Data Leak
Categories
- AI
- Analysis
- China
- Expert Opinions
- Featured
- Gambling
- Latest News
- LockBit
- News
- Aerospace
- Apple
- Arrest
- Automotive
- Big Tech
- Breaking News
- Business Email Compromise
- China
- Chip Technology
- Climate
- Cryptocurrency
- Cyber Budget
- Cyber Espionage
- Cyber M&A
- cybercrime
- Cybersecurity Events
- Data Leak
- deepfake
- Energy Sector
- Ethiopia
- European Union
- Finance
- France
- Geopolitics
- Government
- Hacktivism
- Healthcare
- Human Error
- India
- Investment Scam
- Iran
- Israel Conflict
- Malicious Bots
- Malware
- North Korea
- Norton
- One Minute Roundup
- Personal Services
- Phishing
- ransomware
- Retail
- Russia
- SEC
- SMB
- Social Media
- Spyware
- Sri Lanka
- Supply Chain
- Surveillance
- Taiwan
- Telecommunications
- VPN
- Vulnerability
- Wire Fraud
- Workforce Cyber
- One Minute Roundup
- sextortion
- Space
- Spyware
- Threat Intelligence
- Trends
- Uncategorized
White House phone hack rings alarm bells
An attempt to impersonate White House Chief of Staff Susie Wiles is currently being investigated by US federal agencies. The incident highlights the ongoing dangers posed by key individuals using their personal phones to store the phone numbers of important contacts, now that voice cloning enables cybercriminals to mimic anyone’s voice with ease.
Three million Google Chrome users hacked
Over three million Google Chrome users have been issued a warning concerning 16 browser extensions that have been compromised by hackers. This alarming news comes hard on the heels of reports earlier this month that cybercriminals are also leveraging search engine giant Google’s new Gemini 2.0 (artificial intelligence) AI assistant. The list of Google’s hacked browser extensions includes: Emojis, Video Effects for YouTube, Audio Enhancer, Blipshot, Color Changer for YouTube, Themes for Chrome, and YouTube Picture in Pictures. Adblocker for Chrome, Adblock for You, Adblock for Chrome, Nimble Capture, KProxy and Page Refresh, Wistia Video Downloader have also been compromised.
Microsoft 365 accounts are being compromised worldwide
A vast botnet of over 130,000 compromised devices is now attacking Microsoft 365 accounts worldwide. A botnet is a network of computing devices that have been surreptitiously taken over by hackers and are being controlled remotely without the owners’ knowledge. Microsoft 365 accounts are suffering from ‘password spray attacks’ by the botnet. This involves mass attempts to use large numbers of common passwords to infiltrate users’ Microsoft accounts, targeting basic authentication procedures and thereby bypassing multi-factor authentication.
Companies must identify the value of their data
Most organizations have no clear idea of the value of the data they hold on themselves and their customers. According to technology research and consulting firm Gartner, 30 percent of chief data and analytics officers (CDAOs) say that their top challenge is the inability to measure data, analytics, and AI's impact on business outcomes. Gartner also reports that only 22 percent of organizations surveyed have defined, tracked, and communicated business impact metrics for the bulk of their data and analytics (D&A) use cases. “There is a massive value vibe around data, where many organizations talk about the value of data, desire to be data-driven, etc., but there are few who can substantiate it,” said Michael Gabbard, senior director analyst at Gartner.
Bucket shop bargains for cybercriminals
Researchers have revealed current vulnerabilities in Amazon’s data storage services, the knock-on effect of which could potentially result in the biggest supply-chain attack in the internet’s history. In November 2024, watchTowr Labs decided to show how a significant Internet-wide supply-chain attack could be caused by abandoned infrastructure left unattended and forgotten on the internet. The researchers chose to focus on an Amazon business data storage service, known as ‘S3 buckets’.
The data currency time bomb
Corporations are not only amassing huge amounts of personal data on their customers as never before but also trading that data, frequently without the customer’s knowledge. As yet, the general public is largely unaware of the uses to which their personal information is being put or whose hands it ends up in. At the same time, companies holding the data must tread an increasingly complex regulatory minefield. According to Chris Diebler, Security VP at cybersecurity company DataGrail: “Companies are all terrified of not having enough data as data is the new currency. However, companies need to think seriously about reducing these vast mountains of data. The value of data must be balanced against the cost and security risk of maintaining it." Companies that fail to secure personal data effectively or trade customer data with third parties face considerable potential brand damage when the details are obtained by bad actors and they suffer identity theft or financial fraud as a consequence.
Disgruntled ex-Disney employee highlights insider threat
The Walt Disney Company, which has long had a history of troubled labor relations, recently found itself the victim of a disgruntled former employee. According to an affidavit in support of a criminal complaint against the former employee, Michael Scheuer, Disney discovered a security breach allegedly used to make its menus unusable, together with the redirection of QR codes to direct Disney customers to a website calling for a boycott of Israel. More seriously, it alleged that the threat actor manipulated allergen information on Disney menus, indicating that certain menu items were safe for people with peanut allergies when, in fact, they could have been potentially deadly for some diners. Scheuer is also alleged to have conducted denial of service attacks on four former colleagues and to have paid visits outside the home of one of them.
Marriott to pay $52m fine for 300m customer data breaches
Marriott International has agreed to pay a $52 million fine for cyber-negligence resulting in data breaches affecting over 300 million of its customers worldwide, representing a fine of less than two cents per customer. The US Federal Trade Commission and attorney generals from 49 states ran parallel investigations into three data breaches which took place between 2014 and 2020. Cybercriminals were able to steal the passport information, payment card numbers, loyalty numbers, dates of birth, email addresses plus personal information from hundreds of millions of customers.
US Data Compromises Double Year-on-Year
It's official – the US is losing the battle against cybercrime. The first quarter of this year has seen 841 publicly reported data compromises - a 90 percent increase compared to 442 compromises in Q1 2023. According to the Identity Theft Resource Center (ITRC), the picture may be even grimmer than these bald statistics suggest. Year-on-year, the number of cyberattack-related data breach notices without information about the root cause of the attack leapt from 166 in Q1 2023 to 439 in Q1 2024. This represents a staggering rise of 265 percent in unsolved data breaches.