Tag: data
-
More than 100,000 had information stolen from Hertz through Cleo file share tool
by
in SecurityNewsCar rental giant Hertz has been notifying state regulators of a data breach that occurred through third-party file sharing software. Tens of thousands of people are affected, but the company hasn’t specified a total number. First seen on therecord.media Jump to article: therecord.media/hertz-data-breach-notifications-cleo-vulnerability
-
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak – P2
by
in SecurityNewsThis is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new keyloggers used by Mustang Panda that we have named PAKLOG and CorKLOG as well as an EDR evasion…
-
Latest Mustang Panda Arsenal: ToneShell and StarProxy – P1
by
in SecurityNewsIntroductionThe Zscaler ThreatLabz team discovered new activity associated with Mustang Panda, originating from two machines from a targeted organization in Myanmar. This research led to the discovery of new ToneShell variants and several previously undocumented tools. Mustang Panda, a China-sponsored espionage group, traditionally targets government-related entities, military entities, minority groups, and non-governmental organizations (NGOs) primarily…
-
CVE program averts swift end after CISA executes 11-month contract extension
by
in SecurityNews
Tags: china, cisa, computer, cve, cyber, cybersecurity, data, defense, detection, endpoint, flaw, framework, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, software, technology, threat, update, vulnerability, vulnerability-managementImportant update April 16, 2025: Since this story was first published, CISA signed a contract extension that averts a shutdown of the MITRE CVE program.A CISA spokesperson sent CSO a statement saying, “The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure…
-
Cloud, Cryptography Flaws in Mobile Apps Leak Enterprise Data
by
in SecurityNewsCloud misconfigurations and cryptography flaws plague some of the top apps used in work environments, exposing organizations to risk and intrusion. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/cloud-cryptography-flaws-mobile-apps-expose-enterprise-data
-
Law firm ‘didn’t think’ data theft was a breach, says ICO. Now it’s nursing a £60K fine
by
in SecurityNewsDPP Law is appealing against data watchdog’s conclusions First seen on theregister.com Jump to article: www.theregister.com/2025/04/16/law_firm_ico_fine/
-
Hertz Data Breach Exposes Customer Information in Cleo Zero-Day Attack
by
in SecurityNewsHertz has confirmed a data breach exposing customer data after a zero-day attack targeting file transfer software from Cleo Communications First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hertz-data-breach-exposes-customer/
-
Oracle April 2025 Critical Patch Update Addresses 171 CVEs
by
in SecurityNewsOracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates. Background On April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378 security updates across 32 Oracle product…
-
Landmark Admin Suffers Major Breach, Exposing Data of 1.6M+ Users
by
in SecurityNewsLandmark Admin, LLC (“Landmark”), a Texas-based third-party administrator for life insurance carriers, has confirmed that a cyberattack compromised sensitive personal data belonging to more than 1.6 million individuals. The breach, detected in mid-May 2024, has prompted urgent calls for vigilance among affected policyholders, insurance producers, and beneficiaries. Discovery and Immediate Response According to an official…
-
SquareX to Reveal Critical Data Splicing Attack at BSides SF, Exposing Major DLP Vulnerability
by
in SecurityNewsSquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025. Titled “Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out”, the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data Loss Protection (DLP) vendors…
-
Hertz Confirms Data Breach After Hackers Stole Customer PII
by
in SecurityNewsHertz confirms data breach linked to Cleo software flaw; Cl0p ransomware group leaked stolen data, exposing names, driver’s… First seen on hackread.com Jump to article: hackread.com/hertz-confirms-data-breach-hackers-stole-customer-pii/
-
92% of Mobile Apps Found to Use Insecure Cryptographic Methods
by
in SecurityNewsStudy reveals 92% of mobile apps use insecure cryptographic methods, exposing millions to data risks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/92-mobile-apps-insecure/
-
SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions
by
in SecurityNewsPalo Alto, California, 16th April 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/squarex-to-uncover-data-splicing-attacks-at-bsides-san-francisco-a-major-dlp-flaw-that-compromises-data-security-of-millions/
-
British law firm fined after ransomware group publishes confidential client data
by
in SecurityNewsA U.K. law firm specializing in crime, family fraud, sexual offenses and other sensitive matters has been fined after a hack that led to a data leak on the dark web, something the company only learned about after authorities contacted it. First seen on therecord.media Jump to article: therecord.media/uk-law-firm-fined-ico-ransomware-sensitive-data-breached
-
SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions
by
in SecurityNewsPalo Alto, California, 16th April 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/squarex-to-uncover-data-splicing-attacks-at-bsides-san-francisco-a-major-dlp-flaw-that-compromises-data-security-of-millions/
-
LastPass Review: Is it Still Safe and Reliable in 2025?
by
in SecurityNewsLastPass’ recent data breaches make it hard to recommend as a viable password manager in 2025. Learn more in our full review below. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/lastpass-review/
-
4Chan Outage Sparks Cyberattack Rumors and Data Leak Concerns
by
in SecurityNewsOn April 14, 2025, 4Chan, the infamous anonymous image board, experienced downtime due to unexplained outages that left users frustrated and speculating about the cause. While the exact reason for the downtime remains uncertain, some users have suggested that a cyberattack or hacking incident could be responsible. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/4chan-down-due-to-outage/
-
Insurance firm Lemonade warns of breach of thousands of driving license numbers
by
in SecurityNewsA data breach at insurance firm Lemonade left the details of thousands of drivers’ licenses exposed for 17 months. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/insurance-firm-lemonade-warns-of-breach-of-thousands-of-driving-license-numbers
-
Government contractor Conduent disclosed a data breach
by
in SecurityNewsThe business services provider Conduent told the SEC a January cyberattack exposed personal data, including names and Social Security numbers. The business services provider Conduent revealed that personal information, including names and Social Security numbers, was stolen in a January cyberattack. In January, Conduent confirmed a cyberattack caused service disruptions after agencies in multiple US…
-
Hackers Exploit Node.js to Spread Malware and Exfiltrate Data
by
in SecurityNewsThreat actors are increasingly targeting Node.js”, a staple tool for modern web developers”, to launch sophisticated malware campaigns aimed at data theft and system compromise. Microsoft Defender Experts (DEX) have reported a spike in such attacks since October 2024, especially focusing on malvertising and deceptive software installers. Node.js: From Developer Darling to Hacker’s Tool Node.js…
-
Cyberangriff auf einen Betreiber von Park-Apps in Italien
by
in SecurityNewsIl Comune di Sarzana informa che, in data 29 marzo 2025, la società Gestopark s.r.l.— gestore del servizio dei parcheggi a pagamento per conto del Comune — è stata oggetto di un attacco informatico. First seen on comune.sarzana.sp.it Jump to article: www.comune.sarzana.sp.it/
-
MITRE CVE Program Funding Set To Expire
by
in SecurityNews
Tags: cve, cvss, cybersecurity, data, github, identity, intelligence, mitre, monitoring, nist, technology, update, vulnerability, vulnerability-managementMITRE’s CVE program has been an important pillar in cybersecurity for over two decades. The lack of certainty surrounding the future of the CVE program creates great uncertainty about how newly discovered vulnerabilities will be cataloged. Background On April 15, reports circulated that the contract for funding the Common Vulnerabilities and Exposures (CVE) program along…
-
The most dangerous time for enterprise security? One month after an acquisition
by
in SecurityNewsFear of upgrading or purchasing any new security tech. Managers are hesitant to invest because they don’t know what the new parent company will decide, and they don’t want to waste money.Talented security people leave, along with the best people in every business unit. They are worried about being laid off, so they take whatever…
-
CVE program faces swift end after DHS fails to renew contract, leaving security flaw tracking in limbo
by
in SecurityNews
Tags: china, cisa, cve, cyber, cybersecurity, data, detection, endpoint, flaw, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, technology, threat, vulnerability, vulnerability-managementMITRE’s CVE program foundational to cybersecurity: MITRE’s CVE program is a foundational pillar of the global cybersecurity ecosystem and is the de facto standard for identifying vulnerabilities and guiding defenders’ vulnerability management programs. It provides foundational data to vendor products across vulnerability management, cyber threat intelligence, security information, event management, and endpoint detection and response.Although…
-
The Salt Typhoon Telecom Breach: When Network Access Becomes National Exposure
by
in SecurityNewsThe recent Salt Typhoon breach targeting telecom infrastructure isn’t just another headline”, it’s a warning shot to every service provider that uptime and connectivity aren’t enough. This sophisticated campaign, attributed to Chinese state-sponsored actors, illustrates how telecom networks are now being leveraged not just for disruption but for surveillance, espionage, and long-term data access. What…
-
New ResolverRAT malware targets healthcare and pharma orgs worldwide
by
in SecurityNews
Tags: authentication, control, data, encryption, group, healthcare, infrastructure, malware, monitoring, network, organized, rat, strategy, threat, toolPersistence and stealthy C2 communication: The new RAT employs multiple persistence strategies, including more than 20 obfuscated registry entries and files dropped in multiple folders on disk. The malware keeps a record of which persistence techniques were successful to use them as a fallback mechanism.Communication with the command-and-control (C2) server uses TLS encryption with a…
-
Whistleblower Accuses DOGE of Data-Harvesting Cover Up
by
in SecurityNewsComplaint Says Russia-Based IP Address Attempted to Gain Access as DOGE Took Data. A whistleblower has accused staffers from the Department of Government Efficiency of attempting to cover their tracks while collecting troves of sensitive data from the independent labor agency’s computer systems, raising significant security concerns. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/whistleblower-accuses-doge-data-harvesting-cover-up-a-28013
-
ICICI Bank Ransomware Breach: A Stark Reminder of Supply Chain Risk and the Need for Real-Time Cyber Vigilance
by
in SecurityNewsThe recent ransomware breach tied to ICICI Bank”, claimed by the LockBit group”, has raised fresh concerns about the fragility of digital ecosystems and third-party risk. While official confirmations remain limited, leaked files and dark web chatter suggest that attackers accessed systems through a vendor relationship and exfiltrated over 3 TB of sensitive data, including…