Identity and access management giant Okta says some customer data was exposed by the "relentless phishing campaign" that breached Twilio, which it uses to provide some SMS services. Twilio says attackers accessed data for 163 customer organizations.
Food delivery firm DoorDash says its customers and employees have been impacted by the phishing attack on its third-party service provider. DoorDash says it experienced "unusual and suspicious activity" on its third-party vendor's computer network that was a victim of a phishing campaign.
Ethereum is offering up to $1 million bounty to white hat hackers who identify merge-related critical vulnerabilities on its blockchain. The four-fold increase in reward will be applicable between Wednesday and Sept. 8. The merge is set to be completed by Sept. 20
Cryptocurrency trading platform Coinbase faces a proposed class action from a user who says poor security led to the theft of $200,000 from his account. Attempts by plaintiff Manish Aggarwal to contact the company turned into a fight with an "impenetrable automated 'customer service' process."
The recently discovered Russian-linked MagicWeb malware that exploits on-premises Microsoft Active Directory Federated Services servers to persist in compromised systems underscores the benefits of cloud-based infrastructure and a zero trust approach to architecture, security researchers say.
A probe into alleged use of Pegasus spyware on Indian citizens identified malware on five of the 29 volunteers who submitted their devices for forensic examination. The nature of the malware was not disclosed, but Chief Justice of India said New Delhi did not cooperate with investigators.
Password manager stalwart LastPass acknowledged Thursday that a threat actor gained unauthorized access to its source code and proprietary technical information. The attacker does not appear to have gained access to customer data or encrypted password vaults.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including implications of the Russia-Ukraine cyberwar, the former CISA director’s somber message to the industry at Black Hat, and how the cryptocurrency landscape is changing.
Fintech company Block faces a putative class action demanding damages for customers affected by a 2021 data breach that affected 8.2 million individuals. The company, formerly known as Square and co-founded by former-Twitter CEO Jack Dorsey, disclosed the breach in April.
As the latest wave of ransomware attacks, extortion attempts and related fallout continues to hit hospitals globally, U.S. federal authorities have issued a new warning to the healthcare sector about Karakurt, the group behind one of the recent incidents.
An ongoing phishing campaign has compromised Twilio, Mailchimp and about 130 other organizations by using a lookalike Okta login page to trick employees into divulging their password and multi-factor authentication code. Researchers have traced the attacks to a 22-year-old suspect in North Carolina.
Cyber criminals are running scripting attacks on e-commerce sites that attempt to complete small payments by automatically inputting payment card numbers based on the Ally Bank identification number. There are no indications of a data breach at Ally Bank, says a source close to the fraud detection.
The ongoing COVID-19 pandemic continues to fuel new opportunities for cybercriminals, malicious insiders and other adversaries who are posing new security threats to the privacy of patient health data, says attorney Erik Weinick of law firm Otterbourg P.C.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.