Security News
EMBA: Open-source security analyzer for embedded devicesThe EMBA open-source security analyzer is tailored as the central firmware analysis tool for penetration testers and product security groups. SSH vulnerability exploitable in Terrapin attacksSecurity researchers have discovered a vulnerability in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection's security by truncating the extension negotiation message.
Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. "We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained some limited types of customer information," warns the Mint Mobile data breach notification.
Ubisoft is investigating whether it suffered a breach after images of the company's internal software and developer tools were leaked online. Ubisoft is a French video game publisher known for well-known titles, including Assassin's Creed, FarCry, Tom Clancy's Rainbow Six Siege, and the new Avatar: Frontiers of Pandora.
John Hanley of IBM Security shares 4 key findings from the highly acclaimed annual Cost of a Data Breach Report 2023 What is the IBM Cost of a Data Breach Report? The IBM Cost of a Data Breach...
ESO Solutions, a provider of software products for healthcare organizations and fire departments, disclosed that data belonging to 2.7 million patients has been compromised as a result of a ransomware attack. The exact types of data exposed vary per individual, depending on the details the patients provided to the healthcare organizations using ESO's software and the care services they received.
Mortgage company Mr. Cooper has confirmed that personal information of over 14.6 million customers has been exposed in its October 2023 data breach. "On October 31, 2023, Mr. Cooper detected suspicious activity in certain network systems," the company stated in the data breach notice sent out to affected customers.
Following an investigation into the impact of the security breach, Xfinity discovered on November 16 that the attackers also exfiltrated data belonging to 35,879,455 people from its systems."To protect your account, we have proactively asked you to reset your password. The next time you login to your Xfinity account, you will be prompted to change your password, if you haven't been asked to do so already," the company says in a data breach notice published on its website.
Following an investigation into the impact of the security breach, Xfinity discovered on November 16 that the attackers also exfiltrated data belonging to an undisclosed number of customers from its systems. "After additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords; for some customers, other information may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, the data analysis is continuing," the company said.
Mr. Cooper is sending data breach notifications warning that a recent cyberattack has exposed the data of 14.7 million customers who have, or previously had, mortgages with the company.Mr. Cooper is a Dallas-based mortgage lending firm that employs approximately 9,000 people and has millions of customers.
Infosec in brief MongoDB on Saturday issued an alert warning of "a security incident involving unauthorized access to certain MongoDB corporate systems, which includes exposure of customer account metadata and contact information." At the time of posting, the NoSQL pioneer advised it was "Not aware of any exposure to the data that customers store in MongoDB Atlas." Atlas is the provider's multi-cloud database-as-a-service offering.