Articles tagged "Data Breach"

Found 545 articles

Actively Exploited

Researchers have identified that over 10,000 instances of the Zimbra Collaboration Suite (ZCS) are exposed to the internet and are vulnerable to ongoing cross-site scripting (XSS) attacks. This security flaw allows attackers to execute malicious scripts in users' browsers, which can lead to unauthorized access to sensitive information. The affected servers could be utilized by various organizations for email and collaboration services, making them prime targets for exploitation. The ongoing nature of these attacks means that users and administrators should take immediate action to secure their systems. Ignoring this vulnerability could lead to severe data breaches and loss of confidential information.

Read Original
French Police Arrest HexDex Hacker Over Mass Data Theft and Leaks

Hackread – Cybersecurity News, Data Breaches, AI and More

French police have arrested a 20-year-old hacker known as HexDex, who is alleged to have stolen and leaked sensitive data from various targets, including government agencies, sports organizations, and private companies. The suspect is accused of orchestrating a series of cyberattacks that compromised a significant amount of confidential information. This incident raises concerns about the security measures in place at these institutions and the potential harm that could come from such data leaks. Authorities are investigating the full extent of the breaches and the impact on those affected. The case serves as a reminder of the ongoing risks posed by cybercriminals and the importance of robust cybersecurity practices.

Read Original

Rituals, a Dutch cosmetics company, has reported a data breach that has compromised the personal information of customers in its 'My Rituals' membership database. While the exact number of affected individuals remains undisclosed, the breach raises concerns about the security of customer data in an era where personal information is increasingly targeted by cybercriminals. This incident serves as a reminder for companies to prioritize data protection measures and for customers to be vigilant about their personal information. Rituals has yet to provide detailed guidance on how affected customers can protect themselves or what steps the company is taking to address the breach. Such breaches can lead to identity theft and other security risks, making it crucial for both companies and consumers to take proactive measures against data vulnerabilities.

Read Original

Agoda, a popular booking platform in Asia, has denied rumors of a significant data breach that allegedly compromised 82 million user records. This denial comes shortly after its parent company, Booking Holdings, reported a data breach affecting Booking.com, which exposed sensitive user reservation information. The claims about Agoda's breach were fueled by concerns over the recent vulnerability at Booking.com, raising alarms about the security of user data across these platforms. While Agoda insists that no such breach occurred, the situation highlights ongoing concerns over data security in the travel industry. Users should remain vigilant about their personal information, especially in light of recent incidents affecting major companies.

Read Original

Citizens Financial Group and Frost Bank, two significant U.S. banks, have reportedly fallen victim to the Everest ransomware group. This operation has claimed to have stolen large volumes of sensitive data from both institutions and is threatening to release this information by April 26. The breach is concerning not only for the banks but also for their customers, as it raises fears about the exposure of personal and financial information. Ransomware attacks on financial institutions can lead to severe consequences, including financial loss and damage to customer trust. As the situation develops, both banks will need to respond quickly to mitigate the impact of this breach and reassure their clients.

Read Original

The ransomware group known as 'The Gentlemen' has quickly gained notoriety for its rapid operational growth and advanced tactics. Researchers have noted that this gang is not only expanding its reach but also enhancing its methods, making it a significant player in the ransomware space. Their swift rise poses a serious risk to various organizations, as they can potentially exploit vulnerabilities faster than many can respond. This development emphasizes the need for companies to strengthen their cybersecurity measures and remain vigilant against such emerging threats. As ransomware attacks continue to evolve, understanding the capabilities of groups like The Gentlemen is crucial for effective defense.

Read Original

France Titres, the agency responsible for managing official identity and registration documents in France, has reported a data breach that may have compromised user data from its online portal. The breach was detected on April 15 and is currently under investigation. This incident raises concerns about the security of sensitive information related to driver's licenses, national ID cards, and passports, potentially affecting many users who rely on these services. As the agency works to address the breach, users are being alerted to the possibility of phishing attempts that could exploit the situation. It’s crucial for individuals to remain vigilant and protect their personal information during this time.

Read Original
Critical
Bluesky Back Online After DDoS Attack, as Iran-Linked 313 Team Takes Credit

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

Bluesky, a social media platform, experienced a significant disruption due to a DDoS attack that lasted approximately 24 hours. The attack was claimed by a group known as the 313 Team, which is linked to Iran. Fortunately, the company reported that no user data was compromised during the incident. This attack raises concerns about the vulnerability of online platforms to such disruptions, especially as geopolitical tensions can lead to cyberattacks targeting specific services. Users and organizations that rely on Bluesky for communication and engagement should remain vigilant about potential future attacks.

Read Original

Researchers at Forescout Research Vedere Labs have discovered 22 vulnerabilities in serial-to-IP converters made by Lantronix and Silex. These flaws could allow attackers to take control of nearly 20,000 devices and manipulate the data being transmitted through them. This is particularly concerning because serial-to-Ethernet converters are widely used in various industries, making them attractive targets for cybercriminals. Organizations using these devices need to be aware of the potential risks and take steps to secure their systems. The vulnerabilities are significant enough that they could lead to unauthorized access and data breaches if not addressed promptly.

Read Original

The article discusses how identity-based attacks, particularly those involving stolen credentials, remain a primary method for cybercriminals to gain unauthorized access to systems. Despite the focus on advanced threats like zero-day vulnerabilities and AI-driven exploits, attackers often rely on simpler tactics such as credential stuffing to exploit weak passwords or reused credentials. This trend affects organizations across various sectors, as compromised accounts can lead to significant data breaches and financial losses. Companies are urged to implement stronger authentication measures and educate users about secure password practices to mitigate these risks.

Read Original

Recent data breaches involving Southern Illinois Dermatology, Saint Anthony Hospital, and North Texas Behavioral Health Authority have compromised the personal information of approximately 600,000 individuals. These breaches highlight ongoing vulnerabilities in the healthcare sector, where sensitive data is often targeted by cybercriminals. The specifics of the breaches, including how the attackers gained access and what data was taken, remain unclear. However, the incidents underline the urgent need for healthcare organizations to strengthen their cybersecurity measures. Patients affected by these breaches should be vigilant about potential identity theft and monitor their accounts closely.

Read Original

Vercel, a cloud app developer, has confirmed that it faced a security breach due to a sophisticated attack that exploited a third-party tool. The details surrounding the breach remain limited, but it raises concerns regarding the safety of applications built on Vercel's platform. Users and developers relying on Vercel for their cloud services should be vigilant, as this incident highlights potential vulnerabilities in third-party integrations. The company is likely working to assess the full impact of the breach and implement necessary security measures to prevent future incidents. This situation serves as a reminder for all companies to review their security practices, especially when using external tools and services.

Read Original

The hacking group ShinyHunters claims to have breached nine well-known companies, including Zara, 7-Eleven, and Carnival Corporation. They are threatening to release over 9 million records that contain personal information and internal data unless a ransom is paid by April 21. This situation raises significant concerns for the affected brands as it puts customer data at risk and could lead to identity theft or other malicious activities. The release of such a large volume of sensitive information could also damage the reputation of these companies and erode consumer trust. As the deadline approaches, it remains crucial for these organizations to enhance their security measures and communicate transparently with their customers about the potential breach.

Read Original
Critical
Vercel Breach Linked to Context.ai, ShinyHunters Says It’s Not Involved

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

Vercel has confirmed a data breach that is linked to Context.ai, where a hacker is reportedly attempting to sell the stolen data for $2 million. In response to the situation, the hacking group ShinyHunters has publicly denied any involvement and warned that imposters may be falsely claiming to be associated with them. This incident raises concerns about the security of user data at Vercel and highlights the ongoing risks posed by data breaches in the tech industry. Companies like Vercel must take immediate action to investigate the breach and protect their users from potential data exploitation. As the situation develops, it remains crucial for affected users to stay informed about any updates regarding their data security.

Read Original
Actively Exploited

A data breach at Vercel was linked to an employee's AI tool that inadvertently exposed sensitive OAuth tokens. These tokens are key for securely accessing APIs and services, and their theft represents a new avenue for cyber attackers, allowing them to move laterally within networks. The incident raises concerns for organizations that rely on OAuth for authentication, as these tokens are crucial for maintaining security. As a result, companies need to reassess their security measures surrounding OAuth token management to prevent similar breaches in the future. This situation serves as a reminder of the vulnerabilities that can arise from integrating AI tools without stringent security protocols.

Read Original
PreviousPage 12 of 37Next