A third-party data breach has exposed the personal data of UK’s Greater Manchester Police (GMP) officers and staff. Company that produces GMP’s staff ID cards was affected by a ransomware attack.
Iranian Hackers Use Password Spray Attacks to Compromise Defense Organizations, Pharmaceutical Firms
A recent campaign by Iranian hackers has been very successful in using password spray attacks to breach high-value targets, with a particular focus on defense organizations and satellites as well as pharmaceutical company research.
Airbus has confirmed a data breach that exposed confidential business information via a partner airline’s compromised account. Threat actors compromised a Turkish Airlines employee account using the Redline info-stealer malware in August 2023.
A government investigation of Elon Musk's tenure as leader of Twitter has determined that there may be violations of a 2022 FTC order that required certain privacy and security measures be implemented.
Facebook Messenger phishing campaign targeted millions of business accounts using fake and hijacked personal accounts to trick business owners into installing an infostealer that harvests passwords and cookies before locking them out.
Privacy tests have found that every connected car brand collects more personal data than it needs to, and employs it for non-essential purposes. The vast majority are sharing or selling customer data.
Caesars Entertainment quietly disclosed its own recent cyber attack in a SEC filing. Unlike MGM, Caesars appears to have skated through their own incident by making a $15 million ransom payment to the hackers.
Citizen Lab reports that the new Pegasus spyware zero-click zero-day impacts the most recent version of iOS (16.6) and likely prior versions dating back to the iPhone 8. As with the prior Pegasus attack vector, victims only need to receive a iMessage to be compromised; they do not need to open the message or interact with it.
Two Dutch consumer groups, the Privacy Protection Foundation and Consumentenbond, have filed suit against Google over its targeted advertising auctions. The suit is seeking the equivalent of $804 for each Google user harmed by its "constant surveillance" and sharing of personal data.
Okta has warned about social engineering attacks by sophisticated actors targeting super administrators by tricking service desk staff into resetting multi-factor authentication for privileged users.
