Dealership software company Motility Software Solutions is notifying over 766,000 people that their personal information was compromised in a ransomware attack. A provider of software for recreational vehicle and power sport dealers, Motility discovered the incident on August 19, after hackers accessed servers that support the company's business operations. The attackers deployed file-encrypting ransomware on its systems, but also stole files containing customers' personal information. READ MORE...
Insurance giant Allianz subsidiary Allianz Life Insurance Company of North America is notifying roughly 1.5 million people that their personal information was stolen in a July data breach. The incident occurred on July 16 and involved a third-party cloud-based customer relationship management (CRM) system used by Allianz Life. Only Allianz Life in the US was impacted, the company said, adding that most of its roughly 1.4 million customers were likely affected, without sharing an exact number. READ MORE...
Attackers appearing to be aligned with the Clop ransomware group have sent emails to Oracle customers seeking extortion payments, claiming they stole data from the tech giant's E-Business Suite, according to researchers who spoke with CyberScoop. Researchers haven't confirmed the veracity of Clop's claimed data theft, but multiple investigations into Oracle environments belonging to organizations that received the emails are underway. READ MORE...
A hacking crew claims to have broken into Red Hat's private GitHub repositories, exfiltrating some 570GB of compressed data, including sensitive documents belonging to customers. An extortion group calling itself "the Crimson Collective" posted on Telegram that it accessed more than 28,000 internal repos and stole hundreds of Customer Engagement Reports (CERs) in messages seen by The Register. READ MORE...
ESET researchers have found two Android spyware campaigns aimed at people looking for secure messaging apps such as Signal and ToTok. The attackers spread the spyware through fake websites and social engineering. Researchers identified two previously unknown spyware families. Android/Spy.ProSpy poses as upgrades or add-ons for the Signal app and the discontinued ToTok app, while Android/Spy.ToSpy pretends to be the ToTok app itself. READ MORE...
An infostealer and banking Trojan rolled into one is making the rounds in Facebook groups aimed at "active seniors". Attackers used social engineering methods to lure targets into joining fake Facebook groups that appeared to promote travel and community activities-such as trips, dance classes, and community gatherings. Once people joined, they were invited to download an Android app to "register" for those offered activities. READ MORE...
The Federal Trade Commission (FTC) has sued Sendit's parent company, saying it signed up children under 13, collected their personal data, and misled them with fake messages and recurring bills. The lawsuit, filed against the app's owner Iconic Hearts Holdings Inc and CEO Hunter Rice, alleges the company let users under the age of 13 sign up for Sendit and collected personal information about these users without parental consent-violating the Children's Online Privacy Protection Rule (COPPA). READ MORE...
Scammers have been abusing unsecured cellular routers used in industrial settings to blast SMS-based phishing messages in campaigns that have been ongoing since 2023, researchers said. The routers, manufactured by China-based Milesight IoT Co., Ltd., are rugged Internet of Things devices that use cellular networks to connect traffic lights, electric power meters, and other sorts of remote industrial devices to central hubs. READ MORE...
Think about the apps on your phone right now. Your banking app, your working email, the food delivery app: each one is talking to a server somewhere - sending and receiving data through messages sent through APIs, the underlying infrastructure that allows apps to communicate. And here's the problem - hackers have determined that the APIs of mobile apps, when left visible and exploitable, can be a goldmine. READ MORE...