Data Breaches Cyber Security News

Nokia is currently investigating claims of a significant data breach after a notorious hacker known as IntelBroker announced the sale of allegedly stolen source code and sensitive information. The hacker, in collaboration with another threat actor called EnergyWeaponUser, claims to have obtained a substantial collection of Nokia’s proprietary data through a third-party contractor directly involved The post Nokia Investigating Data Breach, IntelBroker Allegedly Selling Source Code appeared first on Cyber Security News.

Hardcoded credentials are often found in source code and refer to the practice of embedding “plain text passwords” and other “sensitive information” directly into applications. Once the hardcoded credentials are compromised can allow unauthorized access to multiple systems and devices that share the “same default passwords,” which leads to widespread vulnerabilities and potential cyberattacks. Cybersecurity The post Hardcoded Creds In Popular Apps Put Millions Of Android And iOS Users At Risk appeared first on Cyber Security News.

The administrators behind the infamous dark web data breach forum, BreachForums, have been exposed. Established in March 2022, BreachForums quickly became a hub for cybercriminals trading in stolen data. The forum has seen a series of administrators, each with their own fate, as detailed below. BreachForums has been a target of extensive law enforcement efforts. The post New Exclusive Report Reveals Administrators Of BreachForums appeared first on Cyber Security News.

A hacking forum post has surfaced, claiming that Oracle Corporation, a leading multinational computer technology company, has suffered a data breach. The alleged breach reportedly occurred in September 2024 and involved the exposure of 4,002 rows of employee information. The post by a user with the handle “888” on BreachForums suggests that the breach resulted The post Hackers Allegedly Claim Leak of Oracle Data on Hacking Forum appeared first on Cyber Security News.

A Twitter account known as DarkWebInformer has claimed that a notorious hacker, identified only by the alias “888,” has allegedly leaked sensitive data belonging to SAP employees. A member of BreachForums has claimed responsibility for leaking an employee database purportedly belonging to SAP SE, one of the world’s leading enterprise software companies. The leak reportedly The post Threat Actor 888 Allegedly Claims Leak of SAP Employees Data appeared first on Cyber Security News.

The Slim CD, Inc., a prominent payment processing gateway for US and Canadian merchants, has disclosed a data breach affecting approximately 1.7 million users. The unauthorized access between August 17, 2023, and June 15, 2024, potentially exposed sensitive credit card information of customers whose payments were processed through Slim CD’s electronic payment system. The company The post Payment Gateway Platform SLIM CD Data Breach, 1.7 Million Users Data Exposed appeared first on Cyber Security News.

The Federal Trade Commission (FTC) has announced that security camera firm Verkada will pay a $2.95 million penalty following allegations of inadequate data security practices. This settlement follows a massive data breach that exposed sensitive information from thousands of internet-connected security cameras. FTC’s Allegations and Legal Action The FTC’s complaint, filed by the Department of The post Verkada pay $2.95 Million Failed to Secure Data Lead to Massive Breach appeared first on Cyber Security News.

Hackers abuse Google Sheets to covertly store and transmit stolen data or execute malicious scripts, taking advantage of its trusted platform status and collaboration features. Cybersecurity researchers at Proofpoint identified an unusual campaign in August 2024 involving the use of new attack chain steps to deploy custom malware called ‘Voldemort.’ The attack sequence temporally incorporates The post New Voldemort Malware Using Google Sheets To Store Stolen Data appeared first on Cyber Security News.

A sophisticated extortion campaign targeted 110,000 domains by exploiting exposed .env files on unsecured web applications. The attackers obtained AWS IAM access keys from these files, which allowed them to create new IAM roles and policies with unlimited access.  This escalated their privileges, enabling them to steal data and ransom cloud storage. The exposed .env The post Hackers Exploited AWS ENV Files to Attack 110,000 Domains & Steal Credentials appeared first on Cyber Security News.

A complex large-scale campaign was detected by Unit 42 researchers that manipulated and extorted several organizations using cloud systems.  Security analysts discovered this massive, large-scale cyber attack on AWS cloud environments had over 230 million unique targets. The attackers crafted a smart tactic of exploiting exposed environment variable (.env) files on misconfigured cloud infrastructures. These The post Massive Cyber Attack On AWS Cloud Environment with 230 Million Unique Targets appeared first on Cyber Security News.