1.1M Compromised Accounts Found at 17 Major Companies
The accounts fell victim to credential-stuffing attacks, according to the New York State AG. Continue reading 1.1M Compromised Accounts Found at 17 Major Companies
Category Archives: Web Security
‘Elephant Beetle’ Lurks for Months in Networks
The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars.
Continue reading ‘Elephant Beetle’ Lurks for Months in Networks
Broward Breach Highlights Healthcare Supply-Chain Problems
More than 1.3 million patient records were stolen in the just-disclosed breach, which occurred back in October. Continue reading Broward Breach Highlights Healthcare Supply-Chain Problems
Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails
A simple-to-exploit bug that allows bad actors to send emails from Uber’s official system — skating past email security — went unaddressed despite multiple flagging by researchers. Continue reading Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails
FTC to Go After Companies that Ignore Log4j
Companies that fail to protect consumer data from Log4J attacks are at risk of facing Equifax-esque legal action and fines, the FTC warned. Continue reading FTC to Go After Companies that Ignore Log4j
‘Malsmoke’ Exploits Microsoft’s E-Signature Verification
The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries.
Continue reading ‘Malsmoke’ Exploits Microsoft’s E-Signature Verification
Microsoft Sees Rampant Log4j Exploit Attempts, Testing
Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December. Continue reading Microsoft Sees Rampant Log4j Exploit Attempts, Testing
SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More
SEGA’s disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets. Continue reading SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More
Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites
The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player. Continue reading Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites
McMenamins Data Breach Affects 12 Years of Employee Info
The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack. Continue reading McMenamins Data Breach Affects 12 Years of Employee Info