Security News > 2021
Threat actors are constantly targeting new vulnerabilities in SAP applications within days after the availability of security patches, according to a joint report issued by SAP and Onapsis. Used within more than 400,000 organizations for resource planning, management of product lifecycle, human capital, and supply chain, and for various other purposes, SAP's applications represent an attractive target for adversaries.
Under The Breach also said back in January that someone had created a Telegram bot allowing users to query the database for a low fee, and enabling people to find the phone numbers linked to a large number of Facebook accounts. Many people may not consider their mobile phone number to be private information, but there is a world of misery that bad guys, stalkers and creeps can visit on your life just by knowing your mobile number.
Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, researchers are warning. "With more than 400,000 organizations using SAP, 77 percent of the world's transactional revenue touches an SAP system. These organizations include the vast majority of pharmaceutical, critical infrastructure and utility companies, food distributors, defense and many more."
Facebook users can now use the Have I Been Pwned data breach notification site to check if their phone number was exposed in the social site's recent data leak. This leak's main component is a Facebook user's phone number, rather than an email address, and thus Have I Been Pwned could not accurately alert a user if they were exposed in the breach.
The European Commission and several other European Union organizations were hit by a cyberattack in March, according to a European Commission spokesperson. "The Commission has set up a 24/7 monitoring services and is actively taking mitigating measures."
A Russian hacker has sold on a top-tier underground forum close to 900,000 gift cards with a total value estimated at $38 million. The database contained cards from thousands of brands and may originate from an older breach at the now-defunct discount gift card shop Cardpool.
The National College of Ireland and the Technological University of Dublin have announced that ransomware attacks hit their IT systems. NCI is currently working on restoring IT services after being hit by a ransomware attack over the weekend that forced the college to take IT systems offline.
A massive trove of LinkedIn account data has been found for sale online, containing 500 million user records including email addresses, phone numbers, links to other social media profiles and professional details. CyberNews researchers were able to confirm that the data contained in the sample was legitimate, but added that " it's unclear whether the threat actor is selling up-to-date LinkedIn profiles, or if the data has been taken or aggregated from a previous breach suffered by LinkedIn or other companies.
ThreatQuotient, a threat intelligence and security operations platform provider, has closed $22.5 million in new financing through a combination of equity and debt financing. In total, ThreatQuotient has now raised $60 million in equity plus a debt facility.
A report published Tuesday by security provider Keeper Security looks at the pitfalls of mismanaged passwords and offers tips on how to improve the password habits of your employees. For its "Workplace Password Malpractice Report," Keeper Security surveyed 1,000 full-time workers in the U.S. about their password habits.