A breach of Washington, D.C. voter data may have been broader than initially understood and may have included the entire voter roll, the District of Columbia Board of Elections said in a statement Friday. The board first learned of the breach after voter data was offered for a sale in an online forum earlier this month. Initially, the board believed the affected data amounted to 600,000 lines, but in a call with its hosting provider on Friday learned that the breached database included a copy of the full voter roll. READ MORE...
1Password, a popular password management platform used by over 100,000 businesses, suffered a security incident after hackers gained access to its Okta ID management tenant. "We detected suspicious activity on our Okta instance related to their Support System incident. After a thorough investigation, we concluded that no 1Password user data was accessed," reads a very brief security incident notification from 1Password CTO Pedro Canahuati. READ MORE...
China-based scammers are using a combination of fake loan apps and India's real-time mobile payment system, Unified Payments Interface (UPI), to separate victims from their cash, according to a report by threat intel firm CloudSEK. "UPI service providers currently operate without coverage under the Prevention of Money Laundering Act (PMLA)," explained [PDF] CloudSEK researchers, letting the scammers' exploit the platforms with relative ease. READ MORE...
A cyberattack on shared service provider TransForm has impacted operations in five hospitals in Ontario, Canada, impacting patient care and causing appointments to be rescheduled. TransForm is a not-for-profit, shared service organization founded by five hospitals in Erie St. Clair, Ontario, to manage their IT, supply chain, and accounts payable. Yesterday, the service provider released a statement stating that their IT systems are experiencing an outage due to a cyberattack. READ MORE...
As passwordless identity becomes mainstream, the term "passkey" is quickly becoming a new buzzword in cybersecurity. But what exactly is a passkey and why do we need them? A passkey is a digital credential that can only be used by the authorized user. This commonly requires unlocking a device with a biometric marker (such as facial or fingerprint scan) or a unique factor (e.g., a PIN). READ MORE...
"Continue with Google" - such a seamless way to sign up for and log into a website or app, especially since you likely are already logged into your Google account. All you need to do is tap or click the button and allow some of your personal data from your Google account to be shared with the third-party online service. Since convenience is so often the name of the game these days, many sites let you log in using your Facebook, Google, Microsoft, LinkedIn, Apple or another account with a major tech company. READ MORE...
Cisco has found a second actively exploited IOS XE zero-day vulnerability, with the company disclosing it just as the number of hacked devices appears to have dropped significantly. The networking giant warned customers last week that threat actors have exploited a zero-day since at least mid-September. The critical flaw affects the IOS XE web interface and it can be exploited by remote, unauthenticated attackers to create high-privileged accounts on targeted Cisco devices. READ MORE...