Matrosov, founder and CEO of firmware security firm Binarly, said in a tweet over the […]
Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company’s MyBB forum database containing user data and private messages. What’s more, the unknown threat actors attempted to sell the data dump comprising 400,635 Kodi users on the now-defunct BreachForums cybercrime marketplace. “MyBB admin logs show the account […]
The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what’s a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged information stolen from an earlier incident that took […]
Stanford University has recently reported a security incident involving a data breach. The incident, which occurred between December 2022 and January 2023, involved the unauthorized download of files containing sensitive admission information for the Economics Ph.D. program from the university’s website. Recently, 897 candidates were notified by the university about this recent data breach. As […]
A Sydney man has been sentenced to an 18-month Community Correction Order (CCO) and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers. The unnamed individual, 19 when arrested in October 2022 and now 20, used the leaked records stolen from the security […]
LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers’ data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products, the company […]
Nissan North America has alerted affected customers of a breach that occurred at a third-party service provider and resulted in the exposure of client information. According to the notification, Nissan states that on June 21, 2022, it was notified of a data breach by one of the software development suppliers that it works with. The […]
According to a post on a well-known hacker forum, Volvo Cars has experienced a new data breach, with stolen information allegedly being made available for sale. Anis Haboubi, a French cybersecurity expert, was the first to discover that a threat actor was seeking to sell data purportedly taken from Volvo Cars on a well-known hacking […]
Toyota Motor Corporation reveals a data breach that may have compromised the personal information of its customers after an access key was made available to the public on GitHub for over five years. The data breach at Toyota Kirloskar Motor, a joint venture with Indian giant Kirloskar Group, has been reported to the appropriate Indian […]
The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted password vaults by using data siphoned from the earlier break-in. Also stolen […]