Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed

December 12, 2024 at 11:09AM Byte Federal, the largest U.S. Bitcoin ATM operator, experienced a data breach affecting 58,000 customers due to a GitLab vulnerability. Sensitive information like names, social security numbers, and contact details were accessed. The company has secured its systems and urges customers to monitor for fraud but does not offer identity … Read more

How to head off data breaches with CIAM

October 14, 2024 at 05:08AM Recent reports indicate that stolen identity credentials account for 61% of data breaches, with the average breach costing $4.88 million in 2024. Organizations are urged to adopt proactive security measures, such as customer identity and access management (CIAM) platforms, to enhance protection against cyber attacks. Okta offers insightful webinars on … Read more

MoneyGram confirms a cyberattack is behind dayslong outage

September 24, 2024 at 08:53AM Money transfer giant MoneyGram confirmed a cybersecurity incident caused system outages since Friday, impacting network connectivity for customers. MoneyGram is working to resolve the situation and has not disclosed the type of attack. The extended outage suggests a ransomware attack, which could have far-reaching repercussions due to its massive customer … Read more

Car rental giant Avis discloses data breach impacting customers

September 6, 2024 at 02:10PM Avis, a well-known car rental company, disclosed a recent data breach where attackers accessed their business application from August 3 to August 6, stealing names and other sensitive customer information. Avis has taken measures to enhance security and has advised affected customers to monitor their accounts for unauthorized activity and … Read more

Verizon to pay $16 million in TracFone data breach settlement

July 23, 2024 at 12:35PM Verizon Communications has settled a $16 million agreement with the FCC over three data breaches at its subsidiary, TracFone Wireless, after its 2021 acquisition. The breaches involved unauthorized access and exposed customer data. As part of the settlement, Verizon must enhance data security measures, including API vulnerability reduction, SIM change … Read more

HubSpot Warns of Ongoing Cyberattacks Targeting Customer Accounts

July 1, 2024 at 12:24PM HubSpot is actively investigating and blocking attempts to hack into customer accounts. They have reported at least 50 targets have been breached, with unauthorized access to less than 50 accounts. The company has taken necessary steps to revoke the attacker’s access and believes the impact will be isolated to a … Read more

TeamViewer Detects Security Breach in Corporate IT Environment

June 28, 2024 at 02:27AM TeamViewer detected an “irregularity” in its internal IT environment on June 26, 2024. The company immediately activated a response team and began investigations with cyber security experts. It stated that no customer data was impacted and an investigation is ongoing. The U.S. Health-ISAC issued a bulletin about threat actors’ exploitation … Read more

U.S. Bans Kaspersky Software, Citing National Security Risks

June 21, 2024 at 01:18AM The U.S. Department of Commerce’s Bureau of Industry and Security imposed a ban on Kaspersky Lab’s U.S. subsidiary and affiliates from offering security software due to national security risks posed by its ties to the Russian government. Kaspersky will be barred from selling to U.S. consumers and businesses starting July … Read more

PandaBuy pays ransom to hacker only to get extorted again

June 6, 2024 at 11:18AM Pandabuy, a Chinese shopping platform, revealed to BleepingComputer that it paid a ransom to prevent stolen data from being leaked. The threat actor, known as ‘Sanggiero’, attempted to extort the company again, claiming to have 17 million rows of data. Pandabuy confirmed fixing previous vulnerabilities and ceased cooperation with the … Read more

Okta warns of credential stuffing attacks targeting its CORS feature

May 29, 2024 at 11:48AM Okta warns of ongoing credential stuffing attacks targeting Customer Identity Cloud (CIC) cross-origin authentication feature since April. The company has identified affected endpoints and advised customers to review logs for specific events, rotate compromised user credentials, and implement passwordless, phishing-resistant authentication. Okta is offering further support through its Customer Support … Read more