Breaking News

Pierluigi Paganini August 18, 2021
T-Mobile data breach has impacted 48.6 million customers

T-Mobile has confirmed that hackers have stolen records belonging to 48.6 million of current and former customers. Recently T-Mobile has launched an investigation into a possible security breach after a threat actor started offering for sale 100 million T-Mobile customer records on the dark web. Bleeping Computer reported that the seller was asking for 6 […]

Pierluigi Paganini August 18, 2021
Adobe addresses two critical vulnerabilities in Photoshop

Adobe has addressed two critical security vulnerabilities affecting its Photoshop image manipulation software. Adobe released security updates to address two critical security vulnerabilities, tracked as CVE-2021-36065 and CVE-2021-36066, affecting the popular image manipulation software Photoshop. The flaws affect versions of the software for both Windows and macOS, their exploitation could lead to arbitrary code execution in the […]

Pierluigi Paganini August 18, 2021
Hamburg’s data protection agency (DPA) states that using Zoom violates GDPR

The German state’s data protection agency (DPA) warns that the use of the videoconferencing platform Zoom violates the European Union’s GDPR. The German state’s data protection agency (DPA) warns that the Senate Chancellory’s use of the popular videoconferencing tool violates the European Union’s General Data Protection Regulation (GDPR). The DPA is concerned by the transfer of […]

Pierluigi Paganini August 17, 2021
Kalay cloud platform flaw exposes millions of IoT devices to hack

FireEye Mandiant researchers have discovered a critical vulnerability in the Kalay cloud platform that exposes millions of IoT devices to attacks. Researchers at FireEye’s Mandiant have discovered a critical vulnerability, tracked as CVE-2021-28372, in a core component of the Kalay cloud platform which is used by millions of IoT devices from many vendors. The flaw […]

Pierluigi Paganini August 17, 2021
Fortinet FortiWeb OS Command Injection allows takeover servers remotely

Fortinet addresses a command injection vulnerability that can allow attackers to take complete control of servers running vulnerable FortiWeb WAF installs. An authenticated attacker could execute arbitrary commands as the root user on the underlying system via the SAML server configuration page. Experts pointed out that the flaw could be chained with an authentication bypass flaw that […]

Pierluigi Paganini August 17, 2021
1.9 million+ records from the FBI’s terrorist watchlist available online

A security researcher discovered that a secret FBI’s terrorist watchlist was accidentally exposed on the internet for three weeks between July 19 and August 9, 2021. The security researcher Bob Diachenko discovered a secret terrorist watchlist with 1.9 million records that were exposed on the internet for three weeks between July 19 and August 9, 2021. In July, […]

Pierluigi Paganini August 17, 2021
Colonial Pipeline discloses data breach after May ransomware attack

Colonial Pipeline discloses a data breach of the personal information of thousands of individuals after the ransomware attack that took place in May 2021. Colonial Pipeline has started notifying more than 5000 people that had their personal information compromised after a ransomware attack that took place in May. The Colonial Pipeline facility in Pelham, Alabama […]

Pierluigi Paganini August 16, 2021
T-Mobile confirms data breach that exposed customer personal info

T-Mobile confirms a breach after threat actors claimed to have obtained records of 100 million of its customers and offered them for sale. T-Mobile has confirmed a data breach that exposed personal information from over 100 million of its US customers. Yesterday the company announced it launched an investigation into a possible data breach after […]

Pierluigi Paganini August 16, 2021
Recent attacks on Iran were orchestrated by the Indra group

The recent attacks that targeted Iran’s transport ministry and national train system were conducted by a threat actor dubbed Indra. In July, Iran’s railroad system was hit by a cyberattack, threat actors published fake messages about delays or cancellations of the trains on display boards at stations across the country, the Fars news agency reported. The […]

Pierluigi Paganini August 16, 2021
US FINRA warns US brokerage firms and brokers of ongoing phishing attacks

The US FINRA warns US brokerage firms and brokers of an ongoing phishing campaign impersonating its representatives to steal sensitive info. The US Financial Industry Regulatory Authority (FINRA) is warning US brokerage firms and brokers of an ongoing phishing campaign. Threat actors are impersonating FINRA officials and are using the threat of penalties to trick victims recipients into providing […]