LATEST POST
North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
The Hunton Andrews Kurth law firm has posted a summary of new law in North Dakota that affects financial corporations: On April 11, 2025, the North Dakota governor signed H.B. 1127 (the “Act”), which establishes new data security measures and breach notification obligations for financial corporations. Covered entities include those that are regulated by the North Dakota […]
Crooks fleece The North Face accounts with recycled logins
The Register reports: Joining the long queue of retailers dealing with cyber mishaps is outdoorsy fashion brand The North Face, which says crooks broke into some customer accounts using login creds pinched from breaches elsewhere. According to a consumer notice filed with the Vermont Attorney General’s Office, the outdoor gear seller spotted unusual activity on […]
Update Chrome NOW — zero-day bug is being exploited in the wild by hackers
Tom’s Guide reports: Google has issued an emergency security update patch for Chrome in order to fix three security issues including one zero-day bug that has been actively exploited in the wild by hackers. This makes it the third active vulnerability to be patched via emergency update since the start of the year, with two others occurring in March […]
Pro-Russian, anti-Israeli hackers pose biggest cybercrime threats in Germany
It may not seem inuitively obvious to many people, but Reuters reports that cybercrime in Germany rose to a record level last year, driven by hacker attacks from pro-Russian and anti-Israeli groups. Some 131,391 cases of cybercrime took place in Germany last year and a further 201,877 cases were committed from abroad or an unknown […]
Cartier latest luxury brand hit by consumer data breach
The Korea Times reports: Luxury jewelry brand Cartier has confirmed a breach of customer data, raising concerns over data security among high-end brands following recent incidents involving Dior and Tiffany. The company sent out an email Tuesday informing its customers that an “unauthorized third party” accessed its systems temporarily and obtained certain customer information. While […]
Security bug at compliance firm Vanta exposed customer data to other users
TechRadar reports: Security and compliance automation company Vanta has confirmed sharing sensitive customer data with other customers by mistake. In a statement (via TechCrunch), the company said a change it had made in the code resulted in a security breach. In it, some sensitive data from a small subset of customers was shared with other customers. […]
Hackers Weaponize Free SSH Client PuTTY to Deliver Malware on Windows
GBHackers reports: OpenSSH has become a standard tool for secure remote management on both Linux and Windows systems. Since its inclusion as a default component in Windows 10 version 1803, attackers have increasingly exploited its presence, leveraging it as a “Living Off the Land Binary” (LOLBIN). This means adversaries use trusted system tools ssh.exe to evade detection […]
0day for vBulletin: PoC is already online, but no one is installing the patch
When criminals note that there is an unpatched vulnerability, expect more attacks to follow. A Russian-language forum recently picked up a report from SecurityLab.ru. It begins (translation): Popular forums on vBulletin have once again been found to have holes through which arbitrary code can be executed directly on the server – without a login and […]