Information and Information Security - Cyber Security Informer

DeepSeek database exposed highly sensitive information

Security Affairs

JANUARY 30, 2025

“This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details.” It was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000.” ” reads the report published by Wiz. ” concludes the report.

Authentication

Authentication Passwords Hacking Risk

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. Google researchers analyzed a new malware family called PLAYFULGHOST that supports multiple features, including keylogging, screen and audio capture, remote shell, and file transfer/execution.

Malware

Malware Encryption Phishing Hacking

Broadcom fixed information disclosure flaws in VMware Aria Operations

Security Affairs

JANUARY 31, 2025

is an information disclosure vulnerability in VMware Aria Operations for Logs.A is an information disclosure vulnerability. Broadcom patched five flaws in VMware Aria Operations and Aria Operations for Logs that could lead to privilege escalation and credential theft. CVE-2025-22222 (CVSS score: 7.7)

Authentication

Authentication Hacking Cybersecurity Information Security

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Change Healthcare Breach Hits 100M Americans

Krebs on Security

OCTOBER 30, 2024

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com. Image: Darkbeast, ke-la.com.

Healthcare

Healthcare Insurance Computers and Electronics Data breaches

The US Treasury’s OCC disclosed an undetected major email breach for over a year

Security Affairs

APRIL 9, 2025

The confidentiality and integrity of the OCCs information security systems are paramount to fulfilling its mission, said Acting Comptroller of the Currency Rodney E. security team the day before had notified OCC about unusual network behavior, according to the draft letter.” The review process is still ongoing. OCC on Feb.

Accountability

Accountability Banking Information Security Hacking

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. “We have been playing cat and mouse for a while with these guys,” said Matt Sciberras , chief information security officer at Invicti.

Hacking

Hacking Cybercrime Advertising Data breaches

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

These falsely obtained credentials enable cyber criminals to successfully mimic a real-world investigation by inducing platform operators to provide extremely sensitive information. FROM ACCOUNT THEFT TO A FULL-FLEDGED SERVICE: THE EVOLUTION OF THE MODEL The phenomenon has rapidly upgraded complexity, as detailed in the Meridian Group report.

Cybercrime

Cybercrime Social Engineering Accountability Government

DNA testing company vanishes along with its customers’ genetic data

Malwarebytes

NOVEMBER 12, 2024

In 2023, cybercriminals put up information belonging to as many as seven million 23andMe customers for sale on criminal forums following a credential stuffing attack against the genomics company. This makes the information a treasure trove for advertisers, insurance companies, and Big Pharma.

Insurance

Insurance Accountability Risk Data breaches

Russia warns financial sector organizations of IT service provider LANIT compromise

Security Affairs

FEBRUARY 25, 2025

” NKTsKI recommends organizations to strengthen monitoring of threats and information security events in systems provided by LANIT. LANIT Group (Laboratory of New Information Technologies) is one of Russia’s largest IT service and software providers. ” said U.S.

Telecommunications

Telecommunications Software Technology Healthcare

Amazon discloses employee data breach after May 2023 MOVEit attacks

Security Affairs

NOVEMBER 11, 2024

Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks. Amazon disclosed a data breach that exposed employee information after data was allegedly stolen during the May 2023 MOVEit attacks. Exposed data did not include Social Security numbers or financial information.

Data breaches

Data breaches Hacking Ransomware Technology

2023 Anna Jaques Hospital data breach impacted over 310,000 people

Security Affairs

DECEMBER 8, 2024

The investigation aimed to determine the extent of the activity, and whether individual personal information, if any, may have been accessed or acquired by an unauthorized third party. ” reads the notice of security incident shared with the Maine Attorney General.

Data breaches

Data breaches Insurance Healthcare Ransomware

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. Recently, many cybercriminals have been creating profiles shortly before sharing information about hacks, attacks, or data leaks in France.” Free S.A.S.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

South African telecom provider Cell C disclosed a data breach following a cyberattack

Security Affairs

APRIL 13, 2025

Compromised data includes full names, contact details, ID numbers, banking information, drivers license numbers, medical records and passport details. The company engaged top cybersecurity and forensic experts, informed authorities, and is actively supporting affected stakeholders. The gang claimed the theft of 2 TB of data.

Data breaches

Data breaches Unstructured Data Identity Theft Healthcare

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OCTOBER 11, 2024

. “CyberAv3nger accounts also asked our models high-level questions about how to obfuscate malicious code, how to use various security tools often associated with post-compromise activity, and for information on both recently disclosed and older vulnerabilities from a range of products.” ” continues the report.

Malware

Malware Social Engineering Engineering Hacking

ConnectOnCall data breach impacted over 900,000 individuals

Security Affairs

DECEMBER 16, 2024

ConnectOnCall disclosed a data breach impacting over 900,000 individuals, exposing their personal information. The company disclosed a data breach that exposed personal information and medical information of more than 900,000 individuals. ” reads the Notice of Data Security Incident. concludes the notice.

Data breaches

Data breaches Identity Theft Healthcare Insurance

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Security Affairs

NOVEMBER 21, 2024

The authorities launched an investigation after the ransomware gang Ransomhub claimed the attack and published samples of personal information from a database of government. This is not the first time Mexico’s presidential office has been targeted in a hack involving sensitive information. ” reported the Associated Press.

Government

Government Hacking Ransomware Insurance

Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies

Security Affairs

MARCH 8, 2025

A data breach suffered by the Japanese telecom giant NTT exposed information of nearly 18,000 corporate customers. Japanese telecom giant NTT suffered a data breach that exposed information of nearly 18,000 corporate customers. Please note that information about services for individual customers was not included.”

Data breaches

Data breaches Mobile Hacking Malware

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Security Affairs

NOVEMBER 24, 2024

Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions. million in revenue.

Cybercrime

Cybercrime Cryptocurrency Banking Accountability

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Security Affairs

OCTOBER 31, 2024

Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Faced with this situation, we immediately deployed additional security measures to protect the operations and information of our clients.” ” reads the statement published by the company.

Data breaches

Data breaches Financial Services Hacking Mobile

Digital nomads and risk associated with the threat of infiltred employees

Security Affairs

MARCH 4, 2025

Implications The infiltration of IT workers with fraudulent or espionage purposes and perhaps belonging to nation-state affiliations poses a serious threat to national and corporate security. He is also the author of the book La Gestione della Cyber Security nella Pubblica Amministrazione. Education improves awareness is his slogan.

Risk

Risk Education Scams VPN

News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

The Last Watchdog

DECEMBER 5, 2024

5, 2024, CyberNewswire — One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the 12th annual Cyber Defense Awards by Cyber Defense Magazine (CDM), the industrys leading information security magazine. Alisa Viejo, Calif.,

InfoSec

InfoSec Cyber Risk CISO Cybersecurity

Top 9 Trends In Cybersecurity Careers for 2025

eSecurity Planet

OCTOBER 18, 2024

Blockchain: Developed primarily for cryptocurrency applications and maligned for manipulating those markets, blockchain can be a valuable security tool, as its universe of connected nodes is almost impossible to corrupt or destroy. Security Engineer Security engineers build secure systems. Salary: $124,424, Cyberseek.

Cybersecurity

Cybersecurity Artificial Intelligence Penetration Testing CISO

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

The cyber spies stole information belonging to targeted individuals that was subject to U.S. “T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,” a company spokeswoman told WSJ. “We

Mobile

Mobile Telecommunications Data breaches Hacking

VMware fixed three actively exploited zero-days in ESX products

Security Affairs

MARCH 4, 2025

HGFS information-disclosure vulnerability: the vulnerability is an information disclosurevulnerability that impacts VMware ESXi, Workstation, and Fusion. The virtualization giant confirmed that it has information to suggest that exploitation of the three flaws has occurred in the wild. CVE-2025-22226 (CVSS score of 7.1)

Hacking

Hacking Information Security

African multinational telco giant MTN Group disclosed a data breach

Security Affairs

APRIL 26, 2025

African multinational telecommunications company MTN Group disclosed a data breach that exposed subscribers’ personal information. The company disclosed a data breach that exposed subscribers’ personal information, it added that the incident did not impact core network, billing system,s and financial services infrastructure.

Data breaches

Data breaches Telecommunications Financial Services Mobile

Healthcare Now Third-Most Targeted Industry for Ransomware

SecureWorld News

NOVEMBER 14, 2024

Attackers are not only encrypting systems but also targeting sensitive data, including Protected Health Information (PHI) and Personally Identifiable Information (PII), such as diagnoses, therapy records, genetic data, and Social Security numbers. Louis, Missouri.

Healthcare

Healthcare Ransomware Identity Theft Data breaches

Internet Archive was breached twice in a month

Security Affairs

OCTOBER 21, 2024

Internet Archive Zendesk emails sent by the threat actor Source: BleepingComputer The message highlights a poor security posture by the Internet Archive. Hunt will add the information of the impacted users to HIBP very soon. Hunt also verified the authenticity of the information included in the stolen archive.

Internet

Internet Internet Data breaches Authentication

Port of Seattle ‘s August data breach impacted 90,000 people

Security Affairs

APRIL 5, 2025

The ransomware gang hit organizations in multiple industries, including education, healthcare, manufacturing, information technology, and government sectors. The Port started notifying impacted individuals after their personal information was compromised. Please visit our cyberattack webpage for additional information.”

Data breaches

Data breaches Ransomware Cyber Attacks Manufacturing

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Security Affairs

DECEMBER 3, 2024

Securities and Exchange Commission (SEC), the company discovered the attack on November 25. The threat actors had access to the company’s information technology systems and encrypted some of its data files. According to the FORM 8-K report filed with the U.S. ” reads the report filed with SEC.

Ransomware

Ransomware Encryption Technology Cybersecurity

World Backup Day: A Clarion Call for Cyber Resilience

SecureWorld News

MARCH 31, 2025

A critical business function, not just a checkbox "World Backup Day acts as a crucial reminder that data loss is inevitable, encouraging us to take proactive steps to protect our information," says Emilio Sepulveda , Manager of Information Security at Deepwatch.

Backups

Backups Mobile Encryption CISO

New version of Android malware FakeCall redirects bank calls to scammers

Security Affairs

OCTOBER 30, 2024

The malware allows operators to steal bank users’ sensitive information and money from their bank accounts. FakeCall is a banking trojan that uses voice phishing by impersonating banks in fraudulent calls to obtain sensitive information from victims.

Banking

Banking Malware Accountability Phishing

8Base ransomware group hacked Croatia’s Port of Rijeka

Security Affairs

DECEMBER 7, 2024

Allegedly, invoice receipts, accounting documents, personal data, certificates, employment contracts, a huge amount of confidential information, confidentiality pic.twitter.com/Tad7LeOcsk — HackManac (@H4ckManac) December 6, 2024 According to the announcement published by the group on its Tor leak site, stolen data includes: Invoice Receipts (..)

Ransomware

Ransomware Hacking Accountability Cyber Attacks

U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MARCH 4, 2025

HGFS information-disclosure vulnerability: the vulnerability is an information disclosurevulnerability that impacts VMware ESXi, Workstation, and Fusion. The virtualization giant confirmed that it has information to suggest that exploitation of the three flaws has occurred in the wild. CVE-2024-50302 (CVSS score of 5.5)

Mobile

Mobile Hacking Cybersecurity Risk

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Security Affairs

DECEMBER 5, 2024

Gathering information from the huge number of sources inherent in modern IT environments is laborious, mundane, and mentally exhausting. For instance, a simple suspicious login alert might require an analyst to check user activity logs, verify access patterns, and cross-reference data across various security platforms.

Artificial Intelligence

Artificial Intelligence Data collection Cybersecurity Risk

Laboratory Services Cooperative data breach impacts 1.6 Million People

Security Affairs

APRIL 11, 2025

Laboratory Services Cooperative disclosed a data breach that impacted the personal and medical information of 1.6 “The specific information involved is not the same for everyone.” Health Insurance Information: This may encompass plan name, plan type, insurance companies, and member/group ID numbers. million people.

Data breaches

Data breaches Insurance Banking Accountability

A crime ring compromised Italian state databases reselling stolen info

Security Affairs

OCTOBER 28, 2024

The charges being pursued by investigators include criminal conspiracy for unauthorized access to computer systems, illegal interception, falsification of electronic communications, disclosure of confidential information, aiding and abetting, and extortion. ” reads a statement from a lawyer for Del Vecchio.

Computers and Electronics

Computers and Electronics Banking Marketing Hacking

Change Healthcare data breach exposed the private data of over half the U.S.

Security Affairs

JANUARY 26, 2025

“Hackers stole sensitive information belonging to around 190 million people in a cyberattack on a UnitedHealth Group subsidiary last year that roiled the U.S. According to the Associated Press, UnitedHealth booked $1.1 billion in total costs from the cyberattack in the second quarter. healthcare industry, the company said Friday.”

Healthcare

Healthcare Data breaches Insurance Cybercrime

CEO of cybersecurity firm charged with installing malware on hospital systems

Security Affairs

APRIL 26, 2025

Due to precautions in place, the issue was addressed immediately, and no patient information was accessed. .” reads the hospital’s statement. “The protection of data and the integrity of our systems are top priorities. We worked closely with law enforcement during the investigation.” ” St.

Malware

Malware Cybersecurity Healthcare Media

Change Healthcare data breach impacted over 100 million people

Security Affairs

OCTOBER 25, 2024

According to the Associated Press, UnitedHealth booked $1.1 billion in total costs from the cyberattack in the second quarter.

Data breaches

Data breaches Healthcare Cybercrime Insurance

California Cryobank, the largest US sperm bank, disclosed a data breach

Security Affairs

MARCH 19, 2025

California Cryobank, the largest US sperm bank, suffered a data breach exposing customer information. The company disclosed a data breach that exposed customers’ personal information. At this time, it is unclear if the exposed information includes any donor data.

Data breaches

Data breaches Banking Insurance Hacking

Ransomware attack hit Indian multinational Tata Technologies

Security Affairs

FEBRUARY 1, 2025

“Pursuant to Regulation 30 of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, this is to inform you that the Company has become aware of a ransomware incident that has affected a few of our IT assets.” Threat actors hit the company’s information technology (IT) infrastructure.

Technology

Technology Ransomware Engineering Manufacturing

Bitdefender released a decryptor for the ShrinkLocker ransomware

Security Affairs

NOVEMBER 13, 2024

Additionally, configuring Group Policy to store BitLocker recovery information in Active Directory Domain Services (AD DS) and enforcing the policy “Do not enable BitLocker until recovery information is stored to AD DS for operating system drives” can prevent unauthorized encryption.

Ransomware

Ransomware Encryption Passwords Backups

From Risk Assessment to Action: Improving Your DLP Response

Security Affairs

OCTOBER 25, 2024

These assessments help identify and protect sensitive information – including personally identifiable information (PII), intellectual property, and financial data – and sniff out vulnerabilities in existing defenses to ensure protection against cyberattacks and inadvertent data exposure.

Risk

Risk Cybersecurity Data breaches Cyber threats

Oracle privately notifies Cloud data breach to customers

Security Affairs

APRIL 6, 2025

Oracle confirms a cloud data breach, quietly informing customers while downplaying the impact of the security breach. Oracle confirms a data breach and started informing customers while downplaying the impact of the incident.

Data breaches

Data breaches Encryption Hacking Passwords

DeepSeek database exposed highly sensitive information

PLAYFULGHOST backdoor supports multiple information stealing features

Webinars

Trending Sources

Broadcom fixed information disclosure flaws in VMware Aria Operations

Webinars

Change Healthcare Breach Hits 100M Americans

The US Treasury’s OCC disclosed an undetected major email breach for over a year

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

EDR-as-a-Service makes the headlines in the cybercrime landscape

DNA testing company vanishes along with its customers’ genetic data

Russia warns financial sector organizations of IT service provider LANIT compromise

Amazon discloses employee data breach after May 2023 MOVEit attacks

2023 Anna Jaques Hospital data breach impacted over 310,000 people

France’s second-largest telecoms provider Free suffered a cyber attack

South African telecom provider Cell C disclosed a data breach following a cyberattack

Iran and China-linked actors used ChatGPT for preparing attacks

ConnectOnCall data breach impacted over 900,000 individuals

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Digital nomads and risk associated with the threat of infiltred employees

News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

Top 9 Trends In Cybersecurity Careers for 2025

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

VMware fixed three actively exploited zero-days in ESX products

African multinational telco giant MTN Group disclosed a data breach

Healthcare Now Third-Most Targeted Industry for Ransomware

Internet Archive was breached twice in a month

Port of Seattle ‘s August data breach impacted 90,000 people

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

World Backup Day: A Clarion Call for Cyber Resilience

New version of Android malware FakeCall redirects bank calls to scammers

8Base ransomware group hacked Croatia’s Port of Rijeka

U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Laboratory Services Cooperative data breach impacts 1.6 Million People

A crime ring compromised Italian state databases reselling stolen info

Change Healthcare data breach exposed the private data of over half the U.S.

CEO of cybersecurity firm charged with installing malware on hospital systems

Change Healthcare data breach impacted over 100 million people

California Cryobank, the largest US sperm bank, disclosed a data breach

Ransomware attack hit Indian multinational Tata Technologies

Bitdefender released a decryptor for the ShrinkLocker ransomware

From Risk Assessment to Action: Improving Your DLP Response

Oracle privately notifies Cloud data breach to customers

Stay Connected