August 20, 2024 at 10:39AM FlightAware recently admitted to exposing users’ data for over three years in a configuration error. Personal data including user ID, password, email, addresses, social security number, and more were compromised. The exact number of affected users is unknown, but FlightAware has 12 million registered users. Affected individuals are being prompted … Read more
May 2, 2024 at 02:36PM Dropbox alerts customers of a data breach in its cloud-based service, exposing customer credentials and authentication data. Unauthorized access to the Dropbox Sign production environment compromised customer database, exposing emails, usernames, and hashed passwords. Dropbox took immediate mitigation steps, including password resets and restricting certain functionalities, while continuing to investigate … Read more
April 4, 2024 at 08:30AM SurveyLama confirms a data breach affecting over 4.4 million users, occurring in February and brought to light through Have I Been Pwned. Email addresses, personal information, and hashed passwords were compromised. The platform has enforced a password reset and is enhancing security measures. Users are advised to reset all associated … Read more
April 1, 2024 at 11:05AM Data of over 1.3 million PandaBuy customers has been leaked due to vulnerability exploitation, reportedly by two threat actors. The leaked information includes user IDs, names, contact details, order information, and more. It has been confirmed that leaked emails are valid and originate from PandaBuy. The company has not publicly … Read more
March 28, 2024 at 11:09AM Apple device users are encountering continuous password reset requests and vishing calls, often from a number posing as Apple’s official support line. It appears that several Apple device users have been receiving frequent password reset prompts and vishing calls from a number that is spoofing Apple’s legitimate customer support line. … Read more
March 27, 2024 at 06:17PM A targeted multi-factor authentication bombing campaign is targeting Apple device owners, bombarding them with password reset requests. It aims to exhaust users into accidentally allowing a password reset and includes sophisticated tactics such as spoofed support calls. Users are advised to be cautious and vigilant in responding to unexpected alerts … Read more
February 9, 2024 at 04:09PM AnyDesk disclosed details about a recent hacker attack, revealing the breach was discovered in mid-January with initial intrusion occurring in late December 2023. The company confirmed no evidence of malicious software being distributed to customers and is revoking certificates and pushing out software updates. It also enforced a password reset … Read more
February 7, 2024 at 10:27AM As remote work becomes more prevalent, organizations need to move away from traditional trust models and embrace a zero trust approach for secure access. This involves rigorous authentication for every user, device, and network component. Implementing the principle of least privilege and using multifactor authentication are recommended strategies to bolster … Read more
February 5, 2024 at 04:52PM AnyDesk announced its production systems have been compromised, leading to plans for certificate revocation and password resets. The company assured that end user devices were unaffected and that it is collaborating with law enforcement agencies. AnyDesk advised customers to update passwords and confirmed that it is safe to use its … Read more
January 25, 2024 at 11:48AM Over 5,000 unpatched GitLab servers are vulnerable to account takeover due to CVE-2023-7028. The flaw, affecting versions 16.1.0 and onwards, allows send password reset emails to unverified addresses, disclosed by a non-profit group. Patches are available in GitLab versions 16.5.6, 16.6.4, and 16.7.2, with hundreds of vulnerable servers globally. GitLab … Read more