Security
Leaked data from oil rigs raises terrorism threat
More than a million files with sensitive data, from employee card templates to on-site operational assessments, have been left passwordless online, putting multiple energy companies at risk.
Read more about Leaked data from oil rigs raises terrorism threat
Cisco warns about critical vulnerability that allows user passwords to be changed
Cisco has released software updates to address a critical vulnerability with a maximum base score of 10, which allows an attacker to change any user's password, including those belonging to administrators, without authentication.
Read more about Cisco warns about critical vulnerability that allows user passwords to be changed
Threat group FIN7 adapts with new tactics and tools, researchers say
The elusive Russian threat group FIN7 appears to be injecting itself back into the 2024 ransomware game with upgraded tools and some never-before-seen tactics – that is, if it ever really left.
Read more about Threat group FIN7 adapts with new tactics and tools, researchers say
Unseen levels of cyberattacks: organizations targeted ten times an hour
The growing sophistication of cybercriminals and advanced technologies like AI and machine learning have pushed global cyberattack levels to unprecedented levels in the second quarter of 2024.
Read more about Unseen levels of cyberattacks: organizations targeted ten times an hour
Anime figurine maker exposes North American customer names, home addresses
Good Smile Company, a Japanese hobby products maker, may have inadvertently created hundreds of thousands of frowns after a misconfigured instance was discovered leaking sensitive details for months.
Read more about Anime figurine maker exposes North American customer names, home addresses
Hacker claims Trello, leaks millions of emails
The threat actor, going by the moniker “Emo,” has leaked 21GB of data, allegedly belonging to Trello and containing more than 15 million unique email addresses.
Read more about Hacker claims Trello, leaks millions of emails
Rabbit R1 hacked using old vulnerability: avoid second-hand devices
If you’re paying $199 for the Rabbit R1, you might as well use the whole device. Cybernews researchers have gained root access to the AI personal assistant by exploiting a vulnerability from five years ago. Beware if you’re considering a second-hand Rabbit R1.
Read more about Rabbit R1 hacked using old vulnerability: avoid second-hand devices
Kaspersky to shutter US offices, lay off workers after US ban
Kaspersky Lab is shutting down its US offices in response to the US Commerce Department banning the Russian cybersecurity firm from selling or providing its security and anti-virus software to US customers starting July 20th.
Read more about Kaspersky to shutter US offices, lay off workers after US ban
Rabbit r1 secretly kept user data that could not be deleted
Rabbit, the developer of the viral pocket companion r1, has revealed the device stored user data that could be seen by someone else.
Read more about Rabbit r1 secretly kept user data that could not be deleted
Squarespace crypto domains under DNS attack, lack of MFA to blame
Dozens of cryptocurrency domains registered with Squarespace have been identified at risk after warnings the website hosting company was found undergoing a massive DNS hijacking attack.
Read more about Squarespace crypto domains under DNS attack, lack of MFA to blame
Online PDF maker leaks user-uploaded documents
Two online PDF makers have leaked tens of thousands of user documents, including passports, driving licenses, certificates, and other personal information uploaded by users.
Read more about Online PDF maker leaks user-uploaded documents
Hackers impersonate live chat support agents in new phishing scam
Hackers have come up with a new phishing scam – this time pretending to be legitimate live chat agents for companies like Etsy and Upwork – and tricking unsuspecting victims into handing over their credit card and banking information.
Read more about Hackers impersonate live chat support agents in new phishing scam
Slip-up by popular fitness app exposes health and contact details of millions
A fitness app with over five million users has leaked sensitive data, including phone numbers, email addresses, and weight, among other records.
Read more about Slip-up by popular fitness app exposes health and contact details of millions
Social engineering attacks take center stage on Amazon Prime Day 2024
Amazon Prime Day, which falls on July 16th-17th, can be a great way to save on some of your favorite Amazon items. However, while you shop, cybercriminals lurk in the background, waiting to steal your credentials.
Read more about Social engineering attacks take center stage on Amazon Prime Day 2024
350 million people downloaded insecure browser extensions over two years
From hundreds of millions that contain malware to other vulnerable extensions, the Chrome Web Store is full of issues.
Read more about 350 million people downloaded insecure browser extensions over two years
RockYou2024: 10 billion passwords leaked in the largest compilation of all time
The largest password compilation with nearly ten billion unique passwords was leaked on a popular hacking forum. The Cybernews research team believes the leak poses severe dangers to users prone to reusing passwords.
Read more about RockYou2024: 10 billion passwords leaked in the largest compilation of all time
Formula 1 organizer email accounts hacked
The Fédération Internationale de l'Automobile (FIA), an organization behind many popular car racing events, including Formula 1, has disclosed a data breach.
Read more about Formula 1 organizer email accounts hacked
OpenAI’s Mac app stored conversations in plain text
OpenAI’s Mac app contained a potential security flaw, which may have allowed malicious apps to access users' conversations with ChatGPT.
Read more about OpenAI’s Mac app stored conversations in plain text
Alabamians advised to monitor their credit amid a cyberattack on the state’s education system
The Alabama State Department of Education has disclosed a data breach, potentially affecting its employees and state students.
Read more about Alabamians advised to monitor their credit amid a cyberattack on the state’s education system
Europol targets criminals abusing Cobalt Strike tool
Europol takes down close to 600 IP addresses after lanching an operation targeting criminals using the Cobalt Strike pen testing tool to infiltrate victim IT systems.
Read more about Europol targets criminals abusing Cobalt Strike tool
