Security News
At least seven intrusions in five years? Yeah, those promises of improvement more than 'long overdue' T-Mobile US has agreed to fork out $31.5 million to improve its cybersecurity and pay a fine...
The US state of Illinois has reduced penalties for breaches of its tough Biometric Information Privacy Act. The first version of BIPA, which came into force in 2008, prohibited orgs doing business in Illinois from acquiring, using, storing, and sharing people's biometric data - think retina scans, face scans, fingerprints, and voiceprints - by any means without proper disclosure and consent.
Exclusive A Microsoft zero-day exploit that Trend Micro's Zero Day Initiative team claims it found and reported to Redmond in May was disclosed and patched by the Windows giant in July's Patch Tuesday - but without any credit given to ZDI. The flaw, tracked as CVE-2024-38112, is in MSHTML - Microsoft's proprietary browser engine for Internet Explorer. This entire series of unfortunate events not only highlights problems with Microsoft's bug reporting program, but also the coordinated vulnerability disclosure process in general, according to Childs.
Snowflake said if any customer data was taken from its servers, it may have been obtained by thieves who got hold of individual customers' account credentials - via targeted phishing, some other leak, or malware, for example - and not by a general compromise of Snowflake's security. On Friday, in its now-deleted write-up, Hudson Rock wrote that data thieves claimed to have signed into a Snowflake employee's ServiceNow work account and used this access to siphon databases belonging to as many as 400 Snowflake corporate clients.
NVD published two advisories this week for critical command injection vulnerabilities purportedly impacting Fortinet's FortiSIEM products, but there's more to what meets the eye. BleepingComputer has confirmed that these CVEs are not "New," but duplicates of a previously known FortiSIEM vulnerability and were issued in error.
The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link to a Telegram channel with 14,000 members, further pushing visitors to join a fake Bloomberg Discord server with 33,968 members.
Internet, phone lines, websites, and more went down on Saturday morning The British Library has confirmed to The Register that a "cyber incident" is the cause of a "major" multi-day IT outage.…
The University of Michigan has isolated itself from the internet but, hey, everything's fine! The institute's president on Tuesday published a letter to the school community thanking everyone for their patience as technical staff work to restore internet access following an undisclosed security incident.
Colourful web forum Reddit has revealed it has suffered a security breach. Here's what we know Reddit's founding engineer and CTO "KeyserSosa" - aka Christopher Slowe - explained that late on February 5th "We became aware of a sophisticated phishing campaign that targeted Reddit employees."
Dashlane's sixth annual list of the year's worst password offenders reveals the biggest password security mishaps for 2021. A weak password can create far more trouble for an organization that holds user data and other sensitive information.