Security News > 2021 > April

Under The Breach also said back in January that someone had created a Telegram bot allowing users to query the database for a low fee, and enabling people to find the phone numbers linked to a large number of Facebook accounts. Many people may not consider their mobile phone number to be private information, but there is a world of misery that bad guys, stalkers and creeps can visit on your life just by knowing your mobile number.

Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, researchers are warning. "With more than 400,000 organizations using SAP, 77 percent of the world's transactional revenue touches an SAP system. These organizations include the vast majority of pharmaceutical, critical infrastructure and utility companies, food distributors, defense and many more."

Facebook users can now use the Have I Been Pwned data breach notification site to check if their phone number was exposed in the social site's recent data leak. This leak's main component is a Facebook user's phone number, rather than an email address, and thus Have I Been Pwned could not accurately alert a user if they were exposed in the breach.

The European Commission and several other European Union organizations were hit by a cyberattack in March, according to a European Commission spokesperson. "The Commission has set up a 24/7 monitoring services and is actively taking mitigating measures."

A Russian hacker has sold on a top-tier underground forum close to 900,000 gift cards with a total value estimated at $38 million. The database contained cards from thousands of brands and may originate from an older breach at the now-defunct discount gift card shop Cardpool.

The National College of Ireland and the Technological University of Dublin have announced that ransomware attacks hit their IT systems. NCI is currently working on restoring IT services after being hit by a ransomware attack over the weekend that forced the college to take IT systems offline.

A massive trove of LinkedIn account data has been found for sale online, containing 500 million user records including email addresses, phone numbers, links to other social media profiles and professional details. CyberNews researchers were able to confirm that the data contained in the sample was legitimate, but added that " it's unclear whether the threat actor is selling up-to-date LinkedIn profiles, or if the data has been taken or aggregated from a previous breach suffered by LinkedIn or other companies.

ThreatQuotient, a threat intelligence and security operations platform provider, has closed $22.5 million in new financing through a combination of equity and debt financing. In total, ThreatQuotient has now raised $60 million in equity plus a debt facility.

A report published Tuesday by security provider Keeper Security looks at the pitfalls of mismanaged passwords and offers tips on how to improve the password habits of your employees. For its "Workplace Password Malpractice Report," Keeper Security surveyed 1,000 full-time workers in the U.S. about their password habits.

A sub-group of the 'Molerats' threat-actor has been using voice-changing software to successfully trick targets into installing malware, according to a warning from Cado Security. In recent attacks targeting political opponents, APT-C-23 appears to have taken the spear-phishing to a new level, through the use of voice-changing software to pose as women.