124 matches found
Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign
The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering campaign aimed at Israel in October 2024. Google-owned Mandiant described UNC2428 as a threat actor aligned with Iran that engages in cyber...
Starbucks Shifts to Manual Processes After Contractor Ransomware Attack
Ransomware attack cripples Starbucks operations, forcing the coffee giant to rely on manual processes for employee scheduling and…...
Hackers Leak 300,000 MIT Technology Review Magazine User Records
Hackers claim to have breached MIT Technology Review Magazine via a third-party contractor, leaking nearly 300,000 user records…...
Sensitive Illinois Voter Data Exposed by Contractor’s Unsecured Databases
Social Security numbers, death certificates, voter applications, and other personal data were accessible on the open internet, highlighting the ongoing challenges in election security...
ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor
Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed. "ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang,"...
ShinyHunters Claims Santander Bank Breach: 30M Customers’ Data for Sale
ShinyHunters claims surfaced two weeks after Santander Bank acknowledged a data breach linked to a third-party contractor involving…...
IntelBroker Hacker Leaks Alleged HSBC & Barclays Bank Data
By Waqas Hackers claim to have breached a third-party contractor of HSBC and Barclays, stealing sensitive data including database files, source code, and more. This is a post from HackRead.com Read the original post: IntelBroker Hacker Leaks Alleged HSBC & Barclays Bank Data...
IntelBroker Leaks Alleged National Security Data Tied to US Contractor Acuity Inc.
By Waqas The leaked data was previously being sold by the IntelBroker hacker for just $3,000 in Monero XMR cryptocurrency. This is a post from HackRead.com Read the original post: IntelBroker Leaks Alleged National Security Data Tied to US Contractor Acuity Inc...
Hacker Claims Breaching US Federal Contractor Acuity, Selling ICE, USCIS Data
By Waqas The teasure trove of highly sentisive data is being sold for just $3,000 in Monero XMR cryptocurrency on Breach Forums. This is a post from HackRead.com Read the original post: Hacker Claims Breaching US Federal Contractor Acuity, Selling ICE, USCIS Data...
New Leak Shows Business Side of China’s APT Menace
A new data leak that appears to have come from one of Chinas top private cybersecurity firms provides a rare glimpse into the commercial side of Chinas many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...
A first analysis of the i-Soon data leak
Data from a Chinese cybersecurity vendor that works for the Chinese government has exposed a range of hacking tools and services. Although the source is not entirely clear, it seems that a disgruntled staff member of the group leaked the information on purpose. The vendor, i-Soon aka Anxun is...
CVE-2023-40362
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known...
CentralSquare Security Breach
CentralSquare is an application from CentralSquare, Inc. CentralSquare suffers from a security vulnerability that stems from the web application's inability to validate a user's right to remove a contractor from an account with a specified user ID, which can be exploited by an attacker to remove ...
23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits
Plus: Russia hacks surveillance cameras as new details emerge of its attack on a Ukrainian telecom, a Google contractor pays for videos of kids to train AI, and more...
PT-2023-27412 · Centralsquare · Centralsquare Click2Gov Building Permit
Name of the Vulnerable Software and Affected Versions: CentralSquare Click2Gov Building Permit versions prior to October 2023 Description: An issue was discovered in CentralSquare Click2Gov Building Permit, where lack of access control protections allows remote attackers to arbitrarily delete...
Contractor Database Leak Exposes 500K Irish Police Vehicle Seizure Records
By Waqas This marks the fourth data security incident to affect a UK police department in 2023. This is a post from HackRead.com Read the original post: Contractor Database Leak Exposes 500K Irish Police Vehicle Seizure Records...
CVE-2023-44245
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...
CVE-2023-44245
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...
CVE-2023-44245 WordPress Contractor Contact Form Website to Workflow Tool Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...
CVE-2023-44245 WordPress Contractor Contact Form Website to Workflow Tool Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...