Security News

AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs
2024-04-16 13:26

New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant...

Chipmaker Nexperia confirms breach after ransomware gang leaks data
2024-04-15 16:00

Dutch chipmaker Nexperia confirmed late last week that hackers breached its network in March 2024 after a ransomware gang leaked samples of allegedly stolen data. In a press statement on Friday, the company disclosed a data breach that forced it to shut down IT systems and launch an investigation to determine the scope of impact.

Hacker claims Giant Tiger data breach, leaks 2.8M records online
2024-04-13 14:00

Canadian retail chain Giant Tiger disclosed a data breach in March 2024.A threat actor has now publicly claimed responsibility for the data breach and leaked 2.8 million records on a hacker forum that they claim are of Giant Tiger customers.

Home Depot confirms worker data leak after miscreant dumps info online
2024-04-08 18:01

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Week in review: 73M customers affected by AT&T data leak, errors led to US govt inboxes compromise
2024-04-07 08:00

How Google plans to make stolen session cookies worthless for attackersGoogle is working on a new security feature for Chrome called Device Bound Session Credentials, meant to prevent attackers from using stolen session cookies to gain access user accounts. A "Cascade" of errors let Chinese hackers into US government inboxesMicrosoft still doesn't known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials.

Feds probe alleged classified US govt data theft and leak
2024-04-04 18:20

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Shopping platform PandaBuy data leak impacts 1.3 million users
2024-04-01 15:00

Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems. According to data breach aggregation service Have I Been Pwned, 1,348,407 PandaBuy accounts have been exposed in the breach.

New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking
2024-03-29 10:49

Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the...

INC Ransom threatens to leak 3TB of NHS Scotland stolen data
2024-03-27 17:59

The INC Ransom extortion gang is threatening to publish three terabytes of data allegedly stolen after breaching the National Health Service of Scotland. In a post yesterday, the cybercriminals shared multiple images containing medical details and said that they would leak data "Soon," unless the NHS pays a ransom.

New GoFetch Vulnerability in Apple’s M Chips Allows Secret Keys Leak on Compromised Computers
2024-03-26 13:00

The newly exposed GoFetch vulnerability affecting Apple's M1, M2 and M3 chips lets an attacker exfiltrate secret keys from cryptographic applications on a targeted system. DMPs - in contrast to classical prefetchers that only store the memory access pattern - "Also take into account the contents of data memory directly to determine what to prefetch," as written in the publication from Boru Chen, Yingchen Wang, Pradyumna Shome, Christopher W. Fletcher, David Kohlbrenner, Riccardo Paccagnella and Daniel Genkin that reveals all of the details about the GoFetch vulnerability.