Category: AI in news

Yesterday (22 Oct.) a threat actor advertised data of the French-based ISP “Free SAS” (free.fr), in a dark web forum. According to the post, the data is affecting 19.2 million customers and contains over 5.11 million IBAN numbers. It affects all Free Mobile and Freebox customers, and includes the IBANs of all 5.11 million Freebox subscribers. The data includes…

Tenable Research discovered an SMB force-authentication vulnerability in Open Policy Agent (OPA) that is now fixed in the latest release of OPA. The vulnerability could have allowed an attacker to leak the NTLM credentials of the OPA server’s local user account to a remote server, potentially allowing the attacker to relay the authentication or crack…

Clickjacking (Clickfix), also known as a “UI redress attack,” is a malicious technique where an attacker tricks a user into clicking on something different from what they perceive they are clicking on. This is often achieved by layering invisible or disguised elements over legitimate website content. For example, an attacker might place an invisible button…

Recently, we published an intel about data leakage from some U.S. local authorities. It was about two different local authorities in U.S. and was showing us how threat actors share information between them. To put it very briefly, a threat actor claimed they have data of these authorities and they captured these data with using…

A threat actor claimed they have and are selling data of two different U.S. local authorities in a dark web forum. The first one is U.S. local authority in Durango (durangoco.gov). The threat actor has claimed that another threat actor breached via a vulnerability in the website of the local authority three months ago, and…

A threat actor called “IntelBroker” posted an advertisement on a dark web forum for the sale of information stolen from Cisco. The actor claimed that the data from this breach contains sensitive information such as GitHub projects, source code, credentials, certificates, access to cloud storage buckets, and more. On October 15, 2024 Cisco released a…

A threat actor advertised 3.4 million pieces of PII data of Pakistani government website “Benazir Income Support Program Government of Pakistan” (bisp.gov.pk). The advertisement shared in a Telegram group. It was claimed that the data included information such as full address, father’s name, mobile number, gender, as can be seen below. Like this: Like Loading… Related…

Microsoft has admitted to a significant lapse in its cloud security logging, leaving customers vulnerable to undetected intrusions for over two weeks. A bug in the company’s internal monitoring system resulted in the loss of critical security logs between September 2nd and 19th. This incident affects several key Microsoft cloud products, including Entra, Sentinel, Defender…

Check out invaluable cloud security insights and recommendations from the “Tenable Cloud Risk Report 2024.” Plus, a PwC study says increased collaboration between CISOs and fellow CxOs boosts cyber resilience. Meanwhile, a report finds the top cyber skills gaps are in cloud security and AI. And get the latest on SBOMs; CIS Benchmarks; and cyber…