exposed
-
Blog
Zacks Investment breach could leave 12 million customer accounts exposed
Zacks Investment, a leading investment research company, has allegedly suffered a data breach that could see roughly 15 million customer records exposed. A threat actor under the name Jurak posted on the dark web hacking forum BreachForums on 24 January 2025, claiming to have breached Zacks Investment in June last year. Zacks is a major financial analysis provider best known…
Read More » -
Blog
Over 12,000 KerioControl firewalls exposed to exploited RCE flaw
Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. KerioControl is a network security suite that small and medium-sized businesses use for VPNs, bandwidth management, reporting and monitoring, traffic filtering, AV protection, and intrusion prevention. The flaw in question was discovered in mid-December by security researcher Egidio Romano (EgiX), who…
Read More » -
Blog
Microsoft says attackers use exposed ASP.NET keys to deploy malware
Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. As Microsoft Threat Intelligence experts recently discovered, some developers use ASP.NET validationKey and decryptionKey keys (designed to protect ViewState from tampering and information disclosure) found on code documentation and repository platforms in their own software. However, threat actors also use…
Read More » -
Blog
DeepSeek Locked Down Public Database Access That Exposed Chat History
On Jan. 29, U.S.-based Wiz Research announced it responsibly disclosed a DeepSeek database previously open to the public, exposing chat logs and other sensitive information. DeepSeek locked down the database, but the discovery highlights possible risks with generative AI models, particularly international projects. DeepSeek shook up the tech industry over the last week as the Chinese company’s AI models rivaled…
Read More » -
Blog
DeepSeek database left user data, chat histories exposed for anyone to see
DeepSeek has secured a “completely open” database that exposed user chat histories, API authentication keys, system logs, and other sensitive information, according to cloud security firm Wiz. The security researchers said they found the Chinese AI startup’s publicly accessible database in “minutes,” with no authentication required. The exposed information was housed within an open-source data management system called ClickHouse and…
Read More » -
Blog
This Subaru Hack Exposed Location Data and Allowed Remote Access
We know that cars are better connected than ever before, which is great when you want to remember where you parked or start defrosting the vehicle windows while you’re still in bed—but this modern tech comes with security and privacy concerns, as a new hack of Subaru cars and their Starlink software has shown. Security researchers Sam Curry and Shubham…
Read More » -
Blog
Ransomware gang claims data breach at Mission Bank that exposed SSNs and account info
Ransomware group RansomHub today claimed responsibility for a December 2024 data breach at Mission Bank in California. The bank notified an undisclosed number of people that the following information was compromised: Names Social Security numbers Dates of birth Addresses Telephone numbers Driver’s license or other state-issued ID number Passport numbers Financial account numbers Mission Bank’s December 31, 2024 notice (PDF)…
Read More » -
Blog
Casio says data of 8,500 people exposed in October ransomware attack
Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people. The affected individuals are primarily Casio employees and business partners, but there was a small set of customer personal information in the exposed data. Underground ransomware attack The cyberattack occurred on October 5, when ransomware actors employing phishing tactics compromised the…
Read More » -
Blog
Millions of email users at risk — passwords could be exposed to hackers, experts warn
New research from security experts has revealed over 3 million mail servers are still using an aging protocol without encryption enabled, leaving millions of usernames and passwords vulnerable to hackers. This week the Shadowserver Foundation, a nonprofit security organization, pushed out an alert on X and that it found 3.3 million POP3 and IMAP servers are operating without transport layer…
Read More » -
Blog
Over 3 million mail servers without encryption exposed to sniffing attacks
Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. IMAP and POP3 are two methods for accessing email on mail servers. IMAP is recommended for checking emails from multiple devices, such as phones and laptops because it keeps your messages on the server and synchronizes them…
Read More »