Blog

Yesterday, DataBreaches reported on SNAtch Team and how they were not a ransomware gang or using what had been referred to as the Snatch locker or ransomware. In that report, DataBreaches included a description provided by their spokesperson about their attack on the South Africa Department of Defense — an attack that SANDF initially dismissed […]

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Adapting authentication to a cloud-centric landscape In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the […]

Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack […]

Nidhi Gani is a seasoned regulatory affairs professional with over a decade of experience in cybersecurity, medical devices, and digital health. She’s worked with devices ranging from heart and lung machines to rehabilitation devices. Nidhi works at Embecta as a Regulatory Affairs Software and Cybersecurity and is a Cybersecurity Fellow at the Archimedes Center for […]

Brian Krebs reports: Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only […]

Lorenzo Franceschi-Bicchierai reports on yet another incident in which responsible disclosure by a researcher and follow-up by media failed to get a company to address vulnerabilities that left the personal information of customers exposed: A company that makes a chastity device for people with a penis that can be controlled by a partner over the […]

Kudos to the North Mississippi Health Services for rapid detection and interruption of a phishing attack. In a website notice dated September 1, NMHS explains that on July 3, they discovered unauthorized access through an employee’s email account after a phishing email was unintentionally opened. “Our Security Operation Committee (SOC) promptly shut down the system, […]

This has not been a great year for Australian citizens whose personal information has been compromised in a number of cyberattacks. Although DataBreaches regrets being the bearer of more bad news for them, more than one million customers of Pizza Hut Australia appear to have had their data acquired by ShinyHunters. According to “Shiny” (@shinycorp), […]

In July, DataBreaches reported a data breach involving the plastic surgery practice of Gary Motykie, M.D. The incident, which appeared to be a hack with an extortion demand, had been reported to the Maine Attorney General’s Office, but an upset patient had also contacted NBC News in Los Angeles to reveal that a leak site […]

Here’s a look at the most interesting products from the past month, featuring releases from: Action1, Adaptive Shield, Bitdefender, Bitwarden, Forescout, ImmuniWeb, Kingston Digital, LastPass, Lineaje, LOKKER, Menlo Security, MongoDB, Netskope, NetSPI, OffSec, Qualys, SentinelOne, Solvo, SonarSource, SpecterOps, Synopsys, ThreatConnect, Traceable AI, and Vicarius. NetSPI launches ML/AI Pentesting solution to help organizations build more secure […]