From beyondmachines.net
Twitch platform fined by Turkey's Personal Data Protection Board for data breach
1 1
Turkey's data protection authority (KVKK) fined Twitch 2 million lira ($58,000) for inadequate security measures and delayed breach reporting after a data breach exposed 125 GB of data affecting 35,274 Turkish individuals, with the investigation revealing insufficient risk assessment and...
#infosec #incident #databreach #cybersecurity
1h ago
From beyondmachines.net
Claroty Team82 reports multiple vulnerabilities in OvrC Cloud, one critical
1 1
Multiple critical vulnerabilities were discovered in the OvrC cloud platform that could allow attackers to take control of approximately 10 million IoT devices through various attack vectors (including authentication bypass, device hijacking, and code execution), with the most severe being...
#infosec #Advisory #cybersecurity #vulnerability
18h ago
From beyondmachines.net
RBN Insurance Services reports data breach exposing 10k
1 1
A data breach at RBN Insurance Services, discovered in May 2024, involved unauthorized access to an employee's email account from March to May 2024, exposing sensitive personal, financial, and medical information of 10,205 individuals, which was confirmed through investigation completed in...
#infosec #incident #databreach #cybersecurity
19h ago
From beyondmachines.net
Valuation firm Herron Todd White reports data breach
1 1
Herron Todd White (HTW) in Australia experienced a data breach affecting its commercial and agricultural property valuation platforms, leading major banks like Westpac, National Australia Bank, and Commonwealth Bank to suspend new valuation work with HTW. The details of the breach, including the...
19h ago
From beyondmachines.net
Michigan Otsego Public Schools report data breach from 2023
1 1
Otsego Public Schools in Michigan reported a data breach that occurred in October 2023 and was fully assessed by October 2024, where an overseas threat actor accessed their systems and compromised sensitive personal and financial data of staff (no students affected), leading the district to...
#infosec #incident #databreach #cybersecurity
20h ago
From beyondmachines.net
Critical flaw reported in end-of-life GeoVision devices, actively exploited by malware botnet
1 1
A critical vulnerability (CVE-2024-11120, CVSS 9.8) affecting end-of-life GeoVision surveillance devices is being exploited by a Mirai botnet variant to execute arbitrary commands without authentication, with approximately 17,000 vulnerable devices exposed globally (9,100 in US), and users are...
#infosec #Advisory #cybersecurity #vulnerability
21h ago
From beyondmachines.net
AnnieMac Home Mortgage reports data breach, 171K customers impacted
1 1
AnnieMac Home Mortgage reported a data breach affecting 171,000 customers that occurred in August 2024, exposing names and Social Security numbers through unauthorized access to their computer systems, with the company responding by offering affected individuals 12 months of free credit...
#infosec #incident #databreach #cybersecurity
23h ago
From beyondmachines.net
Critical RCE flaw reported in Palo Alto Networks Firewall Management interfaces
1 1
A critical zero-day vulnerability (PAN-SA-2024-0015, CVSS 9.3) in Palo Alto Networks' NGFW management interfaces is being actively exploited, affecting 8,700-11,180 exposed devices worldwide, and while patches are in development, organizations must immediately restrict management interface...
#infosec #Advisory #cybersecurity #vulnerability
on Sat, 10AM
From beyondmachines.net
Veeam patches 18 Flaws, 5 critical in its products
1 1
Veeam has released security patches addressing 18 high and critical vulnerabilities across multiple products, including critical remote code execution (RCE) flaws in Veeam Backup & Replication (CVE-2024-40711, CVSS score 9.8) and Veeam Service Provider Console (CVE-2024-38650, CVE-2024-39714,...
#infosec #Advisory #cybersecurity #vulnerability
on Sep 6
From beyondmachines.net
German Federal Statistical Office (Destatis) reports data breach
0 1
Germany's national statistics agency Destatis experienced a suspected data breach of their IDEV data-sharing system by pro-Russian Indonesian hackers who reportedly stole 3.8GB of business data and credentials, and while the portal has been taken offline and federal investigators engaged, the...
on Sat, 9AM
From beyondmachines.net
0 1
Adobe has released security patches across multiple products (Substance 3D Painter, Bridge, After Effects, Illustrator, InDesign, Photoshop, and Commerce) addressing numerous critical vulnerabilities (mostly CVSS 7.8) including buffer overflows, out-of-bounds writes, and memory leaks, and while...
on Fri, 3PM
From beyondmachines.net
CISA reports additional flaws actively exploited in Palo Alto Networks' Expedition migration tool
0 1
CISA warns of multiple critical vulnerabilities in Palo Alto Networks' Expedition migration tool being actively exploited, including two severe flaws (CVE-2024-9463 with CVSS 9.9 and CVE-2024-9465 with CVSS 9.3) plus a new unassigned RCE vulnerability, enabling attackers to execute root-level...
on Fri, 1PM
From beyondmachines.net
Significant security flaw discovered in PostgreSQL PL/Perl
0 1
A critical vulnerability in PostgreSQL's PL/Perl extension (CVE-2024-10979, CVSS 8.8) enables attackers to manipulate environment variables and potentially execute arbitrary code, affecting all versions before the latest minor releases (17.1, 16.5, 15.9, 14.14, 13.17, 12.21), with mitigation...
on Fri, 1PM
From beyondmachines.net
Data breach reported affecting Philippines eGovPH government digital services platform
0 1
A threat actor "GR3GG3M3RC3R" claims to have exploited a zero-day vulnerability in eGovPH (Philippines' government digital platform) to steal KYC information and official documents of 200,000 users, offering the data for $100,000 in Bitcoin, though while this follows an earlier attempted hack in...
on Fri, 12PM
From beyondmachines.net
Start-Rite reports data breach, exposing customer data
0 1
Start-Rite Shoes suffered a security breach through malicious third-party code on their website between October 14 and November 7, 2024, exposing customers' complete payment card details and personal information, and while the company has removed the malicious code and notified the ICO, the...
on Fri, 11AM
From beyondmachines.net
Familylinks reports cybersecurity incident, potential data breach
0 1
A breach of a Familylinks Inc. employee email account on May 3, 2024, potentially exposed sensitive personal, medical, and insurance information, and after a five-month investigation concluded on October 3, the Pittsburgh organization is notifying affected individuals and has established a...
on Fri, 9AM
From beyondmachines.net
Embargo ransomware gang claims breach of American Associated Pharmacies
0 1
The Embargo ransomware group claims to have breached American Associated Pharmacies, stealing 1.5TB of data and allegedly receiving $1.3 million for decryption while demanding an additional $1.3 million to prevent data leakage, and though the organization hasn't confirmed the attack, they've...
on Fri, 8AM
From beyondmachines.net
Critical flaw reported in Chartify WordPress Chart Plugin
0 1
A critical unauthenticated Local File Inclusion vulnerability in the Chartify WordPress Plugin (CVE-2024-10571, CVSS 9.8) is under massive active exploitation with over 2.2 million attacks blocked by Wordfence in 24 hours, and while a patch is available in version 2.9.6, all earlier versions...
on Thu, 4PM
From beyondmachines.net
Security flaws in Citrix Virtual Apps session recording component reported
0 1
Multiple vulnerabilities in Citrix Virtual Apps and Desktop's Session Recording component (CVE-2024-8068 and CVE-2024-8069) are being actively exploited, and while Citrix rates them as medium-severity requiring authenticated access, researchers claim they enable "point-click-full-takeover"...
on Thu, 4PM
From beyondmachines.net
YMCA of Central Florida reports data breach affecting 12,000 people
0 1
The YMCA of Central Florida experienced a data breach on May 20, 2024, compromising sensitive personal, financial, and health information of approximately 12,000 individuals, and following a four-month investigation, they're offering affected members 12 months of free credit monitoring services...
on Thu, 3PM
From beyondmachines.net
Multiple critical vulnerabilities reported in Schneider Electric Modicon controllers
0 1
Schneider Electric disclosed three critical vulnerabilities in their Modicon industrial controllers (two with CVSS 9.2, one with 8.3) that could allow attackers to execute arbitrary code through Man-in-the-Middle attacks, and while a firmware update (SV3.65) is available for M340 models, MC80...
on Thu, 2PM
From beyondmachines.net
DemandScience (Pure Incubation) data aggregator leaks over data of over 120 million people
0 1
A massive data breach at DemandScience exposed 132.8 million records containing sensitive business information from a decommissioned system, and while the company initially denied the breach, they were forced to acknowledge it after the threat actor "KryptonZambie" made the data freely available...
on Thu, 1PM
From beyondmachines.net
Event management company ASM Global Parent, Inc. reports breach of legacy systems
0 1
ASM Global Parent, Inc. detected unauthorized access to confidential files within their legacy systems on October 12, 2024, affecting subsidiaries SMG and AEG Facilities, and while the company has contained the breach and completed their investigation, they haven't disclosed the attack's nature,...
on Thu, 12PM
From beyondmachines.net
Mobile County Health Department reports cybersecurity incident, potential data breach
0 1
The Mobile County Health Department detected unauthorized network access on June 6, 2024, potentially exposing patients' names, identification numbers, and other undisclosed protected health information, and while they've implemented security measures and completed their investigation by...
on Thu, 11AM
From beyondmachines.net
Alltech Consulting Services leaks data of 216k people
0 1
Security researcher Jeremiah Fowler discovered an unsecured database exposing over 2.3 million records containing sensitive personal and professional information of approximately 216,000 job seekers through Alltech Consulting Services' IT recruitment platform, with H-1B visa holders particularly...
on Thu, 10AM
From beyondmachines.net
0 1
Ivanti has released patches for multiple critical vulnerabilities in their Endpoint Manager platform, including a severe unauthenticated SQL injection flaw (CVE-2024-50330, CVSS 9.8) enabling remote code execution, along with 16 other vulnerabilities ranging from path traversal to SQL injection...
on Thu, 8AM
From beyondmachines.net
The MOVEit comes back to bite the victims once more - now through data leaks
0 1
A new threat actor "Nam3L3ss" has begun freely sharing data stolen during the 2023 MOVEit Transfer attacks, exposing work contact information and organizational details from at least 25 major companies including Amazon, Delta Airlines, and HSBC through a dark web forum, and while most exposed...
on Wed, 10AM
From beyondmachines.net
0 1
Microsoft's November 2024 Patch Tuesday addresses 91 vulnerabilities, including four zero-days (two actively exploited: CVE-2024-43451 for NTLM hash disclosure and CVE-2024-49039 for Windows Task Scheduler privilege elevation), with the majority of fixes (52) targeting Remote Code Execution...
on Wed, 10AM
From beyondmachines.net
DDoS attack targets Israel's payment infrastructure
0 1
A one-hour DDoS attack on November 10th targeting Israel's Hyp Credit Guard payment gateway disrupted nationwide credit card processing across multiple sectors including healthcare, transportation, and retail, and while no financial data was reportedly compromised, an Iran-linked group has...
on Wed, 9AM
From beyondmachines.net
Icinga monitoring software reports and patches critical flaw
0 1
A critical vulnerability in Icinga 2's monitoring software (CVE-2024-49369, CVSS 9.8) enables attackers to bypass TLS certificate validation and potentially inject malicious configurations or execute unauthorized commands, and while patches are available across multiple platforms, the only...
on Tue, 9PM
From beyondmachines.net
Critical flaw reported in WPLMS Learning Management System for WordPress
0 1
A critical unauthenticated path traversal vulnerability (CVE-2024-10470, CVSS 9.8) in the WPLMS WordPress theme enables attackers to execute remote code and manipulate server files even when the theme is inactive, and while a fix is available in version 4.963, proof-of-concept exploit code is...
on Tue, 2PM
From beyondmachines.net
Ahold Delhaizе hit by cyberattack
0 1
Ahold Delhaize USA, which operates major grocery chains including Hannaford and Stop & Shop, is experiencing widespread operational disruptions due to a cybersecurity incident affecting their pharmacy services, e-commerce platforms, and payment systems, though while stores remain open, the...
on Tue, 12PM
From beyondmachines.net
Set Forth debt releif administrator reports data breach exposing 1.5M people
0 1
Set Forth has disclosed a data breach from May 2023 that compromised sensitive personal information, including Social Security numbers and dependent details, of 1.5 million individuals involved in debt relief programs, and while the attack's nature and delayed reporting reasons remain unclear,...
on Tue, 12PM
From beyondmachines.net
Amazon reports MOVEit related employee data breach, a year and a half after the incident
0 1
Amazon confirmed a data breach exposing over 2.8 million employee records (including work contact details and office locations) through a third-party property management vendor's MOVEit vulnerability, with the incident coming to light only after threat actor "Nam3L3ss" leaked the data on...
on Tue, 11AM
From beyondmachines.net
0 1
Symetra Life Insurance Co experienced a credential stuffing attack on their customer portal between April and September 2024, compromising 36 customer accounts' personal and financial information, and in response, they're offering affected customers two years of free credit monitoring and...
on Tue, 10AM
From beyondmachines.net
English Construction Company reports ransomware attack, data breach
0 1
English Construction Company (ECC) in Virginia has experienced a ransomware attack resulting in the encryption of servers and theft of sensitive personal data including SSNs and driver's licenses belonging to former employees, and while the total number of affected individuals remains...
on Tue, 9AM
From beyondmachines.net
State of (in)security - Week 45, 2024
0 1
The week of November 4-11, 2024 saw 38 total cybersecurity events (13 advisories/vulnerabilities and 25 incidents/breaches), with ransomware attacks and healthcare sector breaches being particularly prominent, affecting over 3.4 million individuals across 5 reported incidents, with the Summit...
on Mon, 8PM
From beyondmachines.net
City of Sheboygan reports ransomware attack
0 1
The City of Sheboygan experienced an attempted network intrusion on November 10, 2024, resulting in website disruption and a ransom demand, and while officials maintain there's no evidence of compromised personal data yet, they're investigating the incident with law enforcement and will notify...
on Mon, 2PM
From beyondmachines.net
Major South African Financial Systems Breach and Grant Fraud Scheme
0 1
A threat actor group called N4aughtySecGroup claims to have breached multiple South African credit bureaus and exploited the compromised data to create 100,000 fraudulent bank accounts and steal R175 million through social relief grants, though while TymeBank has confirmed and frozen suspicious...
on Sun, 8PM
From beyondmachines.net
Maryland based Eagle Bank reports merchant data breach affecting Mastercard debit cards
0 1
Eagle Bank is responding to a data security incident exposing MasterCard account numbers and details through a third-party merchant's network breach (August 2023 - May 2024), and while the number of affected customers remains undisclosed, the bank is proactively canceling compromised cards and...
on Sun, 7PM
From beyondmachines.net
Palo Alto Networks warns of claimed critical flaw in PAN-OS management interface
0 0
Palo Alto Networks is investigating a potential RCE vulnerability in their PAN-OS management interface, with two unrelated command injection vulnerabilities (CVE-2024-5910 and CVE-2024-9464) already being attacked. While no active exploitation has been detected, they've provided comprehensive...
on Nov 9
From beyondmachines.net
D-Link confirms critical flaw affecting over 60,000 end-of-life NAS devices, won't be patched
0 0
A critical command injection vulnerability (CVE-2024-10914, CVSS 9.2) has been discovered in over 60,000 D-Link NAS devices, allowing unauthenticated attackers to execute arbitrary shell commands through malicious HTTP GET requests, but D-Link won't issue patches since the affected devices are...
on Nov 9
From beyondmachines.net
Cybersecurity Incident at Michigan Masonic Home
0 0
Michigan Masonic Home reported a security breach involving unauthorized access to two employee email accounts between July and September 2024, exposing sensitive personal and medical information including Social Security numbers and medical records, though the total number of affected...
on Nov 9
From beyondmachines.net
Motorcyle parts seller Dennis Kirk breached, data leaked
0 0
A data breach at motorcycle-parts retailer Dennis Kirk has exposed at least 1.3 million customer records (potentially up to 12.2 million) containing sensitive information including names, contact details, and purchase histories, with the company remaining unresponsive while the stolen data is...
on Nov 9
From beyondmachines.net
Multiple Critical Vulnerabilities in Mazda Connect Infotainment System
0 0
Multiple critical vulnerabilities (including SQL injection and OS command injection) have been discovered in Mazda's Connectivity Master Unit affecting various models from 2014-2021, allowing attackers with physical access to execute arbitrary code with root privileges through USB ports, with no...
on Nov 9
From beyondmachines.net
Newpark Resources reports ransomware attack
0 0
Newpark Resources, a Texas-based oilfield services supplier, experienced a ransomware attack that disrupted critical information systems, affecting business applications but leaving manufacturing and field operations mostly operational. Details on exposed data and affected individuals remain...
on Nov 8
From beyondmachines.net
CISA reports active exploitation of flaw in Palo Alto Expedition migration tool
0 0
CISA has issued a warning about active exploitation of a critical vulnerability (CVE-2024-5910) in Palo Alto Networks’ Expedition tool, allowing attackers to take control of admin accounts and execute unauthorized commands. Federal agencies must patch by November 28, 2024, and all organizations...
on Nov 8
From beyondmachines.net
South Africa Standard Bank reports data breach caused by employee
0 0
Standard Bank reported a data breach caused by a senior employee copying sensitive client data onto an unsecured personal device, impacting limited personal and financial information but excluding passwords or PINs; affected clients were notified, and the bank is investigating for further...
on Nov 8
From beyondmachines.net
Binary Security reports partially fixed flaws in Azure API Management enabling privilege escalation
0 0
Binary Security discovered privilege escalation vulnerabilities in Microsoft’s Azure API Management (APIM) service, allowing users with Reader access to obtain full administrative control via legacy API versions, potentially exposing sensitive APIM secrets and configuration data. Microsoft plans...
on Nov 7
From beyondmachines.net
Cisco fixes critical flaw in affecting Ultra-Reliable Wireless Backhaul (URWB) access points
0 0
Cisco has patched a critical vulnerability (CVE-2024-20418) in its Unified Industrial Wireless Software affecting specific Catalyst access points, allowing unauthenticated root command execution through command injection attacks if URWB mode is enabled. Administrators should upgrade to version...
on Nov 7