AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data
Third-party contractor compromise exposed health information and insurance billing passwords
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Third-party contractor compromise exposed health information and insurance billing passwords
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching
'Malicious Server Threat Model' Threatens 'Zero Knowledge Encryption' GuaranteesClaims by leading stand-alone password managers that their implementation of "zero knowledge encryption" means stored passwords can withstand the worst of hacker assaults are vastly overblown, say academic security researchers. They said vendors are in the process of patching the flaws they found.
As machine identities explode across cloud environments, enterprises report dramatic productivity gains from eliminating static credentials. And only legacy systems remain the weak link
Vendor pulls plug on cloud backup feature, urges admins to reset passwords and re-secure devices SonicWall is telling some customers to reset passwords after attackers broke into its cloud backup service and accessed firewall configuration data.…
Researcher: Internal Data Belonging to World’s Largest Lender Exposed on AWSNavy Federal, the world’s largest credit union, left hundreds of gigabytes of internal backup files exposed on Amazon’s cloud storage service, says cybersecurity researcher Jeremiah Fowler. Exposed data included email addresses, hashed passwords and what appeared to be internal system data.
Semperis CEO Mickey Bresman: AD’s Technical Debt Makes It a Prime Cyber TargetFrom weak service account passwords to sync gaps with cloud platforms, Active Directory’s age is showing. Semperis CEO Mickey Bresman says organizations still underestimate how central AD is to their threat landscape - and the difficulty of fixing what’s been built over decades.
The multi-cloud data warehousing platform said it will completely phase out single factor authentication with passwords by November 2025
Nastyware seeks creds, mines crypto, and plants ransomware that isnt deployed - for now? An unknown attacker is exploiting weak passwords to break into Oracle WebLogic servers and deploy an emerging Linux malware called Hadooken, according to researchers from cloud security outfit Aqua.…
Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power
Cloud storage firm DropBox says hackers breached production systems for its DropBox Sign eSignature platform and gained access to authentication tokens, MFA keys, hashed passwords, and customer information. [...]
Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development. [...]
Warning: Poorly configured Google Cloud databases spill billing info, plaintext credentials At least 900 websites built with Google's Firebase, a cloud database, have been misconfigured, leaving credentials, personal info, and other sensitive data inadvertently exposed to the public internet, according to security researchers.…
Passkeys help do away with passwords for logging into websites and cloud services. This Tech Tip outlines ways to get started.
A new security flaw has been disclosed in the Google Cloud Platform's (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data
Secureframe launches Secureframe Trust to empower businesses to showcase a strong security posture.
The Google Authenticator app has received a critical update for Android and iOS that allows users to back up their two-factor authentication one-time passwords (OTPs) to their Google Accounts and have multi-device support. [...]
Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud
Last month Tech Crunch reported that payment terminal manufacturer Wiseasy had been hacked. Although Wiseasy might not be well known in North America, their Android-based payment terminals are widely used in the Asia Pacific region and hackers managed to steal passwords for 140,000 payment terminals
Cloud communications giant Twilio, the owner of the highly popular two-factor authentication (2FA) provider Authy, says that it has so far identified 125 customers who had their data accessed during a security breach discovered last week. [...]