CyberAlerts

Description: Alleged Data Breach of WooCommerce

Source: DarkWebInformer

April 9th, 2025 (9 days ago)

Oracle Appears to Admit Breach of 2 'Obsolete' Servers

Description: The database company said its Oracle Cloud Infrastructure (OCI) was not involved in the breach. And at least one law firm seeking damages is already on the case.

Source: Dark Reading

April 9th, 2025 (9 days ago)

Oracle says "obsolete servers" hacked, denies cloud breach

Description: Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as "two obsolete servers." [...]

Source: BleepingComputer

April 9th, 2025 (9 days ago)

Qraved - 984,519 breached accounts

Description: In July 2021, the Indonesian restaurant website Qraved suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 1M unique email addresses along with names, phone numbers, dates of birth and passwords stored as MD5 hashes.

Source: HaveIBeenPwnedLatestBreaches

April 9th, 2025 (9 days ago)

CentreStack RCE exploited as zero-day to breach file sharing servers

Description: Hackers exploited a vulnerability in Gladinet CentreStack's secure file-sharing software as a zero-day since March to breach storage servers [...]

Source: BleepingComputer

April 9th, 2025 (9 days ago)

US banking regulator reports on ‘major’ cyber incident involving senior officials’ emails

Description: The U.S. Office of the Comptroller of the Currency told Congress that a breach of its email systems reported in February involved "highly sensitive information" in the accounts of high-ranking officials.

Source: The Record

April 9th, 2025 (9 days ago)

Germany links cyberattack on research group to Russian state-backed hackers

Description: The German Association for Eastern European Studies (DGO) said the attack at the end of March targeted email systems, bypassing security measures put in place after another recent breach with suspected Russian links.

Source: The Record

April 9th, 2025 (9 days ago)

Stronger Cloud Security in Five: The Importance of Cloud Configuration Security

Description: Mismanaging configurations in your multi-cloud environment can put you at an elevated risk for cyber attacks. In the first installment of our “Stronger Cloud Security in Five” blog series, we outline five best practices for boosting your cloud configuration management.A misconfigured web application firewall. A publicly accessible and unprotected cloud database. An overprivileged user identity. Lax access control to containers. Unchanged default credentials.Those are just some of the many configuration oversights and mistakes that attackers can leverage to breach your cloud environment, hijack user accounts, steal data and more. In addition, having misconfigured cloud resources puts your organization on the wrong side of regulatory compliance, and thus open to costly penalties, fines and litigation. In a vacuum, it would seem simple to button up most cloud misconfigurations. Surely, we can all agree that leaving an Amazon Web Services (AWS) Simple Storage Service (S3) storage bucket open to anyone on the internet is a no-no. Yet, the “Tenable Cloud Risk Report 2024,” based on an analysis of millions of cloud resources scanned through the Tenable Cloud Security platform, found that 74% of organizations have publicly exposed cloud storage.The reality is that cloud misconfigurations are prevalent. In fact, misconfigurations and inadequate change controls ranked first on the Cloud Security Alliance’s “Top Threats to Cloud Computing 2024" report. “Given a cloud’s persistent net...

Source: Tenable Blog

April 9th, 2025 (10 days ago)

Oracle Sends “Not a Breach” Notices to Customers Following Data Exposure

Description: Oracle has begun quietly notifying customers of a recent cybersecurity incident — while simultaneously denying it qualifies as a data breach. The notices, a sample of which was leaked by security researcher Kevin Beaumont on BlueSky, mark the first formal communication from the tech giant to customers impacted by the leak of millions of records … The post Oracle Sends “Not a Breach” Notices to Customers Following Data Exposure appeared first on CyberInsider.

Source: CyberInsider

April 9th, 2025 (10 days ago)

Alleged Data Breach of Philippines PII

Description: Alleged Data Breach of Philippines PII

Source: DarkWebInformer

April 8th, 2025 (10 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Alleged Data Breach of WooCommerce Description: Alleged Data Breach of WooCommerce Source: DarkWebInformer April 9th, 2025 (9 days ago)
	Oracle Appears to Admit Breach of 2 'Obsolete' Servers Description: The database company said its Oracle Cloud Infrastructure (OCI) was not involved in the breach. And at least one law firm seeking damages is already on the case. Source: Dark Reading April 9th, 2025 (9 days ago)
	Oracle says "obsolete servers" hacked, denies cloud breach Description: Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as "two obsolete servers." [...] Source: BleepingComputer April 9th, 2025 (9 days ago)
	Qraved - 984,519 breached accounts Description: In July 2021, the Indonesian restaurant website Qraved suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 1M unique email addresses along with names, phone numbers, dates of birth and passwords stored as MD5 hashes. Source: HaveIBeenPwnedLatestBreaches April 9th, 2025 (9 days ago)
	CentreStack RCE exploited as zero-day to breach file sharing servers Description: Hackers exploited a vulnerability in Gladinet CentreStack's secure file-sharing software as a zero-day since March to breach storage servers [...] Source: BleepingComputer April 9th, 2025 (9 days ago)
	US banking regulator reports on ‘major’ cyber incident involving senior officials’ emails Description: The U.S. Office of the Comptroller of the Currency told Congress that a breach of its email systems reported in February involved "highly sensitive information" in the accounts of high-ranking officials. Source: The Record April 9th, 2025 (9 days ago)
	Germany links cyberattack on research group to Russian state-backed hackers Description: The German Association for Eastern European Studies (DGO) said the attack at the end of March targeted email systems, bypassing security measures put in place after another recent breach with suspected Russian links. Source: The Record April 9th, 2025 (9 days ago)
	Stronger Cloud Security in Five: The Importance of Cloud Configuration Security Description: Mismanaging configurations in your multi-cloud environment can put you at an elevated risk for cyber attacks. In the first installment of our “Stronger Cloud Security in Five” blog series, we outline five best practices for boosting your cloud configuration management.A misconfigured web application firewall. A publicly accessible and unprotected cloud database. An overprivileged user identity. Lax access control to containers. Unchanged default credentials.Those are just some of the many configuration oversights and mistakes that attackers can leverage to breach your cloud environment, hijack user accounts, steal data and more. In addition, having misconfigured cloud resources puts your organization on the wrong side of regulatory compliance, and thus open to costly penalties, fines and litigation. In a vacuum, it would seem simple to button up most cloud misconfigurations. Surely, we can all agree that leaving an Amazon Web Services (AWS) Simple Storage Service (S3) storage bucket open to anyone on the internet is a no-no. Yet, the “Tenable Cloud Risk Report 2024,” based on an analysis of millions of cloud resources scanned through the Tenable Cloud Security platform, found that 74% of organizations have publicly exposed cloud storage.The reality is that cloud misconfigurations are prevalent. In fact, misconfigurations and inadequate change controls ranked first on the Cloud Security Alliance’s “Top Threats to Cloud Computing 2024" report. “Given a cloud’s persistent net... Source: Tenable Blog April 9th, 2025 (10 days ago)
	Oracle Sends “Not a Breach” Notices to Customers Following Data Exposure Description: Oracle has begun quietly notifying customers of a recent cybersecurity incident — while simultaneously denying it qualifies as a data breach. The notices, a sample of which was leaked by security researcher Kevin Beaumont on BlueSky, mark the first formal communication from the tech giant to customers impacted by the leak of millions of records … The post Oracle Sends “Not a Breach” Notices to Customers Following Data Exposure appeared first on CyberInsider. Source: CyberInsider April 9th, 2025 (10 days ago)
	Alleged Data Breach of Philippines PII Description: Alleged Data Breach of Philippines PII Source: DarkWebInformer April 8th, 2025 (10 days ago)