Search Results for: email compromise
FlightAware configuration error leaked user data for years
Flight tracking platform FlightAware is asking some users to reset their account login passwords due to a data security incident that may have exposed personal information. The technology company is based in Houston, Texas and provides real-time as well as historical flight tracking data. FlightAware is considered the world’s largest flight-tracking platform with a network […]
National Public Data confirms breach exposing Social Security numbers
Background check service National Public Data confirms that hackers breached its systems after threat actors leaked a stolen database with millions of social security numbers and other sensitive personal information. The company states that the breached data may include names, email addresses, phone numbers, social security numbers (SSNs), and postal addresses. Breach linked to late […]
Hackers posing as Ukraine’s Security Service infect 100 govt PCs
Attackers impersonating the Security Service of Ukraine (SSU) have used malicious spam emails to target and compromise systems belonging to the country’s government agencies. On Monday, the Computer Emergency Response Team of Ukraine (CERT-UA) disclosed that the attackers successfully infected over 100 computers with AnonVNC malware. Some samples were signed using the code signing certificate […]
Chinese hacking groups target Russian government, IT firms
A series of targeted cyberattacks that started at the end of July 2024, targeting dozens of systems used in Russian government organizations and IT companies, are linked to Chinese hackers of the APT31 and APT 27 groups. Kaspersky, who discovered the activity, dubbed the campaign “EastWind,” reporting that it employs an updated version of the CloudSorcerer backdoor spotted […]
Microsoft discloses unpatched Office flaw that exposes NTLM hashes
Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker. Tracked as CVE-2024-38200, this security flaw is caused by an information disclosure weakness that enables unauthorized actors to access protected information. It impacts multiple 32-bit and 64-bit Office versions, including Office 2016, Office 2019, Office LTSC 2021, and […]
Exploit released for Cisco SSM bug allowing admin password changes
Cisco warns that exploit code is now available for a maximum severity vulnerability that lets attackers change any user password on unpatched Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers. As a Cisco Smart Licensing component, Cisco SSM On-Prem helps manage accounts and product licenses on an organization’s environment using a dedicated dashboard […]
ADT confirms data breach after customer info leaked on hacking forum
American building security giant ADT confirmed it suffered a data breach after threat actors leaked allegedly stolen customer data on a popular hacking forum. ADT is a public American company that specializes in security and smart home solutions for residential and small business customers. The firm employs 14,300 people, has an annual revenue of $4.98 […]
1 million HotJar users vulnerable to XSS attacks
By combining OAuth features with an age-old cross-site scripting (XSS) vulnerability, Salt Labs researchers were able to take over any account in HotJar and Business Insider online services. Because HotJar serves more than 1 million websites, including, Adobe, Microsoft, T-Mobile, and Nintendo, security pros considered the issue serious, even though many protections were layered into […]
Crypto exchange Gemini discloses third-party data breach
Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) service provider, whose name was not disclosed. The American crypto exchange began sending notices to impacted individuals a month ago, on June 26, 2024 but submitted a sample of the letters yesterday to the Attorney General’s […]
Attackers Exploit URL Protections to Disguise Phishing Links
Cybercriminals are abusing legitimate URL protection services to disguise malicious phishing links, Barracuda researchers have revealed. The firm observed phishing campaigns using three different URL protection services to mask phishing URLs and send victims to websites designed to harvest their credentials. The researchers believe these campaigns have targeted hundreds of companies to date, if not […]