server compromised | Breaking Cybersecurity News | The Hacker News

Today, the popular Music streaming service Spotify said the company has suffered a Data breach and warned users of its Android app to upgrade it in the wake of a potential data breach in their servers. Spotify is a commercial music streaming service launched in October 2008 by Swedish start-up Spotify AB and is freely available for Android and iOS devices as well as for desktop computers with more than 40 million active users, out of which about 10 million users are its paid subscribers. It offers offline listening and ad-free playback are also available for Premium subscribers of the service. The company announced that a hacker had allegedly broken into its systems and gained unauthorized access to the internal company data. So far only one of its users' accounts has been accessed in the data breach, but the company believes that there is no harm to the financial information, payment details or password of the affected user. " Our evidence shows that only one Spot

World's largest Digital documents library 'Scribd' announced that, they were hacked in a recent attack and  hacker potentially able to compromise general user information, which includes usernames, emails, and encrypted passwords of partial database. " Even though this information was accessed, the passwords stored by Scribd are encrypted " They emailed every user whose password was potentially compromised with details of the situation and instructions for resetting their password. " Earlier this week, Scribd's Operations team discovered and blocked suspicious activity on Scribd's network that appears to have been a deliberate attempt to access the email addresses and passwords of registered Scribd users. " Scribd team said on blog post. If your account was among those affected, visit https://www.scribd.com/password/check and Check that you are one of the lucky victim or not, I got " Good news - your password was not among thos

Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate extensions. Recent incidents like  DataSpii  and the  Nigelthorn  malware attack have exposed the extent of damage that malicious extensions can inflict. In both cases, users innocently installed extensions that compromised their privacy and security. The underlying issue lies in the permissions granted to extensions. These permissions, often excessive and lacking granularity, allow attackers to exploit them. What can organizations do to protect themselves from the risks of browser extensions without barring them from use altogether (an act that would be nearly impossible to enforce)?  A new report by LayerX, "Unveiling the

The digital currency Bitcoin has suffered yet another hack. Bitcoin wallet site Instawallet has been taken offline after a security compromise, has suspended its service indefinitely. Instawallet didn't say in a notice on its website how many bitcoins were stolen after hackers fraudulently accessed company database. " The Instawallet service is suspended indefinitely until we are able to develop an alternative architecture. Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is. " Bitcoin is a virtual currency that uses a peer-to-peer system to confirm transactions through public key cryptography. The company also announced it will accept claims for individual Instawallets for the first 90 days, using the wallets' URL and key to file the claim. Clients will then be refunded the currency value if the balance is less than 50 BTC. The breach follows a series of attacks targeting bitcoin services. In Sep

Cloud note-taking service Evernote has been hacked and now you have to reset your password  imminently . A ccording to  a post on the official Evernote blog , an  unidentified attacker compromise the servers and extracted usernames, email addresses, and passwords. " Evernote's Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service. " But those passwords were encrypted, so  all users must change their password before they can log back into their account. " In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. " Evernote also said that they h ave no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed. There are also several important steps that you can take to en