2023 Data Breach Investigations Report of which the dataset currentlycontains 953,894 incidents, of which 254,968 are confirmed breaches shows that the use of stolen credentials forms 44.7% of the cases. But what else can we learn? 74% of all breaches include the human element, with people being involved either via Error,Privilege Misuse, Use of stolen […]
German newspaper Handelsbatt received 100GB of data from informants at Tesla. The data contains information on thousands of complaints regarding Tesla’s Autopilot self-driving feature. The collection of data includes 23,000 internal files from 2015 to 2022. Complaints detail issues with self-acceleration, brake function, involuntary emergency braking, and phantom stops.More than 1,000 crash reports are included […]
Toyota has exposed the location data of 2.3 million customers for over a decade. The information was accessible due to a security breach in their sales module. The data included customers’ names, email addresses, and vehicle identification numbers (VINs). The breach occurred in Japan, but the data of customers from several countries, including the US […]
Terravision, a company that arranges bus transport to and from European airports, has leaked the data of more than two million customers. This concerns names, telephone numbers, e-mail addresses, salted password hashes and in some cases dates of birth and country of origin. Details about the data breach are not yet known. Via ID Control […]
Almost half of all Dutch company websites are vulnerable to attacks by cyber criminals due to vulnerabilities in software, configurations and web services. The result is often data theft or extortion through ransomware. “Entrepreneurs are insufficiently aware of the risks,” says cybersecurity specialist ID Control based on three studies of web shops, government websites and […]
The Bundesamt für Sicherheit in der Informationstechnik (BSI), part of the German Ministry of Internal Affairs, has investigated web shops which show that they are often unsafe. Seven out of ten researched webshop platforms use vulnerable JavaScript libraries. In addition, almost all solutions had inadequate password policies and nearly half of the products use end-of-life […]
A cybersecurity insurer predicts that a 13% growth to 1,900 CVEs monthly would include 270 high-severity and 155 critical-severity vulnerabilities. The predictions are based on data collected over the last ten years. For most CVEs, the time to exploit is within 90 days of public disclosure, while the majority of exploits take place within the […]
T-Mobile said a “bad actor” abused an application programming interface (API) to hoover up data on roughly 37 million current postpaid and prepaid customer accounts. The data stolen included customer name, billing address, email, phone number, date of birth, T-Mobile account number, as well as information on the number of customer lines and plan features. […]
According to a PayPal notice of security incident dated January 18, attackers got unauthorized access to the accounts of thousands of users between December 6 and 8, 2022. The total number of accounts that were accessed by threat actors using a credential stuffing attack is reported as being 34,942.
NortonLifeLock warns customers that criminals have broken into their Norton Password Manager, an online password manager, and advises that all stored credentials be changed immediately. The password manager can be used via a Norton account and can generate passwords and store them in an “online vault”. The password manager is available as a browser extension […]