exposes
-
Fortune-telling website WeMystic exposes 13M+ user records
-
In the digital age, the art of thievery has evolved beyond the physical realm, as cybercriminals continually refine their tactics. A striking example of this evolution is the use of WebSockets in credit card skimming attacks, a method that is both sophisticated and alarmingly effective. Security researcher Ben Martin described this in a detailed blog.
-
Recently, Cisco’s Talos threat intelligence and research group unearthed a critical vulnerability in WPS Office, a popular productivity suite.
-
The file sharing software ownCloud recently disclosed three critical-severity security vulnerabilities. These vulnerabilities pose a serious risk as they could potentially be exploited to access sensitive information and modify files.
-
Apache DolphinScheduler is a distributed and easy-to-expand visual workflow task scheduling open-source platform. It is widely used for enterprise-level scheduling tasks. However, a recently discovered vulnerability in Apache DolphinScheduler, identified as CVE-2023-48796, poses a significant security risk. This vulnerability allows unauthorized actors to gain access to sensitive information, including database credentials.
-
The Canadian government has revealed a data breach resulting from contractor hacks that exposed sensitive information. The Canadian government data breach, which occurred last month on October 19, exposed sensitive information belonging to an undisclosed number of employees.
-
NSC Technologies discovered that a recent cyberattack had enabled an unauthorized third party to access the firm’s IT network, and on November 21, 2023, the company notified the Attorney General of Maine of the data breach. The company stated in this notification that as a result of the NSC Technologies data breach, sensitive consumer data, including names…
-
Information privacy advocates are calling on Congress to launch an investigation into the program formerly known as Hemisphere.
-
In a public statement, Samsung recently became aware of a cyber intrusion into its UK online store, which occurred between July 1, 2019, and June 30, 2020. This breach led to the theft of customer data from Samsung’s UK online store.
-
Vietnam Post exposes 1.2TB of data, including email addresses
-
The U.S. Department of Health and Human Services Office for Civil Rights has reported a massive data breach involving Perry Johnson & Associates (PJ&A).
-
FortiSIEM, a widely used Security Information and Event Management (SIEM) solution, has been discovered to harbor a critical vulnerability that could allow remote attackers to execute arbitrary commands on affected systems. This vulnerability tracked as CVE-2023-36553 and assigned a CVSS score of 9.3, stems from an OS command injection flaw in the FortiSIEM report server.
-
The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site’s database.
-
The US State of Maine has suffered a major data breach that has affected the personal information of around 1.3 million people. This includes names, Social Security numbers (SSN), dates of birth, driver’s licenses, state identification numbers, taxpayer identification numbers, and certain types of medical information and health insurance.
-
OpenVPN Access Server, a popular open-source VPN solution, has been patched to address two vulnerabilities that could allow attackers to gain unauthorized access to sensitive information.
-
Kaspersky Lab has unveiled a comprehensive analysis of the operations of Asian cyber espionage groups conducting espionage activities globally. The experts examined approximately a hundred incidents linked to these groups, identifying their principal tactics, techniques, and procedures (TTP). This report will assist information security professionals in detecting and countering such attacks.
-
In the shadowy realms of cyberspace, a sophisticated phishing campaign has been unearthed by vigilant security researchers from TrendMicro. This campaign cleverly leverages DRACOON.team, a reputed file-sharing platform, to ensnare unsuspecting victims with socially engineered emails. The emails, crafted with deceptive finesse, contain links that appear benign but serve a nefarious purpose: to lure the…
-
A significant data breach has sent shockwaves through the Brazilian cybersecurity landscape. A user on a hacker forum is claiming to offer access to a portal associated with the popular Brazilian internet provider, Veloxnet. The Veloxnet data breach includes sensitive information for over 30,000 Veloxnet clients, encompassing details such as names, addresses, contact numbers, and…
-
Experts from the cybersecurity firm Mandiant have discerned an active exploitation of a vulnerability within Citrix’s NetScaler ADC and Gateway systems. The issue, designated as CVE-2023-4966 and bearing a CVSS score of 9.4, was initially documented in late August of 2023, but its details were only disseminated publicly on the 10th of October.