data breach | Breaking Cybersecurity News | The Hacker News

Staminus Communications – a California-based hosting and DDoS (Distributed Denial of Service) protection company – is recovering a massive data breach after hackers broke down into its servers and leaked personal and sensitive details of its customers. Though the company acknowledged that there was a problem in a message posted to Twitter on Thursday morning, it did not specify a data breach. Staminus's website went offline at 8 am Eastern Time on Thursday, and on Friday afternoon, a representative said in a Twitter post that "a rare event cascaded across multiple routers in a system-wide event, making our backbone unavailable." What type of information? The dump of information on Staminus' systems includes: Customer usernames Hashed passwords E-mail addresses Customer real names Customer credit card data in plain text Customer support tickets Server logs data Chat logs Source code of some of the company's services including Intreppi

Are you also the one who downloaded Linux Mint on February 20th? You may have been Infected! Linux Mint is one of the best and popular Linux distros available today, but if you have downloaded and installed the operating system recently you might have done so using a malicious ISO image. Here's why: Last night, Some unknown hacker or group of hackers had managed to hack into the Linux Mint website and replaced the download links on the site that pointed to one of their servers offering a malicious ISO images for the Linux Mint 17.3 Cinnamon Edition . "Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it," the head of Linux Mint project Clement Lefebvre said in a surprising announcement dated February 21, 2016. Who are affected? As far as the Linux Mint team knows, the issue only affects the one edition, and that is Linux Mint 17.3 Cinnamon edition. The situation happened last night, s

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

The teenage hacker, who calls himself a member of hacktivist group " Cracka with Attitude ," behind the series of hacks on the United States government and its high-level officials, including CIA director, might have finally got arrested. In a joint effort, the Federal Bureau of Investigation (FBI) and British police reportedly have arrested a 16-year-old British teenager who they believe had allegedly: Leaked the personal details of tens of thousands of FBI agents and US Department of Homeland Security (DHS) employees. Hacked into the AOL emails of CIA director John Brennan . Hacked into the personal email and phone accounts of the US spy chief James Clapper . Broke into the AOL emails of the FBI Deputy Director Mark Giuliano . Federal officials haven't yet released the identity of the arrested teenager, but the boy is suspected of being the lead hacker of Cracka With Attitude, who calls himself Cracka, the South East Regional Organised Crime Unit (SER

An unsatisfied Employee may turn into a Nightmare for you and your organization. Nowadays, installing an antivirus or any other anti-malware programs would be inadequate to beef up the security to maintain the Corporate Database. What would you do if your employee itself backstabbed you by breaching the Hypersensitive Corporate Secrets? Yes! There could be a possibility for an Internal Breach all the time. Just last year, an ex-employee stole Yandex Search Engine Source Code and tried to sell it for just $29,000 in the underground market. Over a few years, hackers have adopted various techniques ranging from Stress Attacks to Social Engineering tactics in order to gain the Classified Corporate information. Hackers Offering $23,000 for Internal Access Now hackers are rolling their dice for the next Deceptive Step to acquire Corporate Login Details of Irish Apple Employees in exchange of 20,000 Euro ( $23,000 USD ). The current situation is being faced

An unknown hacker who promised to release the personal information on government employees has dump online a list of nearly 20,000 Federal Bureau of Investigation (FBI) agents and 9,000 Department of Homeland Security (DHS) officers. Though the authenticity of the information has not been verified, at least, some of the leaked data appears to be legitimate. Here's What the Hacker Leaked: The hacker leaked first round of data belonging to roughly 9,000 DHS employees on Sunday, which was followed by the release of 20,000 FBI agents information on Monday. The hacker, who goes on Twitter by the username of @DotGovs , published the supposed data on an encrypted text-sharing website, including: Names Job titles Phone numbers Email addresses The Reason Behind the Hack The message at the top of the data dump includes the hashtag " #FreePalestine " and reads "Long Live Palestine, Long Live Gaza: This is for Palestine, Ramallah, West Bank,

The majority of Internet users are vulnerable to cyber threats because of their own weaknesses in setting up a strong password. But, are end-users completely responsible for choosing weak passwords? Give a thought. Recently we wrote an article revealing the list of Worst Passwords of 2015 that proved most of us are still using bad passwords, like ' 123456 ' or ' password ,' to secure our online accounts that when breached could result in critical information loss. If the end-user is to blame for weak password security, then the solution is to educate each and every Internet user to follow the best password security practice. But is that really possible? Practically, No. Even after being aware of best password security measures, do we really set strong passwords for every website? I mean EVERY. Ask yourself. Who's Responsible for allowing Users to Set a Weak Password? It's the websites and their developers, who didn't enforce a

IT security firm Trustwave has been sued by a Las Vegas-based casino operator for conducting an allegedly "woefully inadequate" investigation following a network breach of the casino operator's system. Affinity Gaming , an operator of 5 casinos in Nevada and 6 elsewhere in the United States, has questioned Trustwave's investigation for failing to shut down breach that directly resulted in the theft of credit card data, allowing credit card thieves to maintain their foothold during the investigation period. The lawsuit, filed in the US District Court in Nevada, is one of the first cases of its kind where a client challenges a cyber security firm over the quality of its investigation following a hacking attack. Casino Sued an IT Security Firm Affinity Gaming said it hired Trustwave in late 2013 to analyze and clean up computer network intrusions that allowed attackers to obtain its customers' credit card data. It was reported that the details

BREAKING: A misconfigured database has resulted in the exposure of around 191 Million voter records including voters' full names, their home addresses, unique voter IDs, date of births and phone numbers. The database was discovered on December 20th by Chris Vickery , a white hat hacker, who was able to access over 191 Million Americans' personal identifying information (PII) that are just sitting in the public to be found by anyone looking for it. Vickery is the same security researcher who uncovered personal details of 13 Million MacKeeper users two weeks ago, which included names, email addresses, usernames, password hashes, IP addresses, phone numbers, and system information. However, the recent discovery made him shocked when he saw his own information in the database, according to DataBreaches.net, whom the researcher contacted and provided all the details about his finding. 300GB Trove of Voters' Information Leaked Vickery has his hands on all

Hyatt Hotels Corporation is notifying its customers that credit card numbers and other sensitive information may have been stolen after it found malware on the computers that process customer payments. "We recently identified malware on computers that operate the payment processing systems for Hyatt-managed locations," the company announced on Wednesday. "As soon as we discovered the activity, we launched an investigation and engaged leading third-party cyber security experts." What type of information? The company didn't confirm whether the attackers succeeded in stealing payment card numbers, neither it say how long its network was infected or how many hotel chains were affected in the malware attack. But as the payment processing system was infected with credit-card-stealing malware, there is a possibility that hackers may have stolen credit card numbers and other sensitive information. What happened? Hyatt spokeswoman Stephanie Sheppard

Ever wonder how to hack Instagram or how to hack a facebook account? Well, someone just did it! But, remember, even responsibly reporting a security vulnerability could end up in taking legal actions against you. An independent security researcher claims he was threatened by Facebook after he responsibly revealed a series of security vulnerabilities and configuration flaws that allowed him to successfully gained access to sensitive data stored on Instagram servers , including: Source Code of Instagram website SSL Certificates and Private Keys for Instagram Keys used to sign authentication cookies Personal details of Instagram Users and Employees Email server credentials Keys for over a half-dozen critical other functions However, instead of paying him a reward, Facebook has threatened to sue the researcher of intentionally withholding flaws and information from its team. Wesley Weinberg , a senior security researcher at Synack, participated in Facebook's b

MacKeeper anti-virus company is making headlines today for its lax security that exposed the database of 13 Million Mac users' records including names, email addresses, usernames, password hashes, IP addresses, phone numbers, and system information. MacKeeper is a suite of software that claims to make Apple Macs more secure and stable, but today the anti-virus itself need some extra protection after a data breach exposed the personal and sensitive information for Millions of its customers. The data breach was discovered by Chris Vickery , a white hat hacker who was able to download 13 Million customer records by simply entering a selection of IP addresses, with no username or password required to access the data. 21 GB Trove of MacKeeper Customer Data Leaked 31-year-old Vickery said he uncovered the 21 GB trove of MacKeeper customer data in a moment of boredom while searching for openly accessible databases on Shodan – a specialized search engine that looks fo

In the most surprising manner, the Chinese government said it arrested criminal hackers behind the massive cyber attack on US Office of Personnel Management (OPM) earlier this year, dismissing its involvement. Three months back, we reported that China arrested a handful of hackers within its borders who were suspected of allegedly stealing commercial secrets from US companies. The arrests took place shortly before China President Xi Jinping visited the United States in September 2015 when both heads of states agreed that neither side will participate in commercial espionage against one another. China: Cyber Criminals Hacked OPM, Not Government Spies Now, those suspected hackers have turned out to be the ones in connection with the OPM hack that resulted in the theft of personal details of more than 21 Million United States federal employees, including 5.6 Million federal employees' fingerprints . Citing an " investigation ", the Chinese governme

Earlier this month, a massive data breach at VTech – the maker of tablets and gadgets aimed at children – exposed the personal details of about 4.8 Million parents and photos of more than 200,000 Children. If that was not bad enough… …it turns out that the massive cyber attack against the toymaker company also left hundreds of thousands of snaps of parents and children , as well as a year worth of chat logs kept online in a way easily accessible to hackers. VTech Data Breach In a statement released Monday, the toymaker company VTech said the hacked database included victim's profile information including: Customers' names Email addresses Passwords ( One-way encrypted using MD5 hash that can be cracked in no time ) Secret questions and answers for password retrieval IP addresses Residential addresses Download history The database also included information on children including names, genders and date of births. Also Read: Caution! Hackers Ca

The fight to protect your company's data isn't for the faint of heart. As an embattled IT warrior, with more systems, apps, and users to support than ever before, keeping everything up and running is a battle in itself. When it comes to preventing the worst-case scenario from happening, you need all the help you can get, despite your super-hero status. According to SANS, there are 6 key phases of an incident response plan. Preparation - Preparing users and IT to handle potential incidents in case they happen Identification - Figuring out what we mean by a "security incident" (which events can we ignore vs. which we must act on right now?) Containment - Isolating affected systems to prevent further damage Eradication - Finding and eliminating the root cause (removing affected systems from production) Recovery - Permitting affected systems back into the production environment (and watching them closely) Lessons Learned - Writing everything down and reviewing an