Security News

In order to examine how enterprises, their business partners and consumers are faring with digital trust, DigiCert commissioned the DigiCert 2022 State of Digital Trust survey. All of enterprises surveyed say digital trust is important.

Since July 22nd, 2022, threat actors and data breach collectors have been selling and circulating large data sets of scraped Twitter user profiles containing both private and public data on various online hacker forums and cybercrime marketplaces. These data sets were created in 2021 by exploiting a Twitter API vulnerability that allowed users to input email addresses and phone numbers to confirm whether they were associated with a Twitter ID. The threat actors then used another API to scrape the public Twitter data for the ID and combined this public data with private email addresses/phone numbers to create profiles of Twitter users.

LastPass says attackers got users' info and password vault dataThe information couldn't come at a worst time, as businesses are winding down their activities and employees and users are thick in the midst of last-minute preparations for end-of-year holidays. New Microsoft Exchange exploit chain lets ransomware attackers inRansomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities to achieve remote code execution on Microsoft Exchange servers.

Microsoft warned today that it will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. "Beginning in early January, we will send Message Center posts to affected tenants about 7 days before we make the configuration change to permanently disable Basic auth use for protocols in scope," The Exchange Team said on Tuesday.

Advertisers have responded by pioneering a new method for tracking users across the Web, known as user ID smuggling, which does not require third-party cookies. Researchers at UC San Diego have for the first time sought to quantify the frequency of UID smuggling in the wild, by developing a measurement tool called CrumbCruncher.

Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident. Early Saturday morning, a threat actor named 'UberLeaks' began leaking data allegedly stolen from Uber and Uber Eats on a hacking forum known for publishing data breaches.

As the holiday season approaches, online shopping and gift-giving are at the top of many people's to-do lists. But before you hit the "buy" button, it's important to remember that this time of...

Scammers have scammed their fellow cybercriminals out of more than $2.5 million on three dark web forums alone over the last 12 months, according to Sophos researchers. In a Black Hat Europe session, Sophos threat hunters detailed their investigation, which examined scams on two well-established Russian-language marketplaces, Exploit and XSS. They also looked at BreachForums, which launched in April 2022 after a Europol-led operation shut down the earlier version of the stolen-data souk, RaidForums.

Over 5.4 million Twitter user records containing non-public information stolen using an API vulnerability fixed in January have been shared for free on a hacker forum. Last July, a threat actor began selling the private information of over 5.4 million Twitter users on a hacking forum for $30,000.

The state-sponsored cyber programs of China, Russia, Iran, and North Korea continue to pose the greatest strategic cyber threat to Canada. From a government cybersecurity perspective, Canada has a robust framework and clear governance mechanisms to support the defense of government networks against cyber attacks.