America's largest propane provider, AmeriGas, has disclosed a data breach that lasted ephemerally but impacted 123 employees and one resident. AmeriGas servers over 2 million customers in all 50 U.S. states and has over 2,500 distribution locations. This month's data breach was reported by the propane giant to the Office of the New Hampshire Attorney General. This month, AmeriGas has issued a data breach notification letter to the New Hampshire Attorney General's Office. READ MORE...
A researcher recently discovered online an unsecured database operated by cybersecurity analytics firm Cognyte that left some 5 billion records collected from a range of data incidents exposed online - and accessible without authentication. The stored data is part of Cognyte's cyber intelligence service, which is used to alert customers to third-party data exposures. READ MORE...
The head of the UK's National Cyber Security Centre has warned that ransomware has become the biggest threat to British people and businesses. In a speech being given today by Lindy Cameron, chief executive of the NCSC, to the RUSI think tank, she highlights the need for ransomware problem to be taken seriously, and warns of the "cumulative effect" if society fails to properly deal with the rising threat. READ MORE...
Apple has fixed two iOS zero-day vulnerabilities that "may have been actively exploited" to hack into older iPhone, iPad, and iPod devices. The two bugs (tracked as CVE-2021-30761 and CVE-2021-30762) are caused by memory corruption and use after free issues in the WebKit browser engine, both found and reported by anonymous researchers. Webkit is a browser rendering engine used by Apple web browsers and applications to render HTML content on desktop and mobile platforms. READ MORE...
Instagram has patched a new flaw that allowed anyone to view archived posts and stories posted by private accounts without having to follow them. "This bug could have allowed a malicious user to view targeted media on Instagram," Mayur Fartade said in a Medium post today. "An attacker could have been able to see details of private/archived posts, stories, reels, IGTV without following the user using Media ID." READ MORE...
We've all heard of phishing, the tried-and-tested email scam that spoofs authoritative sources to trick recipients into handing over sensitive information or downloading malware. Well, vishing is its voice call equivalent. It's a con trick with many variants that can impact individuals and organizations alike - with potentially devastating consequences. READ MORE...
The amount of time that utility networks spend exposed to a known application exploit has spiked over the past two months - something analysts called out as a "concerning datapoint," and an important reminder that ransomware isn't the only threat utility networks need to secure against. A new report from WhiteHat Security measured the amount of time a sector remained vulnerable to a known application exploit out in the wild, a metric they call an industry's window of exposure (WoE). READ MORE...