Risk

T-Mobile says hacker accessed personal data of 37 million customers
20Jan By RBNo Comments
Risk, Security

T-Mobile says hacker accessed personal data of 37 million customers

T-Mobile disclosed that a hacker gained access to a treasure trove of personal information belonging to 37 million users in a financial statement on Thursday. The telecommunications behemoth claimed that the data theft began on November 25 and that the "bad actor" stole "name, billing address, email, phone number, date of birth, T-Mobile account number, information such as the number of lines on the account and plan features." T-Mobile claimed in the SEC filing that it discovered the breach on January 5—more than a month after it occurred—and that a day later it had addressed the issue of the hacker taking advantage of it. According to T-Mobile, the hackers misused an application programming interface (API) rather than breaking into any business system read more T-Mobile says hac...
Read More
Over a Third of Recent ICS Bugs Still Have No Vendor Patch
20Jan By RBNo Comments
Risk, Security

Over a Third of Recent ICS Bugs Still Have No Vendor Patch

Operators of industrial control systems (ICS) are being let down by their vendors, according to new data that shows 35% of CVEs announced in the second half of 2022 still lack a fix. The 926 CVEs identified via ICS Advisories from the Cybersecurity and Infrastructure Security Agency (CISA) were examined in SynSaber's ICS Vulnerabilities report for H2 2022. It was discovered that many ICS asset owners' systems are vulnerable as a result of a lack of vendor updates, in addition to the rise in disclosed CVEs (up 36% from the 681 revealed in the first half of the year). According to SynSaber, "Original Equipment Manufacturer (OEM) providers often have tight patch testing, approval, and installation processes," which is why delays frequently occur read the complete article Over a Thir...
Read More
New Microsoft Azure Vulnerability Uncovered EmojiDeploy for RCE Attacks
20Jan By RBNo Comments
Risk, Security

New Microsoft Azure Vulnerability Uncovered EmojiDeploy for RCE Attacks

An attacker might use a newly found major remote code execution (RCE) weakness that affects numerous Microsoft Azure services to take complete control of a target application. According to Liv Matan, an Ermetic researcher, "the vulnerability is achieved by CSRF (cross-site request forgery) on the widely used SCM provider Kudu." Attackers are able to send malicious ZIP files with a payload to a victim's Azure application by taking advantage of the vulnerability. The Israeli company that specializes in protecting cloud infrastructure called the flaw EmojiDeploy and warned that it might make it easier for hackers to steal sensitive information and move it to other Azure services read the complete article New Microsoft Azure Vulnerability Uncovered EmojiDeploy for RCE Attacks. Stay ...
Read More
Bitwarden acquires Passwordless.dev to help companies authenticate users without passwords
19Jan By RBNo Comments
Risk, Security

Bitwarden acquires Passwordless.dev to help companies authenticate users without passwords

Bitwarden, an open-source password management platform, has made its first known purchase by purchasing Passwordless. dev, a young Swedish firm that focuses on assisting software developers in integrating passwordless authentication technology. The information was released shortly after Bitwarden, a competitor of 1Password and LastPass said that it had received $100 million from PSG and Battery Ventures, its first outside investment since its founding in 2015. At that time, the business also confirmed that it had raised a previously unreported Series A investment in 2019. Bitwarden is intended to make it simpler for consumers and businesses to automatically create difficult-to-guess passwords, much like other password management services read the complete article Bitwarden acquires ...
Read More
Mailchimp Suffers Another Security Breach Compromising Some Customers Information
19Jan By RBNo Comments
Resources, Risk, Security

Mailchimp Suffers Another Security Breach Compromising Some Customers Information

Mailchimp, a well-known email marketing and newsletter service provider, has revealed yet another security breach that gave threat actors access to an internal support and account admin tool and allowed them to get data on 133 clients. The Intuit-owned company claimed in a report that "the unauthorized actor performed a social engineering assault against Mailchimp employees and contractors, and got access to select Mailchimp accounts using employee credentials compromised in that attack." There is no proof that the unauthorized party compromised Intuit systems or other consumer information beyond the 133 accounts read the complete article Mailchimp Suffers Another Security Breach Compromising Some Customers' Information. Stay informed on the latest cyber threats and trends, and l...
Read More
FinServ Firms See 81% Surge in Attacks Since Russia-Ukraine War
18Jan By RBNo Comments
Resources, Risk, Security

FinServ Firms See 81% Surge in Attacks Since Russia-Ukraine War

Since Russia's invasion of Ukraine, the UK's financial services sector has experienced a wave of cyberattacks, but firms are generally confident in their abilities to reduce these risks, finds a new Bridewell study. For its most recent research, Cyber Security in Critical National Infrastructure Organizations: Financial Services, the cybersecurity services provider surveyed more than 100 IT decision-makers from UK financial services companies. It was discovered that since the invasion of Ukraine, attacks on the sector have increased by 81%, the second-highest growth of any critical infrastructure (CNI) sector and evidence of the growing cyber danger brought on by geopolitics read the complete article FinServ Firms See 81% Surge in Attacks Since Russia-Ukraine War. If you love to ...
Read More
Vice Society Claims Ransomware Attack Against University of Duisburg-Essen
18Jan By RBNo Comments
Risk, Security

Vice Society Claims Ransomware Attack Against University of Duisburg-Essen

The University of Duisburg-Essen (UDE) was the target of a ransomware attack in November 2022. The threat actor Vice Society has admitted involvement and is said to have posted some stolen information on the dark web. The data disclosure, according to UDE's declaration over the weekend, was caused by the institution refusing to pay the attackers' demanded ransom. At the same time, the institution made it clear that all of its security precautions were based on the guidelines set forth by the Federal Office for Information Security (BSI) and the methodology for BSI IT baseline protection read the complete article Vice Society Claims Ransomware Attack Against University of Duisburg. For these types of trending and recent cybersecurity news follow ReconBee.com and keep yourself upda...
Read More
Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks
18Jan By RBNo Comments
Risk, Security

Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks

The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. Palo Alto Networks Unit 42, which is tracking the activity under its constellation-themed moniker Playful Taurus, said it observed the government domains attempting to connect to malware infrastructure previously identified as associated with the adversary. Also known by the names APT15, KeChang, NICKEL, and Vixen Panda, the Chinese APT group has a history of cyber espionage campaigns aimed at government and diplomatic entities across North America, South America, Africa, and the Middle East at least since 2010 read the complete article Iranian Government Entities Under Attack by New Wave.
Read More
Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers
18Jan By RBNo Comments
Risk, Security

Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers

Netcomm and TP-Link routers have been found to have security flaws, some of which might be exploited to execute code remotely. The vulnerabilities, identified as CVE-2022-4873 and CVE-2022-4874, affect Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035. They involve an instance of stack-based buffer overflow and authentication bypass. The CERT Coordination Center (CERT/CC) stated in an advisory released on Tuesday that "the two vulnerabilities, when chained together, allows a remote, unauthenticated attacker to execute arbitrary code read the complete article Critical Security Vulnerabilities Discovered in Netcomm. For trending cybersecurity news follow, ReconBee.com and get updates regularly.
Read More
Russias Ukraine War Drives 62% Slump in Stolen Cards
17Jan By RBNo Comments
Risk, Security

Russias Ukraine War Drives 62% Slump in Stolen Cards

According to Recorded Future, there has been a noticeable decline in the number of stolen payment card records that have been posted to the dark web since the Russian invasion of Ukraine in early 2022. The company's Insikt Group division compiled its Annual Payment Fraud Report: 2022 by carefully examining threat intelligence obtained from the dark web. According to the report, the number of card-not-present records on the dark web carding businesses fell by 24% annually in 2022, to 45.6 million, and fell by 62%, to 13.8 million. This huge reduction was linked by Recorded Future to two important occurrences at the beginning of the year. The first was a sudden crackdown on cybercrime organizations by the Russian government, which included the arrest of alleged members of the Revil...
Read More
Follow Us on Twitter
Follow Us on LinkedIn
Follow Us on YouTube
Follow Us on Facebook