Security News

A threat actor who goes by the online moniker “Nam3L3ss” has leaked employee data belonging to a number of corporations – including Amazon, 3M, HSBC and HP – ostensibly compromised during the May...

Nokia's investigation of recent claims of a data breach found that the source code leaked on a hacker forum belongs to a third party and company and customer data has not been impacted. [...]

An affiliate of the Mallox ransomware operation, also known as TargetCompany, was spotted using a slightly modified version of the Kryptina ransomware to attack Linux systems. [...]

Would paying a ransom - or better security - have been cheaper and safer? A US healthcare giant will pay out $65 million to settle a class-action lawsuit brought by its own patients after...

It wasn't until earlier this month that a user named "Fenice" leaked 2.7 billion unencrypted records on the dark web site known as "Breached," in the form of two csv files totalling 277GB. These did not contain phone numbers and email addresses, and Fenice said that the data originated from SXUL. As individuals will each have multiple records associated with them, one for each of their previous home addresses, the breach does not expose information about 2.7 billion different people. Must-read security coverage What security experts are saying about the breach Why are the National Public Data records so valuable to cyber criminals?

Flight tracking platform FlightAware is asking some users to reset their account login passwords due to a data security incident that may have exposed personal information. [...]

Former US president Donald Trump's re-election campaign has claimed it's been the victim of a cyber attack. The claim was made after US outlet Politico reported an anonymous email account sent it a dossier of information sourced from within the campaign operation, but the entity who sent the docs declined to explain how they came by the info.

ADT Inc. disclosed via a Form 8-K filing at the U.S. Securities and Exchange Commission (SEC) that hackers have gained access to its systems, which hold customer order details. [...]

Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index, and the Python Software Foundation. The implications of someone finding this leaked token could be extremely severe.

A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. Known only by their 'emo' handle, they said the unsecured API endpoint used to steal the data provided an easy way to verify each impacted user's email address, name, and phone number. According to the threat actor, Life360 has since fixed the API flaw, and additional requests now return a placeholder phone number.