Smart billboards
October 12, 2023
•[ hack, misconfiguration, technology ]
For a few minutes, threat actors access two smart billboards in the Holon settlement near Tel Aviv and manage to switch the commercials into anti-Israeli, pro-Hamas footage.
Individuals in Israel
October 8, 2023
•[ hack, misconfiguration, technology ]
AnonGhost exploits an API vulnerability in the RedAlert app, which provides real-time rocket alerts for Israelis, to intercept requests, expose vulnerable servers and APIs, and send spam messages to some users of the app, including fake messages about a "nuclear bomb"
Auto Club Trust
October 6, 2023
•[ financial, misconfiguration, finance ]
Auto Club Trust files notice describing a third-party data breach related to the file-transfer program MOVEit.
Russian branch of the Red Cross
October 4, 2023
•[ hack, misconfiguration, healthcare ]
The pro-Ukrainian hacker group Hdr0 defaces the website of the Russian branch of the Red Cross, replacing the content of the main page with its own message.
BeyondTrust
October 2, 2023
•[ hack, misconfiguration, technology ]
BeyondTrust reveals to have detected an identity-centric attack on an in-house Okta administrator account
Zscaler
October 1, 2023
•[ hack, misconfiguration, technology ]
Zscaler says that they discovered an exposed "test environment" that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company's systems.
1Password
September 29, 2023
•[ hack, misconfiguration, technology ]
1Password, a popular password management platform used by over 100,000 businesses, suffers a security incident after hackers gained access to its Okta ID management tenant.
OpenSea
September 23, 2023
•[ leak, misconfiguration, finance ]
A third-party security incident may have reportedly exposed user information of NFT marketplace OpenSea, including API keys.
Nansen
September 22, 2023
•[ leak, misconfiguration, technology ]
Ethereum blockchain analytics firm Nansen asks a subset of its users to reset passwords following a recent data breach at its authentication provider.
Johnson Financial Group
September 22, 2023
•[ financial, misconfiguration, finance ]
Johnson Financial Group files a notice of data breach after discovering that the vulnerability in the file-transfer application MOVEit allowed attackers to access the personal information of more than 750,000 people.
United HealthCare Services
September 7, 2023
•[ hack, misconfiguration, finance ]
United Healthcare Services files a notice of data breach involving "Unauthorized Access/Disclosure'' of sensitive information that was being stored on an affected network server.
University of Sydney
August 31, 2023
•[ leak, misconfiguration, education ]
The University of Sydney (USYD) announces that a breach at a third-party service provider exposed personal information of recently applied and enrolled international applicants.
Sourcegraph
August 31, 2023
•[ leak, misconfiguration, technology ]
AI-powered coding platform Sourcegraph reveals that its website was breached this week using a site-admin access token accidentally leaked online on July 14th.
Unknown Organization
August 31, 2023
•[ hack, misconfiguration, government ]
The department of health for Hawai?i (healthybydefault.hawaii.gov) is defaced.
Planet Home Lending
August 31, 2023
•[ leak, misconfiguration, finance ]
Planet Home Lending files a notice of data breach after discovering that files containing personally identifiable information of some customers were compromised as a result of the MOVEit vulnerability.
Italian region of Lazio
August 28, 2023
•[ hack, misconfiguration, government ]
A subdomain of the Italian region of Lazio (salute.lazio.it) is compromised to serve adult content.
Forever 21
August 28, 2023
•[ hack, misconfiguration, retail ]
Forever 21 clothing and accessories retailer sends data breach notifications to more than half a million individuals who had their personal information exposed to network intruders.
Data Media Associates
August 23, 2023
•[ hack, misconfiguration, technology ]
Data Media Associates files a notice of data breach after discovering that an unauthorized party was able to access confidential consumer information stored on the MOVEit platform.
University of Massachusetts Chan Medical School (UMass Chan)
August 15, 2023
•[ leak, misconfiguration, education ]
University of Massachusetts Chan Medical School (UMass Chan) posts a website notice describing a data breach impacting 134,000 users and resulting from the organization's use of MOVEit.
Alogent Holdings
August 14, 2023
•[ hack, misconfiguration, technology ]
Alogent Holdings files a notice of data breach related to an incident occurred exploiting the vulnerability in MOVEit, resulting in an unauthorized party being able to access consumers' sensitive information, which includes their names, account and routing numbers, addresses, phone numbers, check payees and remittance amounts.
