Data Breach Today

SEPTEMBER 2, 2024

Supreme Court Set to Review Ban, After X Failed to Appoint a Legal Representative Brazil has begun blocking domestic access to social platform X - including criminalizing access by Brazilians who might use a VPN - after the company failed to comply with court orders tied to combating disinformation campaigns, and a law requiring it has a legal representative (..)

Access 302

Access IT 302

Data Breach Today

JANUARY 19, 2024

Computing Giant Says Hackers Did Not Access Customer Data or Production Systems Russian state hackers obtained access to the inboxes of senior Microsoft executives for at least six weeks, the computing giant disclosed late Friday afternoon.

Access 276

Access 276

Data Breach Today

JANUARY 4, 2024

Settlement Is HHS OCR's 46th Enforcement Action Based on Health Record Complaints It's a new year, but federal regulators are beating an old HIPAA drum: The Department of Health and Human Services has hit a New Jersey medical practice with a $160,000 settlement in the agency's 46th enforcement action involving HIPAA complaint about right of access (..)

Access 286

Access IT 286

Data Breach Today

AUGUST 30, 2023

based privileged access management vendor Osirium for $8.3 M&A Will Help SailPoint Guard Privileged, Non-Privileged Identities on One Platform SailPoint has agreed to buy U.K.-based million to better protect privileged and non-privileged identities on a single platform.

Access 294

Access 294

Krebs on Security

JULY 26, 2024

“These EV users could then be used to gain access to third-party applications using ‘Sign In with Google’ ” In response to questions, Google said it fixed the problem within 72 hours of discovering it, and that the company has added additional detection to protect against these types of authentication bypasses going forward.

Access 297

Access Authentication IT 297

Data Breach Today

JANUARY 24, 2024

/.;/' Strikes Again A security vulnerability in Fortra's GoAnywhere managed file transfer software can allow unauthorized users to create a new admin user. The vulnerability is a remotely exploitable authentication bypass flaw. Hackers have targeted file transfer software over the past year, including GoAnywhere MFT.

Access 277

Access Authentication Security 277

Data Breach Today

NOVEMBER 28, 2023

A directory service should be a "source of truth," said Justin Kohler, vice president of products at Spector Ops. But when users are overprivileged or misconfigurations occur, that creates attack hubs. Kohler discusses BloodHound, a solution he says is like Google Maps for Active Directory.

Access 278

Access 278

Data Breach Today

JULY 23, 2024

Claroty CEO Vardi on Compensating Controls, Segmentation and Secure Remote Access The recent CrowdStrike outage highlights the need to shift from reactive risk management to proactive measures in cyber-physical security.

Security 343

Security Risk Access 343

Data Breach Today

JANUARY 26, 2024

Postmortem: Multiple Customers Also Targeted by Russian Nation-State Attackers A nation-state hacking group run by Russian intelligence gained access to a Microsoft "legacy, non-production test tenant account" and used it to authorize malicious Office 365 OAuth applications, access Outlook, and steal Microsoft and customers' emails and attachments, (..)

Access 338

Access IT 338

Data Breach Today

APRIL 4, 2024

Bugs Allowed Device Unlocking and Memory Access Google addressed two zero-day vulnerabilities in Pixel mobile phones that forensic firms exploited to bypass PINs and access stored data on the device. The bugs allowed attackers to unlock and access Pixel's device memory with physical access.

Access 299

Access 299

Data Breach Today

MAY 28, 2022

higher education sector about compromised sensitive credentials and network access information advertised for sale across various public and Dark Web forums. The agency states that this access to credentials could potentially lead to a cyberattack.

Education 363

Education Sales Access 363

Data Breach Today

DECEMBER 13, 2022

Victims Still Learning Their Personal Data Was Illegally Accessed, Copied in 2021 A ransomware attack on the Irish healthcare system in 2021 has cost the government 80 million euros in damages and counting. The Irish Health Service continues to notify victims of the incident that their personal information was illegally accessed and copied.

Ransomware 353

Ransomware Personal data Government Access 353

Data Breach Today

JULY 5, 2024

Hacker had Unauthorized Access to Data on Designs for New AI Use Cases A hacker reportedly stole information on OpenAI's new technologies last year by breaking into the company's internal messaging systems. The hacker did not access systems housing or building its applications.

Access 311

Access IT 311

Data Breach Today

SEPTEMBER 6, 2024

Global Outage Triggers Calls for 'Less-Invasive Access' to Essential Functions The global disruption caused by a faulty CrowdStrike software triggering a kernel panic and computer meltdowns has led government agencies, experts and vendors to call for rethinking Windows operating system resiliency, including the deep-level OS access security tools now (..)

Government 306

Government Access Security 306

Data Breach Today

JANUARY 30, 2024

Manufacturer Confirms Systems Down, Data on Energy Consumption, Emission Accessed Schneider Electric confirmed a ransomware attack has locked up corporate systems of its Schneider Electric Sustainability Business division and accessed data.

Ransomware 301

Ransomware Manufacturing Access IT 301

Krebs on Security

APRIL 29, 2024

Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T , Sprint , T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent.

Access 312

Access Communications IT 312

Data Breach Today

DECEMBER 8, 2022

Indian Firm Accuses 'Notorious Cyber Security Company' in Ongoing Incident Indian cybersecurity firm CloudSEK says another cybersecurity firm used a compromised collaboration platform credential to obtain access to its training webpages.

Cybersecurity 328

Cybersecurity Access Security IT 328

Data Breach Today

MARCH 14, 2024

Taiwanese Hardware Manufacturer Fixes Improper Authentication Flaw QNAP Systems on Saturday released a patch for a critical bug that allows unauthorized access to devices without authentication. The issue affects its QTS, QuTS hero, and QuTScloud products and potentially exposes network-attached storage devices to unauthorized access.

Manufacturing 294

Manufacturing Authentication Access IT 294

Data Breach Today

NOVEMBER 4, 2023

Threat Actor Used Session Hijacking Technique to Access Files of 134 Okta Customers Days after announcing a security compromise, cloud-based Identity and authentication management provider Okta said that an unknown threat actor accessed files of 134 customers by after an employee signed in to a personal Google profile on the Chrome browser of an Okta-managed (..)

Authentication 327

Authentication Cloud Access Security 327

Data Breach Today

JANUARY 17, 2024

Google Fixes Out-of-Bounds Memory Access Flaw, Microsoft Edge Browser Also Affected Google released an urgent fix for the first zero-day vulnerability of the year in its Chrome web browser, warning the bug is under active exploitation. Google blamed an out-of-bounds memory access flaw in its V8 JavaScript rendering engine.

Access 298

Access IT 298

Krebs on Security

APRIL 27, 2023

The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in. Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required).

Access 330

Access Information Security Authentication Communications 330

Data Breach Today

APRIL 1, 2024

Malicious Code in Utility Designed to Facilitate Full, Remote Access to System Nation-state attackers apparently backdoored widely used, open-source data compression software as part of a supply chain attack. Malicious code inserted into recent versions of XZ Utils was designed to facilitate full, remote access to an infected system.

Access 292

Access 292

Data Breach Today

MARCH 18, 2024

Tool Is Available for $200 a Month on Hacking Forums A new tool set on the dark web is gaining traction as an attack weapon to target remote access services and popular e-commerce platforms. TMChecker helps threat actors seeking to compromise corporate networks and gain unauthorized access to sensitive data.

Access 286

Access 286

Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. Each advertises their claimed access to T-Mobile systems in a similar way. ” or “ Tmo up! ” TMO UP!

Phishing 346

Phishing Authentication Access Security 346

Data Breach Today

JULY 26, 2024

The botnet campaign pushed out the PlugX remote access Trojan that has infected 3,000 machines in France since 2020. National Police Probe Botnet Campaign That Infected 3,000 Machines The French government has launched an investigation into a suspected Chinese espionage campaign that infected thousands of networks in France.

Government 328

Government Access 328

Data Breach Today

JUNE 14, 2024

Enterprise Monitoring Systems Failed to Detect Ex-Worker's Unauthorized Logins A Singapore court has sentenced a former employee of NCS Group to two years and eight months in prison for accessing the company's software test environment and wiping 180 virtual servers months after his employment ended.

Risk 278

Risk Access 278

Data Breach Today

MARCH 8, 2024

Microsoft said a Moscow threat actor obtained access to "source code repositories and internal systems." Russian Foreign Intelligence Service Hack Gets Worse for Computing Giant A Russian state hack against Microsoft was more serious than initially supposed, Microsoft acknowledged in a Friday disclosure to federal regulators.

Access 324

Access 324

Data Breach Today

FEBRUARY 8, 2024

Investor Pramod Gosavi on Network Access, Endpoint Controls in a Zero Trust World Venture capital investor Pramod Gosavi discussed the drawbacks of relying on network-centric cybersecurity solutions that are driving up costs.

Cybersecurity 277

Cybersecurity Access 277

Data Breach Today

APRIL 1, 2024

Chinese Hackers Have Used DinodasRAT Hackers are using a new version of a backdoor to target Linux servers and gain and maintain access in what appears to be an espionage campaign, warn researchers from Kaspersky. The hallmark of DinodasRAT's strategy is its sophisticated victim identification and persistence mechanisms.

Access 324

Access IT 324

Data Breach Today

OCTOBER 19, 2023

Also: Navy IT Manager Sentenced to 5 Years in Prison for Accessing Database This week, Citrix's update was insufficient, a Navy IT manager was sentenced to prison for accessing a database, a Moldovan man pleaded not guilty to running a credentials marketplace, new details emerged on health data breaches, and a television advertising giant suffered (..)

Data breaches 304

Data breaches Ransomware Access IT 304