CyberAlerts

Description: In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down in mid-2024 and the breach later acknowledged by the site operator in December, along with a breach of the "Senior Dating" website run by the same organisation.

Source: HaveIBeenPwnedLatestBreaches

December 9th, 2024 (4 months ago)

Senior Dating - 765,517 breached accounts

Description: In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation.

Source: HaveIBeenPwnedLatestBreaches

December 9th, 2024 (4 months ago)

⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8)

Description: This week’s cyber world is like a big spy movie. Hackers are breaking into other hackers’ setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in. Want to

Source: TheHackerNews

December 9th, 2024 (4 months ago)

Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices

Description: A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. "Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems," the company's security research team said in an analysis

Source: TheHackerNews

December 9th, 2024 (4 months ago)

Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions

Description: Identity security is all the rage right now, and rightfully so. Securing identities that access an organization’s resources is a sound security model. But IDs have their limits, and there are many use cases when a business should add other layers of security to a strong identity. And this is what we at SSH Communications Security want to talk about today. Let’s look at seven ways to add

Source: TheHackerNews

December 9th, 2024 (4 months ago)

Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

Description: Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print

Source: TheHackerNews

December 9th, 2024 (4 months ago)

QR codes bypass browser isolation for malicious C2 communication

Description: Mandiant has identified a novel method to bypass contemporary browser isolation technology and achieve command-and-control C2 operations. [...]

Source: BleepingComputer

December 9th, 2024 (4 months ago)

Anna Jaques Hospital ransomware breach exposed data of 300K patients

Description: Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 316,000 patients. [...]

Source: BleepingComputer

December 8th, 2024 (4 months ago)

Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions

Description: In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures

Source: TheHackerNews

December 7th, 2024 (4 months ago)

Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar

Description: Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management (PAM) solutions often fall short, leaving: Blind spots that limit full visibility. Complex deployment processes.

Source: TheHackerNews

December 7th, 2024 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Ladies.com - 118,809 breached accounts Description: In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down in mid-2024 and the breach later acknowledged by the site operator in December, along with a breach of the "Senior Dating" website run by the same organisation. Source: HaveIBeenPwnedLatestBreaches December 9th, 2024 (4 months ago)
	Senior Dating - 765,517 breached accounts Description: In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation. Source: HaveIBeenPwnedLatestBreaches December 9th, 2024 (4 months ago)
	⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8) Description: This week’s cyber world is like a big spy movie. Hackers are breaking into other hackers’ setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in. Want to Source: TheHackerNews December 9th, 2024 (4 months ago)
	Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices Description: A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. "Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems," the company's security research team said in an analysis Source: TheHackerNews December 9th, 2024 (4 months ago)
	Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions Description: Identity security is all the rage right now, and rightfully so. Securing identities that access an organization’s resources is a sound security model. But IDs have their limits, and there are many use cases when a business should add other layers of security to a strong identity. And this is what we at SSH Communications Security want to talk about today. Let’s look at seven ways to add Source: TheHackerNews December 9th, 2024 (4 months ago)
	Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI Description: Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print Source: TheHackerNews December 9th, 2024 (4 months ago)
	QR codes bypass browser isolation for malicious C2 communication Description: Mandiant has identified a novel method to bypass contemporary browser isolation technology and achieve command-and-control C2 operations. [...] Source: BleepingComputer December 9th, 2024 (4 months ago)
	Anna Jaques Hospital ransomware breach exposed data of 300K patients Description: Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 316,000 patients. [...] Source: BleepingComputer December 8th, 2024 (4 months ago)
	Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions Description: In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures Source: TheHackerNews December 7th, 2024 (4 months ago)
	Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar Description: Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management (PAM) solutions often fall short, leaving: Blind spots that limit full visibility. Complex deployment processes. Source: TheHackerNews December 7th, 2024 (4 months ago)