Did you know that your Ring doorbell video footage could be part of police surveillance? Ring saw search warrants increase 33 percent in 2022 from the previous year. The lack of legal controls on what police can ask for, and judges failing to properly scrutinize these warrants, opens the door for even indoor home footage […]
According to a PayPal notice of security incident dated January 18, attackers got unauthorized access to the accounts of thousands of users between December 6 and 8, 2022. The total number of accounts that were accessed by threat actors using a credential stuffing attack is reported as being 34,942.
The hacker copied information from backup that contained basic customer account information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. The threat actor was also able to copy a backup of customer vault data from the encrypted […]
The records of Twitter contain either a private email address or phone number, and public scraped data, including the account’s Twitter ID, name, screen name, verified status, location, URL, description, follower count, account creation date, friends count, favorites count, statuses count, and profile image URLs.
Worldwide, a total of 890,000 computers were infected and more than fifty million passwords were stolen. This is the conclusion of security company Group-IB based on its own research. Investigators from the company identified 34 gangs behind the attacks using known malware such as RedLine and Raccoon Infostealer. This malware is capable of stealing login […]
Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections. Stealing session cookies has become one of the most common ways that attackers circumvent multifactor authentication. For unmanaged devices, they recommend conditional access policies and strong controls.
Thanks in part to action by the Dutch police, the American authorities have taken offline a criminal marketplace where millions of stolen login details were traded, as well as tens of thousands of credit card details and scanned passports and driver’s licenses. The alleged administrator of the WT1Shop marketplace has also been charged. This is […]
The Amsterdam hospital OLVG has been fined 440,000 euros by the Dutch Data Protection Authority. According to the Dutch Authority, the hospital had taken too few measures between 2018 and 2020 to prevent access by unauthorized employees to medical files. There was not enough control over who viewed which file. The security of the computer […]
The Cyber Security Council is a national and independent advisory body to the cabinet. They are concerned about the growing dependence on the Netherlands when it comes to the use of new technological applications or services from foreign tech companies. This can lead to potential vendor lock-in and in exceptional cases possible access to data […]
Awareness training in the field of cybersecurity and phishing must be repeated after approximately six months to ensure that employees continue to recognize phishing emails properly. This is evident from a study that was carried out by a number of German universities at an organization from the public sector. In Germany, public organizations are required […]