Articles about Security breach

Wyze customers experienced a service disruption last Friday morning due to an outage originating from their partner, Amazon Web Services (AWS). This incident temporarily disabled Wyze devices, preventing users from accessing live camera feeds and event recordings. The company has since apologized for the inconvenience this caused.

During efforts to restore camera functionality, a security issue emerged. Approximately 13,000 Wyze users inadvertently received thumbnails from cameras that were not their own, and 1,504 users interacted with these thumbnails. In some instances, users were able to view event videos from other accounts. Wyze has confirmed that all affected users have been notified and reassured that the majority of accounts remained unaffected.

Continue reading →

Businesses rely heavily on technology to drive operational efficiency. While this has benefits, it also brings with it challenges and risks, particularly in the realm of cybersecurity. As cyber threats continue to be a persistent concern for businesses there has been a marked surge in demand for cyber insurance as companies recognize the importance of financial protection in the face of data breaches, ransomware attacks, and other cybersecurity incidents. However, as the threat landscape evolves, so does the landscape of cyber insurance, with insurers raising the bar on their security requirements. 

While this is a concern for businesses that want to ensure that they are insured against potential security risks, there are a few considerations that can help improve their risk profile ahead of a potential breach or attack. Fundamental to this is cyber resilience within the broader framework of operational resilience.

Continue reading →

When it comes to Linux-based operating systems, users don’t have to worry about security, right? Umm, no. Linux distributions are not infallible. For instance, according to a forum post, Canonical's Snap Store recently hit a big security snag when users discovered some new snaps that might contain harmful code. This scary moment shows how even trusted places like app stores can have problems that could hurt users.

Reacting quickly, the Snap Store team removed these bad snaps from the platform, making sure no one else could find or install them. But they didn't stop there.

Continue reading →

Swap-unwanted-stuff-for-free site Freecycle has acknowledged a security breach that took place at the end of last month. Hackers were able to access a wealth of data including usernames, User IDs, email addresses and passwords.

The organization says that it has notified the "appropriate US authorities" of the incident, as well as the Information Commissioner's Offier (ICO) in the UK. Few details of what happened have been revealed, but Freecycle is advising all members to change their account passwords as a security measure.  

Continue reading →

The oil and gas sector remains a crucial pillar of the global economy, an industry that supports not only millions of jobs worldwide but also underpins essential energy provisions for homes, businesses, and transportation networks.

Yet, as digital technology continues to pervade this sector, oil and gas companies are increasingly being exposed to critical cyber threats. The industry's increasing dependence on digital systems has escalated the importance of robust cybersecurity strategies, presenting an array of unprecedented challenges.

Continue reading →

Computer maker MSI has confirmed that it fell victim to a security breach, confirming rumors that sprang up in recent days. The Taiwanese company says that it "suffered a cyberattack on part of its information systems", and has warned customers to exercise caution when downloading BIOS and firmware updates for its products.

Although MSI has shared little in the way of detail about the incident, the confirmation comes after the ransomware group Money Message was said to have breached the company's defenses. The group has made demands for $4 million with the threats of leaking stolen files.

Continue reading →

Given the ever-changing trends in cloud computing, security, and more, it can be difficult to plan for the road ahead. However, anticipating new developments, both within your organization and the wider industry, is vital if you want to stay prepared and maximize ROI. 

Data is one of a business’ greatest assets, and its role, size and value is only going to increase in 2023 and beyond. Cybersecurity Ventures suggests total global data storage is expected to exceed 200 zettabytes by 2025, with a ransomware attack precited to impact a business, consumer or device every two seconds by 2031, properly securing your data is paramount.

Continue reading →

Reddit has fallen victim to a security incident that has been described as a "sophisticated and highly-targeted phishing attack". Hackers targeted employees of the site a few days ago, and were able to gain access to "some internal documents, code, and some internal business systems".

The unknown attackers sent Reddit employees "plausible-sounding prompts" leading to a website that cloned the behavior of the company's intranet gateway. While able to use an employee's credentials to steal data and code, user accounts are not affected.

Continue reading →

GitHub has issued a warning about "unauthorized access to a set of repositories used in the planning and development of GitHub Desktop and Atom" in a hack that took place back in December.

Users are being advised to ensure that they install the latest updates for the affected software, but there is currently no suggestion that GitHub.com has been impacted. With the attackers having stolen code signing certificates, GitHub is revoking the certificates for some versions of Atom and GitHub Desktop on February 2, so users should update before this date.

Continue reading →

League of Legends publisher Riot Games has announced that it suffered a security breach last week. While it is not clear precisely what was compromised in the social engineering-driven attack, the company says that personal information and player data was not accessed by the hackers.

The impact of the hack is that key updates and patches for numerous titles will be delayed. In addition to League of Legends, games including Teamfight Tactics have also been affected, forcing developers to change the release schedule for hotfixes.

Continue reading →

Yesterday PayPal began sending out data breach notifications to thousands of its users who have had their accounts accessed via credential stuffing attacks which exposed some personal data.

BleepingComputer reports that almost 35,000 accounts were compromised in the attack which took place between December 6 and December 8, 2022.

Continue reading →

The company behind NortonLifeLock, Gen Digital, has issued a warning to customers about a security breach that took place in December. Hackers used a credential-stuff attack to gain access to hundreds of thousands of Norton Password Manager accounts.

Gen Digital says that its own systems were not compromised, but warns affected customers that "we strongly believe that an unauthorized third party knows and has utilized your username and password for your account".

Continue reading →

Despite the endless amount of information that is available on cyber security and ransomware, alongside technology providers waxing lyrical about breach prevention, the view that "it’ll never happen to us" is still prevalent -- not just among smaller businesses, but surprisingly in bigger organizations too.

So, when the breach actually happens, and the bad actors demand a ransom, frequently, organizations’ reflex reaction is to make the ransom payment as a way of "making it go away".

Continue reading →

While 97 percent of business leaders and security professionals say their organization is as prepared or more prepared to defend against cybersecurity attacks than they were a year ago, one in five wouldn't bet a chocolate bar that they could prevent a damaging breach.

Ivanti surveyed 6,500 executive leaders, cybersecurity professionals, and office workers to understand their perception of today's cybersecurity threats and find out how companies are preparing for future threats.

Continue reading →

Dropbox has revealed details of a phishing attack to which it fell victim. In the attack, a threat actor was able to steal code from the company after gathering employee credentials to GitHub repositories.

The security breach took place in the middle of last month, with GitHub notifying Dropbox of suspicious account activity on October 14. The cloud storage company says that the code that was accessed "contained some credentials -- primarily, API keys -- used by Dropbox developers" but insists that "no one's content, passwords, or payment information was accessed", and that its core apps and infrastructure were unaffected.

Continue reading →