29 matches found
Flickr Notifies Users of Data Breach After External Partner Security Flaw
Flickr says a third-party email vendor flaw may have exposed user names, emails, IP data, and activity logs,…...
What Recent Cyber Attacks Reveal About Readiness in 2025
When we last wrote about the rising tide of cyberattacks hitting the retail sector, the headlines were already sobering: disruption at major brands, ransomware claims, and attackers showing a deep understanding of how to break into systems and exploit trust. But that was just the beginning. Since...
Pandora Cyber Attack Exposes Customer Data Via Third-Party Vendor
Pandora cyber attack exposes customer data via third-party breach. No passwords or payment info leaked, but phishing risks remain...
Qantas Confirms Major Data Breach Linked to Third-Party Vendor
Qantas has confirmed a data breach after attackers gained access through a third-party call centre platform, affecting millions…...
Retail Under Siege: What Recent Cyber Attacks Tell Us About Today’s Threat Landscape
When several major UK organizations, including well-known retail brands, found themselves caught in a cyber attack earlier this year, it made headlines. But this incident wasn’t the first, and it won’t be the last. It reflects a growing trend where attackers exploit third-party vendors to breach...
Suspicious Minds: Insider Threats in The SaaS World
Everyone loves the double-agent plot twist in a spy movie, but it's a different story when it comes to securing company data. Whether intentional or unintentional, insider threats are a legitimate concern. According to CSA research, 26% of companies who reported a SaaS security incident were stru...
American Express Cardholders Impacted by Third-Party Vendor Data Breach
By Waqas Another day, another third-party data breach! This is a post from HackRead.com Read the original post: American Express Cardholders Impacted by Third-Party Vendor Data Breach...
Guardians of IoT: Safeguarding connectivity of input and output channels
Ensuring the security of the Internet of Things IoT demands a meticulous examination of industry-specific vulnerabilities and a profound comprehension of data handling. Have you taken the necessary steps to confirm that your chosen third-party security vendor possesses a comprehensive understandi...
SA40662 - Pulse Workspace data exposure
Problem A data exposure issue was discovered by a third party security research group where access to a small section of Pulse Secure customer data store on a recognized cloud service provider during the period of 11 AM to 2 PM on March 16, 2017. During this three-hour period, Pulse Secure has no...
Software provider denied insurance payout after ransomware attack
The Supreme Court of Ohio issued a ruling days before the New Year that a software and service provider shouldn't be covered by insurance against a ransomware attack as it didn't cause direct or physical harm to tangible components of software, as it doesnt have any. "When insurance policy covers...
Uber data stolen via third-party vendor
Uber is facing a new cybersecurity incident after threat actors stole some of its data from Teqtivity, a third-party vendor that provides asset management and tracking services. "We are aware of customer data that was compromised due to unauthorized access to our systems by a malicious third...
The Company You Keep – Preparing for supply chain attacks with Talos IR
Given the increasing frequency of supply chain attacks, the sophistication of those attacks, and the expansion of the attack surface beyond an organizations direct control, incident preparedness and response activities must be considered in the overall supply chain risk mitigation strategy. Suppl...
A Door Isn’t a Door When It’s Ajar - Part 3
A Door Isn’t a Door When It’s Ajar - Part III By Trellix · August 25, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Installing OnGuard by Third Party Vendor Exploitation and Hacking the Planet! Putting it all Together Building the Final Demo System The Demo Lessons and...
Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972
Executive Summary Microsoft recently mitigated and remediated a vulnerability affecting Azure Data Factory and Azure Synapse Pipelines. The vulnerability was found in the third-party ODBC data connector used to connect to Amazon Redshift, in Integration Runtime IR in Azure Synapse Pipelines, and...
Okta Says Security Breach by Lapsus$ Hackers Impacted Only Two of Its Customers
Identity and access management provider Okta on Tuesday said it concluded its probe into the breach of a third-party vendor in late January 2022 by the LAPSUS$ extortionist gang and that it was far more limited in scope. Stating that the "impact of the incident was significantly less than the...
Mercedes-Benz Customer Data Flies Out the Window
Ahh, the luxury of Mercedes-Benz cars: The high-end upholstery, plush carpeting, polished wood trim, LED mood lighting. “Even the scent signals that this vehicle is special,” as the automaker sighs. Of course, even a company like Mercedes-Benz can inadvertently fart out customer data. That’s what...
CVS Health Records for 1.1 Billion Customers Exposed
More than 1 billion records for CVS Health customers were left in the database of a third-party, unnamed vendor – exposed, unprotected, online. Researchers said the data points revealed could be strung together to create an extremely personal snapshot of someones’s medical situation. The glitch i...
Malaysia Air Downplays Frequent-Flyer Data Breach
Malaysia Airlines sent out an email to frequent flyer program members assuring them that there’s “no evidence” their personal data has been misused in the wake of a supply-chain attack via a third-party vendor. However, experts think that’s unlikely. And, they say the repercussions could be...
HackerOne: Stored XSS on https://events.hackerone.com
@nagli found a stored Cross-Site Scripting vulnerability in a 3rd party vendor that was used by HackerOne. This system did not contain any data related to reports submitted and stored on hackerone.com. HackerOne worked with the vendor to remediate the vulnerability. The report is partially...
Greenhouse.io: SSH port on store.greenhouse.io is vulnerable to brute force attacks
Open SSH port found on third party vendor...