McGraw-Hill confirms data breach following extortion threat
Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. [...]
Not every cloud breach starts with malware or a zero-day. In this incident, attackers discovered an exposed Spring Boot Actuator endpoint, harvested credentials from leaked configuration data, then used the OAuth2 Resource Owner Password Credentials (ROPC) flow to authenticate without MFA.
Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud environments of Fortune 500 companies and security vendors. [...]
Mapping Platform Exposed Addresses and Medical Assistance PlansThe Illinois Department of Human Services is notifying more than 700,000 individuals of a breach involving "incorrect privacy settings" left in place for several year that exposed online data pertaining to Medicare, Medicaid and rehabilitation services recipients.
61% of security leaders reported suffering a breach due to failed or misconfigured controls over the past 12 months. This is despite having an average of 43 cybersecurity tools in place
A misconfigured tracking tool has exposed protected health information of 4.7 million Blue Shield members to Google Ads
Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps — like a misconfigured pipeline, a trusted browser feature,
Settlement Is 5th HIPAA Enforcement Action Under HHS's OCR Risk Analysis InitiativeAn Illinois-based firm that provides fitness and wellness plans to clients throughout the U.S. has agreed to pay federal regulators a settlement of nearly $228,000 and implement a corrective action plan following an IT misconfiguration incident caused several breaches in late 2018 and early 2019.
Hackers exploited AWS misconfigurations, leaking 2TB of sensitive data, including customer information, credentials and proprietary source code
Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack.
EMERALDWHALE breach allowed access to over 10,000 repositories and resulted in the theft of more than 15,000 cloud service credentials
CorrectCare to Settle Lawsuit After 'Inadvertently' Exposing PHI on Web for MonthsA misconfigured web server and the exposure of sensitive information for nearly 600,000 prison inmates in 2022 will cost medical claims processing company CorrectCare $6.49 million to settle a consolidated proposed class action lawsuit, according to court records.
The data leak exposed personal data of 100m US citizens, resulting from a misconfigured database made accessible online
CloudSek said the RansomEXX breach occurred via a misconfigured Jenkins server at Brontoo Technology
A Thales report found that 44% of organizations have experienced a cloud data breach, with human error and misconfigurations the leading root causes
A scathing report by Australia's Information Commissioner details how misconfigurations and missed alerts allowed a hacker to breach Medibank and steal data from over 9 million people. [...]
Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign
Irony alerts: Open Web Application Security Project Foundation suffers lapse A misconfigured MediaWiki web server allowed digital snoops to access members' resumes containing their personal details at the Open Web Application Security Project (OWASP) Foundation.…
The OWASP Foundation has disclosed a data breach after some members' resumes were exposed online due to a misconfiguration of its old Wiki web server. [...]
Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration. [...]