Experts Comments: Data Leak of 2.5 Million Customers Of Cosmetics Giant Yves Rocher

Encryption expert NJ hospital patient data breach

Cosmetics giant Yves Rocher is warning that a major data leak exposed the personal data of millions of its customers and sensitive internal company information to the public. The data exposure stems from a database left unprotected by a third-party consultant to the firm. Researchers with vpnMentor on Monday said that they discovered an unprotected Elasticsearch […]

Fraudsters Exploit New Online Security Checks With Phishing Attacks

High Risk Ransomware

Scammers are mimicking new security measures designed to keep you safe online, by sending fake emails that attempt to steal your banking credentials and personal data.  Banks, card providers and retailers across the EU are asking customers to provide up-to-date contact information, as part of new checks for online card payments known as strong customer […]

Exposed Data From Mastercard Loyalty Scheme Breach Now Online

It has been reported that a database containing sensitive information of about 90,000 German Mastercard “Priceless Specials” loyalty program members shared online following a breach discovered on August 20 was added to data breach site Have I Been Pwned on September 1. MasterCard has notified German and Belgium regulators of a data breach affecting customers of its ‘Priceless […]

These Phishing Techniques Bypass Two-Factor Authentication

Security professionals are quick to laud Two-Factor Authentication (or 2FA) and think their organization is protected from common schemes like credential stealing or login theft just by having it in place. But 2FA can be intercepted by hackers in multiple ways and fail to protect against numerous other types of phishing threats including scareware, social […]

Cracked Passwords For Millions Of Poshmark Accounts Being Sold Online

BYOD Advice for CIOs

Dehashed login details for customers of Poshmark, an online marketplace for buying and selling used clothes and accessories, have been circulating online following the data breach a few months ago. At the beginning of the year, Poshmark announced that it had 40 million community members. According to data breach platform Have I Been Pwned, login details […]

SharePoint Sites Hacked To Bypass Secure Email Gateways

Phishers behind a new campaign have switched to using compromised SharePoint sites and OneNote documents to redirect potential victims from the banking sector to their landing pages. The attackers take advantage of the fact that the domains used by Microsoft’s SharePoint web-based collaborative platform are almost always overlooked by secure email gateways which allows their phishing […]

Public Transport Apps Hacked

Mobile phone train apps used in major cities in Britain could be manipulated to create free tickets and defraud operators, it has emerged, after activists hacked two public transport apps. The hackers, who claimed they were campaigning for public transport to be free, said they were able to use the First Bus app and Manchester’s Metrolink […]

Cybercriminals Use AI To Impersonate Chief Exec’s Voice

Human Factor of Targeted Attacks

Scammers leveraged artificial intelligence software to mimic the voice of a chief executive and successfully request $243,000. As part of an incident in March, an attacker called the CEO of a UK-based energy business pretending to be the head of its German parent company. Analysts believe AI-based software was used to impersonate the chief executive’s […]