CyberAlerts

Description: In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down in mid-2024 and the breach later acknowledged by the site operator in December, along with a breach of the "Senior Dating" website run by the same organisation.

Source: HaveIBeenPwnedLatestBreaches

December 9th, 2024 (4 months ago)

Senior Dating - 765,517 breached accounts

Description: In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation.

Source: HaveIBeenPwnedLatestBreaches

December 9th, 2024 (4 months ago)

Anna Jaques Hospital ransomware breach exposed data of 300K patients

Description: Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 316,000 patients. [...]

Source: BleepingComputer

December 8th, 2024 (4 months ago)

Blue Yonder SaaS giant breached by Termite ransomware gang

Description: The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. [...]

Source: BleepingComputer

December 6th, 2024 (4 months ago)

U.S. org suffered four month intrusion by Chinese hackers

Description: A large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024. [...]

Source: BleepingComputer

December 5th, 2024 (4 months ago)

US arrests Scattered Spider suspect linked to telecom hacks

Description: U.S. authorities have arrested a 19-year-old teenager linked to the notorious Scattered Spider cybercrime gang who is now charged with breaching a U.S. financial institution and two unnamed telecommunications firms. [...]

Source: BleepingComputer

December 5th, 2024 (4 months ago)

CVE-2024-3656

Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities

Description: A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.

EPSS Score: 0.09%

Source: CVE

December 5th, 2024 (5 months ago)

White House: Salt Typhoon hacked telcos in dozens of countries

Description: Chinese state hackers, known as Salt Typhoon, have breached telecommunications companies in dozens of countries, President Biden's deputy national security adviser Anne Neuberger said today. [...]

Source: BleepingComputer

December 4th, 2024 (5 months ago)

Misconfigured WAFs Heighten DoS, Breach Risks

Description: Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack.

Source: Dark Reading

December 3rd, 2024 (5 months ago)

US shares tips to block hackers behind recent telecom breaches

Description: CISA released guidance today to help network defenders harden their systems against attacks coordinated by the Salt Typhoon Chinese threat group that breached multiple major global telecommunications providers earlier this year. [...]

Source: BleepingComputer

December 3rd, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Ladies.com - 118,809 breached accounts Description: In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down in mid-2024 and the breach later acknowledged by the site operator in December, along with a breach of the "Senior Dating" website run by the same organisation. Source: HaveIBeenPwnedLatestBreaches December 9th, 2024 (4 months ago)
	Senior Dating - 765,517 breached accounts Description: In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation. Source: HaveIBeenPwnedLatestBreaches December 9th, 2024 (4 months ago)
	Anna Jaques Hospital ransomware breach exposed data of 300K patients Description: Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 316,000 patients. [...] Source: BleepingComputer December 8th, 2024 (4 months ago)
	Blue Yonder SaaS giant breached by Termite ransomware gang Description: The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. [...] Source: BleepingComputer December 6th, 2024 (4 months ago)
	U.S. org suffered four month intrusion by Chinese hackers Description: A large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024. [...] Source: BleepingComputer December 5th, 2024 (4 months ago)
	US arrests Scattered Spider suspect linked to telecom hacks Description: U.S. authorities have arrested a 19-year-old teenager linked to the notorious Scattered Spider cybercrime gang who is now charged with breaching a U.S. financial institution and two unnamed telecommunications firms. [...] Source: BleepingComputer December 5th, 2024 (4 months ago)
CVE-2024-3656	Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities Description: A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. EPSS Score: 0.09% Source: CVE December 5th, 2024 (5 months ago)
	White House: Salt Typhoon hacked telcos in dozens of countries Description: Chinese state hackers, known as Salt Typhoon, have breached telecommunications companies in dozens of countries, President Biden's deputy national security adviser Anne Neuberger said today. [...] Source: BleepingComputer December 4th, 2024 (5 months ago)
	Misconfigured WAFs Heighten DoS, Breach Risks Description: Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack. Source: Dark Reading December 3rd, 2024 (5 months ago)
	US shares tips to block hackers behind recent telecom breaches Description: CISA released guidance today to help network defenders harden their systems against attacks coordinated by the Salt Typhoon Chinese threat group that breached multiple major global telecommunications providers earlier this year. [...] Source: BleepingComputer December 3rd, 2024 (5 months ago)