The education and publishing giant Scholastic has fallen victim to a significant data breach affecting approximately 8 million people. The breach, which has been attributed to a self-proclaimed “furry” hacker going by the alias “Parasocial,” was first reported by the…
Category: EN
Hackers Exploiting YouTube to Spread Malware That Steals Browser Data
Malware actors leverage popular platforms like YouTube and social media to distribute fake installers. Reputable file hosting services are abused to host malware and make detection challenging. Password protection and encoding techniques further complicate analysis and evade early sandbox detection.…
Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data
Researchers analyzed a new stealthy credit card skimmer that targets WordPress checkout pages by injecting malicious JavaScript into the WordPress database. On checkout pages, the malware is designed to steal credit card information from users who are visiting those pages.…
Rethinking Age Verification for Social Media: Privacy-Friendly Solutions for Safeguarding Kids
The digital landscape has become an integral part of our lives, and social media platforms are at its heart. While these platforms offer undeniable benefits in connecting people and fostering communities, they also pose significant risks, especially for children. Exposure…
Better be aware of this ongoing PayPal Phishing Scam that seems genuine
PayPal, the widely used online payment platform, is currently facing scrutiny after being linked to a “No Phish Phishing” scam that is tricking users into falling for a sophisticated fraud scheme. The scam, which exploits a weakness in PayPal’s operational…
Furry Hacker Breaches Scholastic Exposes Data of 8 Million People
The education and publishing giant Scholastic has fallen victim to a significant data breach affecting approximately 8 million people. The breach, which has been attributed to a self-proclaimed “furry” hacker going by the alias “Parasocial,” was first reported by the…
Three Russian Nationals Indicted for Operating Cryptocurrency Mixers in Money Laundering Scheme
Three Russian nationals have been charged for their involvement in operating cryptocurrency mixing services Blender.io and Sinbad.io, according to an indictment unsealed on January 7 by a federal grand jury in the Northern District of Georgia. The charges stem from…
IBM Watsonx.ai Vulnerability Let Attackers Trigger XSS Attacks
A recently disclosed vulnerability, identified as CVE-2024-49785, has been found in IBM watsonx.ai, including its integration with IBM Cloud Pak for Data. This vulnerability exposes users to cross-site scripting (XSS) attacks, potentially compromising sensitive information. IBM Watsonx.ai Vulnerability The issue arises from improper…
Medusind Data Breach Exposes Over 360,000 Individuals’ Healthcare Info
Medusind, a healthcare revenue cycle management provider, has disclosed a data breach that compromised the personal and health information of 360,934 people. The breach, which happened over a year ago, affirms the ongoing cybersecurity challenges in the healthcare sector. The…
Europe coughs up €400 to punter after breaking its own GDPR data protection rules
PLUS: Data broker leak reveals extent of info trading; Hot new ransomware gang might be all AI, no bark; and more Infosec in brief Gravy Analytics, a vendor of location intelligence info for marketers which reached a settlement with US…
GitHub CISO on security strategy and collaborating with the open-source community
In this Help Net Security, Alexis Wales, CISO at GitHub, discusses how GitHub embeds security into every aspect of its platform to protect millions of developers and repositories, ensuring it remains a trustworthy platform for building secure software. The post…
Chainsaw: Open-source tool for hunting through Windows forensic artefacts
Chainsaw is an open-source first-response tool for quickly detecting threats in Windows forensic artefacts, including Event Logs and the MFT file. It enables fast keyword searches through event logs and identifies threats using built-in Sigma detection and custom detection rules.…
Time for a change: Elevating developers’ security skills
Organizations don’t know their software engineers’ security skills because they don’t assess them in the interview process. Trying to do that in an interview is challenging, of course, given the time it takes for a proper assessment. However, given the…
Scholastic – 4,247,768 breached accounts
In January 2025, a data breach of the publishing company Scholastic surfaced. The breach contained 4.2M unique email addresses with many of the records also including name, phone number and physical address. This article has been indexed from Have I…
ISC Stormcast For Monday, January 13th, 2025 https://isc.sans.edu/podcastdetail/9276, (Mon, Jan 13th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, January 13th, 2025…
The Vanity Press in Academia
I’ve never been a regular resident of the ivory halls of academia, but Mich Kabay recently made me aware of an article about legitimate scientific journals driven to distraction by being flooded with commentary apparently reflecting a surge in the…
The Metaverse Will Become More Popular Than the Real World: Will Reality Disappear?
With the advent of virtual reality, everyone got scared that the life we know will disappear, and only… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: The Metaverse Will…
Pro-Russia hackers NoName057 targets Italy again after Zelensky’s visit to the country
Over the weekend, Italy faced new waves of DDoS attacks carried out by pro-Russia group NoName057(16). Pro-Russia hackers Noname057(16) targeted Italian ministries, institutions, critical infrastructure’s websites and private organizations over the weekend. The new wave of attacks coincides with the…
Security Affairs newsletter Round 506 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. DoJ charged three…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 28
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Finding Malware: Unveiling PLAYFULGHOST with Google Security Operations Scam Sniffer 2024: Web3 Phishing Attacks – Wallet Drainers Drain $494 Million EAGERBEE,…