Microsoft SharePoint RCE bug exploited to breach corporate network
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. [...]
Stay informed on the latest data breach incidents and security breaches. Protect your information with our up-to-date breach news and analysis.
Search across headline titles and summaries.
Background for this topic.
Breach means unauthorized access to a computer system or network that exposes or steals sensitive data like personal details, passwords, or proprietary information. Attackers often exploit software flaws, weak passwords, or social engineering to gain entry. Breaches can also result from insiders misusing access or accidental data exposure.
Understanding breaches is crucial because they reveal weaknesses in security controls and can lead to data theft or operational disruption. Effective defenses include promptly patching vulnerabilities, enforcing strong authentication, and segmenting networks to limit attacker movement. Detecting breaches quickly through monitoring and logging helps contain damage and guide targeted remediation efforts to secure affected systems and data.
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. [...]
The large-scale operation took advantage of open repositories, hardcoded credentials in source code, and other cloud oversights.
The Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing authorities in the United States, confirmed that a cyberattack hit its IT network after recent breach claims from the Cactus ransomware gang. [...]
Breaches Often Have Harmful, Under-Acknowledged 'Ripple Effect' on Victims' LivesToo many breached organizations fail to acknowledge the detrimental impact their mishandling of people's personal data can have on affected individuals, and to treat victims with the "empathy" they deserve, said the U.K.'s privacy watchdog, the Information Commissioner's Office.
Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code
Also: Breaches at OnePoint Patient Care and French ISP FreeThis week: S&P said poor material vulnerability remediaton can be a material risk factor, OnePoint in the United States and French ISP Free suffered data breaches, a Russian court sentenced REvil members, Five Eyes published security guidelines for small businesses.
Colorado Laboratory Already Facing Several Proposed Class Action Breach LawsuitsA Colorado-based pathology laboratory is notifying more than 1.8 million patients that their sensitive information was compromised in an April hack, one of the largest breaches reported by a medical testing lab to U.S. federal regulators to date. Ransomware gang Medusa is blamed for the attack.
EMERALDWHALE breach allowed access to over 10,000 repositories and resulted in the theft of more than 15,000 cloud service credentials
ITRC data finds 81% of US small businesses have suffered a data or security breach over the past year
Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online. [...]
Insight Partners-Led Round Boosts US Growth, Fuels Threat Intelligence for FiligranFiligran’s $35 million Series B funding, led by Insight Partners, positions the company to scale its threat intelligence and proactive security capabilities while expanding its U.S. footprint. Plans include doubling the engineering team and strengthening breach and attack simulation capabilities.
With a lack of cybersecurity awareness training resources for all employees, organizations are more susceptible to being breached or falling short when it comes to preventing threats.
Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information.
In the latest attack against ISPs, second-largest French provider Free fell victim to unknown cyberattackers who attempted to sell the compromised data it stole from the company on an underground cybercrime forum.
Free, a major internet service provider (ISP) in France, confirmed over the weekend that hackers breached its systems and stole customer personal information. [...]
Strategies for Safeguarding Data and Reputation at Financial InstitutionsIn today's increasingly digital world, trust isn't always easy to come by. Businesses no longer have complete control over their technology stack. Instead, they rely heavily on third-party solutions, applications and products to keep operations running smoothly. But those third parties pose risks.
The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States. [...]
Fog and Akira ransomware operators have increased their exploitation efforts of CVE-2024-40766, a critical access control flaw that allows unauthorized access to resources on the SSL VPN feature of SonicWall SonicOS firewalls. [...]