Security News

T-Mobile US fined $31.5M for network security breaches between 2021 and 2023
2024-09-30 21:59

At least seven intrusions in five years? Yeah, those promises of improvement more than 'long overdue' T-Mobile US has agreed to fork out $31.5 million to improve its cybersecurity and pay a fine...

Illinois relaxes biometric privacy law so snafus won't cost businesses billions
2024-08-06 02:45

The US state of Illinois has reduced penalties for breaches of its tough Biometric Information Privacy Act. The first version of BIPA, which came into force in 2008, prohibited orgs doing business in Illinois from acquiring, using, storing, and sharing people's biometric data - think retina scans, face scans, fingerprints, and voiceprints - by any means without proper disclosure and consent.

ZDI shames Microsoft for – yet another – coordinated vulnerability disclosure snafu
2024-07-15 15:00

Exclusive A Microsoft zero-day exploit that Trend Micro's Zero Day Initiative team claims it found and reported to Redmond in May was disclosed and patched by the Windows giant in July's Patch Tuesday - but without any credit given to ZDI. The flaw, tracked as CVE-2024-38112, is in MSHTML - Microsoft's proprietary browser engine for Internet Explorer. This entire series of unfortunate events not only highlights problems with Microsoft's bug reporting program, but also the coordinated vulnerability disclosure process in general, according to Childs.

Hudson Rock yanks report fingering Snowflake employee creds snafu for mega-leak
2024-06-04 02:25

Snowflake said if any customer data was taken from its servers, it may have been obtained by thieves who got hold of individual customers' account credentials - via targeted phishing, some other leak, or malware, for example - and not by a general compromise of Snowflake's security. On Friday, in its now-deleted write-up, Hudson Rock wrote that data thieves claimed to have signed into a Snowflake employee's ServiceNow work account and used this access to siphon databases belonging to as many as 400 Snowflake corporate clients.

Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error
2024-02-07 13:29

NVD published two advisories this week for critical command injection vulnerabilities purportedly impacting Fortinet's FortiSIEM products, but there's more to what meets the eye. BleepingComputer has confirmed that these CVEs are not "New," but duplicates of a previously known FortiSIEM vulnerability and were issued in error.

Bloomberg Crypto X account snafu leads to Discord phishing attack
2023-11-17 23:01

The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link to a Telegram channel with 14,000 members, further pushing visitors to join a fake Bloomberg Discord server with 33,968 members.

Cybersecurity snafu sends British Library back to the Dark Ages
2023-10-31 14:16

Internet, phone lines, websites, and more went down on Saturday morning The British Library has confirmed to The Register that a "cyber incident" is the cause of a "major" multi-day IT outage.…

University cuts itself off from internet after mystery security snafu
2023-08-29 21:37

The University of Michigan has isolated itself from the internet but, hey, everything's fine! The institute's president on Tuesday published a letter to the school community thanking everyone for their patience as technical staff work to restore internet access following an undisclosed security incident.

Reddit reveals security incident that looks more SNAFU than TIFU
2023-02-10 01:29

Colourful web forum Reddit has revealed it has suffered a security breach. Here's what we know Reddit's founding engineer and CTO "KeyserSosa" - aka Christopher Slowe - explained that late on February 5th "We became aware of a sophisticated phishing campaign that targeted Reddit employees."

The 10 worst password snafus of 2021
2021-12-14 16:48

Dashlane's sixth annual list of the year's worst password offenders reveals the biggest password security mishaps for 2021. A weak password can create far more trouble for an organization that holds user data and other sensitive information.