Security Affairs

AUGUST 3, 2024

“According to the complaint, from 2019 to the present, TikTok knowingly permitted children to create regular TikTok accounts and to create, view, and share short-form videos and messages with adults and others on the regular TikTok platform. ” reads the press release published by DoJ.

Accountability 127

Accountability Data collection Risk Hacking 127

Security Affairs

NOVEMBER 3, 2020

The scripts developed by the cyber criminal were used to parse log data collected from botnet and searched for personally identifiable information (PII) and account credentials. In some cases, the man manually chacked the stolen information. ” reads the press release published by the DoJ.

Accountability 119

Accountability Banking Advertising Data collection 119

BH Consulting

MARCH 26, 2025

It introduces accountability measures for large platforms, and strengthens users’ rights. The Data Act enhances access to and use of non-personal data across sectors. Make digital risk a board-level responsibility Directors should integrate AI governance, cybersecurity, and data protection into corporate strategy.

Government 52

Government Artificial Intelligence Risk Digital transformation 52

Security Affairs

NOVEMBER 27, 2021

Italy’s antitrust regulator has fined both Apple and Google €10 million each for what it calls are “aggressive” data practices and not providing consumers with clear information on commercial uses of their personal data during the account creation phase.

Data collection 111

Data collection Accountability Hacking Information Security 111

Security Affairs

SEPTEMBER 17, 2024

The report provides insights into factors influencing user consent for data collection and usage and reasons for consumer disengagement. More than half (55%) claimed that reducing unnecessary data collection was an additional factor that would help them gain trust in a company or brand.

Data collection 115

Data collection Data privacy B2B Digital transformation 115

Security Affairs

FEBRUARY 13, 2024

The data collected unearthed a total of 1771 ransomware claims, with 55 recorded incidents in Italy. This report offers an exhaustive account of ransomware threats in the third quarter of 2023, spotlighting activities monitored by the OSINT Ransomfeed platform. Let us now delve into the detailed breakdown of the days.

Ransomware 131

Ransomware Data collection Hacking Accountability 131

Security Affairs

MAY 15, 2019

A new story of a violation of the user’s privacy made the lines, Twitter revealed that due to a bug is collected and shared iOS location data with a third-party advertising company, Fortunately, only one partner of the micro-blogging firm was involved and the data collection and sharing occurred in certain circumstances.

Advertising 103

Advertising Accountability Data collection Mobile 103

Security Affairs

SEPTEMBER 3, 2019

The data breach impacted 562,000 subscribers, the forum has been taken offline after the incident. We’ve been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection.” New breach: XKCD had 562k accounts breached last month. The xkcd forums are currently offline.

Data breaches 108

Data breaches Passwords Advertising Data collection 108

Security Affairs

AUGUST 28, 2021

This is an enormous amount of data collected from a few small, not well-known mobile games.” ” On Thursday, the team said that users of the following games were involved in the data leak: Rainbow Story: Fantasy MMORPG, Metamorph M, and Dynasty Heroes: Legends of Samkok. Together, they account for over 1.6

Data breaches 131

Data breaches Mobile Data collection Hacking 131

Security Affairs

JUNE 9, 2024

New York Times source code compromised via exposed GitHub token SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform Pandabuy was extorted twice by the same threat actor UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces Chinese threat actor exploits old ThinkPHP flaws since October 2023 A new Linux (..)

Data breaches 125

Data breaches Banking Hacking Malware 125

Hot for Security

MARCH 17, 2021

If you were a victim of the Zynga data breach, you’ve probably changed the password for your account already. But have you considered resetting the passwords for any online accounts with similar login credentials? Users who sign up on the platform mainly provide their personal information directly during the setup process.

Data breaches 105

Data breaches Passwords Accountability Media 105

SecureList

MAY 28, 2024

But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. Having compromised the service provider’s infrastructure, intruders can obtain user accounts or certificates issued by the target organization, and thereby connect to their systems.

VPN 121

VPN Accountability Passwords Antivirus 121

Security Affairs

JANUARY 17, 2021

It is time to re-evaluate Cyber-defence solutions New Zealand central bank hit by a cyber attack TeamTNT botnet now steals Docker API and AWS credentials Connecting the dots between SolarWinds and Russia-linked Turla APT Experts found gained access to the Git Repositories of the United Nations Russian hacker Andrei Tyurin sentenced to 12 years in prison (..)

Banking 108

Banking Data collection Malware Data breaches 108

Security Affairs

NOVEMBER 15, 2022

“Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information. Location data represent the core of the digital advertising business of the IT giant. ” reads the DoJ’s press release.

Consumer Protection 98

Consumer Protection Accountability Data collection Advertising 98

Security Affairs

MAY 23, 2024

Attackers also manipulate local Administrator accounts to maintain persistence, they were spotted enabling the disabled local Administrator account, followed by resetting its password. ” The threat actors used both custom malware and off-the-shelf tools to gather sensitive data from victim machines.

Malware 131

Malware Accountability Phishing Data collection 131

Security Affairs

DECEMBER 29, 2023

Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud. The author behind Meduza distributed the following notification about the update on multiple underground communities and Telegram group: Attention!

Password Management 143

Password Management Cryptocurrency Passwords Authentication 143

Security Affairs

SEPTEMBER 18, 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic , it accounted for 46 percent of the total number of fake web pages. They are followed by banking Trojans , whose share in the total amount of malicious attachments showed growth for the first time in a while. Opened email lets spy in.

Phishing 136

Phishing Ransomware Spyware Banking 136

Security Affairs

SEPTEMBER 1, 2023

“In one case, we observed a SapphireStealer sample where the data collected using the previously described process was exfiltrated using the Discord webhook API, a method we previously highlighted here.” The FUD-Loader malware downloader was also published by the same GitHub account. ” continues the report.

Malware 127

Malware Data collection Architecture Hacking 127

Security Affairs

OCTOBER 17, 2023

’ The CERT-UA also reported that the state-sponsored hackers used compromised VPN accounts that weren’t protected by multi-factor authentication. Authentication data collected by POEMGATE can be used for lateral movement and other malicious activities on the compromised networks. “Note (!)

Telecommunications 131

Telecommunications Authentication Data collection Passwords 131

Centraleyes

DECEMBER 11, 2024

Implementation of Security Controls: Controls based on standards such as ISO 27001 or NIST Cybersecurity Framework 2.0 Governance and Accountability: Organizations must establish governance structures, including appointing a Chief Information Security Officer (CISO) or equivalent roles, to oversee cybersecurity initiatives.

Risk 52

Risk Cybersecurity Penetration Testing Digital transformation 52

Security Affairs

APRIL 6, 2023

The Threat Report Portugal: H2 2022 compiles data collected on the malicious campaigns that occurred from July to December, H2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open-sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports 98

Threat Reports Phishing Malware Banking 98

Security Affairs

JULY 21, 2019

A flaw could have allowed hackers to take over any Instagram account in 10 minutes. Mysterious hackers steal data of over 70% of Bulgarians. Sprint revealed that hackers compromised some customer accounts via Samsung site. Israel surveillance firm NSO group can mine data from major social media.

Small Business 86

Small Business Media Spyware Advertising 86

Security Affairs

MAY 12, 2021

An example of this can be traced back to June 2019, when an unauthorized user gained access to Quest Diagnostic’s sensitive data through a billing vendor by the name of the American Medical Collection Agency (AMCA). The culprit gained access to sensitive data of 11.9 SecurityAffairs – hacking, user data).

Data collection 108

Data collection Data breaches VPN Risk 108

eSecurity Planet

SEPTEMBER 21, 2024

Each of these regulations addresses different aspects of cybersecurity and data protection, making it essential for businesses and organizations to stay informed and proactive. The act also requires institutions to allow customers to opt out of having their information shared with non-affiliated third parties.

Cybersecurity 122

Cybersecurity Computers and Electronics Cyber threats Healthcare 122

Security Affairs

JANUARY 2, 2023

Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information. According to the article, there are two settings responsible for the location data collection, the “Location History” and “Web & App Activity”.

Consumer Protection 98

Consumer Protection Surveillance Data collection Accountability 98

SecureList

MARCH 29, 2021

The Internet can provide doxers with all kinds of helpful information, such as the names and positions of employees, including those who occupy key positions in the company. Such key positions include the CEO, HR department director, and chief accountant. Attacks using publicly accessible data: BEC.

Identity Theft 124

Identity Theft Phishing Accountability Banking 124

SecureWorld News

APRIL 30, 2023

Huge arrays of unstructured data utilized and modified by many users as well as the ever-growing complexity of attacks, lead to the fact that the usual means of protecting the perimeter of a corporate network no longer meet current information security requirements. What is Data-Centric Audit and Protection?

Technology 98

Technology Unstructured Data Data breaches Information Security 98

Security Affairs

NOVEMBER 15, 2022

Avast experts were able to capture several PNG files embedding a data-stealing payload. They pointed out that data collection from victims’ machines using DropBox repository, and attackers use DropBox API for communication with the final stage. They steal data via the DropBox account registered on active Google emails.”

Data collection 100

Data collection Malware Accountability Hacking 100

SC Magazine

MARCH 10, 2021

” “It would be possible, on detailed examination of video, to compromise elements of operational security,” agreed Mike Hamilton, co-founder and chief information security officer of CI Security and former Seattle CISO. Thought leaders advise reducing or eliminating the use of these skeleton key-like accounts.

Surveillance 129

Surveillance IoT Accountability Passwords 129

Security Affairs

APRIL 6, 2023

A package containing features such as 3-D Secure support and support for configuring a phishing website, may cost up to $300. User personal data for sale. Crooks offers data collected through phishing campaign to the subscribers. ” continues the analysis. ” Phishing-as-a-Service. .

Phishing 98

Phishing Scams Social Engineering Accountability 98

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. Links account for 29%, while attachments—for 71%. rar archive files. Dangerous email.

Ransomware 98

Ransomware Antivirus Malware Banking 98

Security Affairs

MAY 13, 2019

” The social network suspended apps and accounts associated with Rankwave and asked the court to order it to respect its rules for applications. Rankwave apparently misused data collected by his app for checking users’ social media “influencer score”. ” reported Techcrunch.

Advertising 91

Advertising Data collection Marketing Media 91

SecureList

OCTOBER 18, 2023

Using a vulnerability in a legitimate driver and a rootkit, they interfered with the antivirus, intercepted user credentials (many of which were cached on the terminal server, including accounts with administrator privileges on many systems), and began actively moving around the network.

Malware 141

Malware Phishing Internet Internet 141

Security Affairs

DECEMBER 29, 2019

According to Twelve Security , the exposed data includes: User name and email of those who purchased cameras and then connected them to their home 24% of the 2.4 According to Twelve Security , the exposed data includes: User name and email of those who purchased cameras and then connected them to their home 24% of the 2.4

IoT 96

IoT Accountability Advertising Wireless 96

SecureWorld News

JUNE 24, 2024

Additionally, there sectoral privacy regulations in the United States, such as the Health Insurance Portability and Accountability Act (HIPAA), and state level regulations like the California Consumer Privacy Act (CCPA). Also, the GDPR recommends data anonymization to minimize the risk of PII breach and identity theft.

IoT 107

IoT InfoSec Artificial Intelligence Risk 107

Security Affairs

OCTOBER 27, 2022

Data collected by Microsoft Defender for Endpoint shows that nearly 3,000 devices in almost 1,000 organizations have seen at least one RaspberryRobin payload-related alert in the last 30 days. DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm.

Ransomware 108

Ransomware Malware Data collection Encryption 108

Security Affairs

APRIL 15, 2023

The collected data is sent to the C2 server every two days, but the cycle depends on the remote configuration. The level of data collection depends on the permissions granted to the app using the malicious library.

Data collection 98

Data collection Mobile Malware Education 98