Consumer loan company TMX Finance has started informing over 4.8 million individuals that their personal information was stolen in a data breach. Operating roughly 1,100 stores in 15 states, TMX offers loans under three brands, namely TitleMax (title lending services), TitleBucks (car title loans), and InstaLoan (fast-approval personal loan services). The data breach was identified on February 13, 2023, and impacted the customers of all services, reads the notification letter to the affected individuals. READ MORE...
US-based data storage company Western Digital has announced that it has suffered a network security incident that resulted in an unauthorized third party gaining access to a number of the company's systems and some company data. These are the most important details from the terse and very vague press release: Western Digital identified the network security incident on March 26, 2023. The company started IR efforts with the help of external security and forensic experts. READ MORE...
Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web offering that catered to cybercriminals operating DDoS-for-hire services, KrebsOnSecurity has learned. FlyHosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure. READ MORE...
The release of thousands of pages of confidential documents has exposed Russian military and intelligence agencies' grand plans for using their cyberwar capabilities in disinformation campaigns, hacking operations, critical infrastructure disruption, and control of the Internet. The papers were leaked from the Russian contractor NTC Vulkan and show how Russian intelligence agencies use private companies to plan and execute global hacking operations. READ MORE...
Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid. Sometimes the actors add the menace of a distributed denial-of-service (DDoS) attack if the message recipient does not comply with the instructions in the message. The attackers behind this activity use the name Midnight and started targeting companies in the U.S. since at least March 16. READ MORE...
Apple's decision to support MAC Address Randomization across its platforms may provide some degree of protection against a newly-identified Wi-Fi flaw researchers say could let attackers hijack network traffic. iOS, Linux, and Android devices may be vulnerable. The researchers have identified a fundamental flaw in the design of the IEEE 802.11 Wi-Fi standard attackers could exploit to trick access points (Wi-Fi base stations) into leaking information. READ MORE...
Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV (known exploitable vulnerabilities) catalog. This massive number is reported by cybersecurity company Rezilion, which conducted large-scale research to identify vulnerable systems exposed to cyberattacks from threat actors, whether state-sponsored or ransomware gangs. READ MORE...
Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said. The vulnerability, which carries a severity rating of 8.8 out of a possible 10, is present in Elementor Pro, a premium plugin running on more than 12 million sites powered by the WordPress content management system. Elementor Pro allows users to create high-quality websites using a wide range of tools. READ MORE...