Security News

Manga scanlation site MangaDex disclosed a data breach last week after learning that the site's user database was privately circulating among threat actors. In March, MangaDex was hacked, and a threat actor claimed to have stolen the site's source code and its database, which they said had not been published anywhere.

A Microsoft 365 outage is preventing Exchange Online users from sending and receiving emails, with messages being stuck in transit and not reaching the recipients' inboxes. "We're investigating a potential issue with Exchange Online mailflow in North America," Microsoft shared on the company's Microsoft 365 Status Twitter account.

"Before my arrival at ManoMano, security was managed individually by each team at the company. There was no security team per se, no unique strategy and no clear security framework. Everyone's approach was very operational, which worked but kept the security stature at a level that was acceptable and functional," he told Help Net Security. "First of all, there had to be a focus on communication and open collaboration - I needed to listen and watch, understand the business challenges and security risks that were present at that time. Secondly, I focused on presenting a clear vision of the strategy across the business, laying out a concrete action plan with desired results. Finally, I immediately started thinking about the recruitment of new talent so we could build a smashing security team."

Personal data from more than 500 million LinkedIn users has been posted for sale online in yet another incident of threat actors scraping data from public profiles and slinging it online for potential cybercriminal misuse. Hackers posted an archive containing data they said includes LinkedIn IDs, full names, professional titles, email addresses, phone numbers and other personally identifiable information on a popular hacker forum, according to a report in CyberNews on Tuesday.

A massive trove of LinkedIn account data has been found for sale online, containing 500 million user records including email addresses, phone numbers, links to other social media profiles and professional details. CyberNews researchers were able to confirm that the data contained in the sample was legitimate, but added that " it's unclear whether the threat actor is selling up-to-date LinkedIn profiles, or if the data has been taken or aggregated from a previous breach suffered by LinkedIn or other companies.

In what's likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free-which was harvested by hackers in 2019 using a Facebook vulnerability. The leaked data includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country, marital status broken, account creation date, and other profile details broken down by country, with over 32 million records belonging to users in the U.S., 11 million users the U.K., and six million users in India, among others.

After a shared Google Drive was posted online containing the private videos and images from hundreds of OnlyFans accounts, a researcher has created a tool allowing content creators to check if they are part of the leak. While OnlyFans is promoted as a way for celebrities and social influencers to share their content, it is also heavily used to share adult-themed content with fans who pay to access it.

The publicly released Facebook user data is believed to be part of a 2019 "Add Friend" Facebook security bug exploited by hackers at the time. The types of data include Facebook user mobile phone numbers, their Facebook ID, name and gender information.

Retailers around the world are increasing their fraud teams and budgets because of a significant rise in all types of online fraud during the pandemic, a research by Ravelin finds. 72% of retail brands around the world expect to grow fraud teams in the next year, while 76% predict their budget to tackle fraud will increase in the next 12 months - with 20% expecting a "Significant" increase.

A bipartisan group of US senators on Friday sent letters to major digital ad exchanges, including Google and Twitter, asking whether user data was sold to foreign entities who could use it for blackmail or other malicious ends. In the real-time bidding process to decide which personalized ads a user sees when a web page loads, hundreds of businesses receive a user's personal information, including search history, IP address, age and gender.