Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million around $263 million for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws. The...

CVE-2024-55946 Playloom Engine Data Storage Vulnerability

Playloom Engine is an open-source, high-performance game development engine. Engine Beta v0.0.1 has a security vulnerability related to data storage, specifically when using the collaboration features. When collaborating with another user, they may have access to personal information you have...

Playloom Engine 信息泄露漏洞

Playloom Engine is an open source, high-performance game development engine from Quetro Personal Developers. It is designed to help developers create immersive 2D and 3D games. An information disclosure vulnerability exists in Playloom Engine version v0.0.1. The vulnerability stems from the...

PT-2024-17536 · Unknown · Unifiedtransform

Name of the Vulnerable Software and Affected Versions: Unifiedtransform versions 2.0 and earlier Description: The issue involves multiple access control vulnerabilities that allow unauthorized access to personal information of students and teachers. These vulnerabilities include function-level...

SmokeLoader Malware Exploits MS Office Flaws to Steal Browser Credentials

SmokeLoader malware has resurfaced with enhanced capabilities and functionalities, targeting your personal data...

122 million people’s business contact info leaked by data broker

A data broker has confirmed a business contact information database containing 132.8 million records has been leaked online. In February, 2024, a cybercriminal offered the records for sale on a data breach forum claiming the information came from pureincubation.com. Pure Incubation was founded in...

Beauty Parlour Management System Insecure Direct Object Reference Vulnerability

Beauty Parlour Management System is an application system. The Beauty Parlour Management System suffers from an insecure direct object reference vulnerability that could be exploited by an attacker to gain access to personally identifiable information of other customers...

PT-2024-39230 · WordPress · Quform

Name of the Vulnerable Software and Affected Versions: The Quform - WordPress Form Builder plugin versions up to, and including, 2.20.0 Description: The issue allows unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users via...

PT-2024-34512 · Phpgurukul · Phpgurukul Beauty Parlour Management System

Name of the Vulnerable Software and Affected Versions: Phpgurukul's Beauty Parlour Management System version 1.1 Description: The issue is related to an Insecure Direct Object Reference IDOR vulnerability in the appointment-detail.php file. This vulnerability allows unauthorized access to the...

Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations

The Irish data protection watchdog on Thursday fined LinkedIn €310 million $335 million for violating the privacy of its users by conducting behavioral analyses of personal data for targeted advertising. "The inquiry examined LinkedIn's processing of personal data for the purposes of behavioral...

PT-2024-11559 · Ovaledge · Ovaledge

Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue allows for Sensitive Data Exposure through a GET request to the "/user/getUserType" API endpoint, which does not require authentication. This exposes information related to the...

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities KEV catalog by the U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-38094 CVSS score: 7.2,...

AI girlfriend site breached, user fantasies stolen [updated]

A hacker has stolen a massive database of users’ interactions with their sexual partner chatbots, according to 404 Media. The breached service, Muah.ai, describes itself as a platform that lets people engage in AI-powered companion NSFW chat, exchange photos, and even have voice chats. As you can...

Comcast and Truist Bank customers impacted by debt collector’s breach

A data breach at Financial Business and Consumer Solutions FBCS, a US debt collection agency, has led to the loss of data of some Comcast Cable Communications and Truist Bank customers. FBCS is in the business of collecting unpaid debts on behalf of its customers. The data breach occurred in...

Leveling Up Security: Understanding Cyber Threats in the Gaming Industry

Introduction As the G2E Global Gaming Expo conference kicks off in Las Vegas, it's important to highlight the significant role cybersecurity plays in the rapidly evolving gaming industry. From online casinos to eSports, gaming has grown into a massive global enterprise, making it a prime target f...

A week in security (September 23 – September 29)

Last week on Malwarebytes Labs: Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution Telegram will hand over user details to law enforcement Don’t share the vir...

Malwarebytes Personal Data Remover: A new way to help scrub personal data online

There’s an awful lot about you online that some awful groups want to exploit. The right combination of personal data points could help an identity thief fool a bank into opening a new, fraudulent line of credit in your name. Your alma mater, salary, and email address could help an online scammer...

100 million+ US citizens have records leaked by background check service

A background check left a huge database unprotected online containing 2.2TB of people's data, according to research by Cybernews. The database was left passwordless and easily accessible to anyone on the internet by background check firm MC2 Data. MC2 Data gathers publicly available data to provi...

Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works

Private Cloud Compute is an entirely new kind of infrastructure that, Apple’s Craig Federighi tells WIRED, allows your personal data to be “hermetically sealed inside of a privacy bubble.”...

PT-2024-28827 · Ptc · Ptc Thingworx

Name of the Vulnerable Software and Affected Versions: PTC ThingWorx version 9.5.0 Description: An Insecure Direct Object Reference IDOR in PTC ThingWorx allows attackers to view sensitive information, including personally identifiable information PII, regardless of access level. Recommendations:...