vk.com | Breaking Cybersecurity News | The Hacker News

Another Day, Another Data Breach! And this time, it's worse than any recent data breaches. Why? Because the data breach has exposed plaintext passwords, usernames, email addresses, and a large trove of other personal information of more than 6.6 Million ClixSense users. ClixSense, a website that claims to pay users for viewing advertisements and completing online surveys, is the latest victim to join the list of " Mega-Breaches " revealed in recent months, including LinkedIn , MySpace , VK.com , Tumblr , and Dropbox . Hackers are Selling Plaintext Passwords and Complete Website Source Code More than 2.2 Million people have already had their personal and sensitive data posted to PasteBin over the weekend. The hackers who dumped the data has put another 4.4 Million accounts up for sale. In addition to un-hashed passwords and email addresses, the dump database includes first and last names, dates of birth, sex, home addresses, IP addresses, payment histories,...

T-Mobile is the latest in the list of recent high-profile data breaches, though this time the breach is not carried out by "Peace" - the Russian hacker who was behind the massive breaches in some popular social media sites including LinkedIn , MySpace , Tumblr , and VK.com . Instead, one of the T-Mobile's employees stole more than 1.5 Million customer records at the T-Mobile Czech Republic in order to sell it on for a profit, according to local media , MF DNES. Yes, the customer service staff member tried to sell the T-Mobile customer marketing database, though it is not clear that how much of names, e-mail addresses, account numbers and other personal data of over 1.5 Million customers the database contained. The T-Mobile Czech Republic has also refused to provide any "additional specific information" about what data was leaked, due to an ongoing police investigation. Although the company assured its customers that the stolen database did not contai...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...

Is Google or Facebook evil? Forget it! Russian nerds have developed a new Face Recognition technology based app called FindFace , which is a nightmare for privacy lovers and human right advocates. FindFace is a terrifyingly powerful facial recognition app that lets you photograph strangers in a crowd and find their real identity by connecting them to their social media accounts with 70% success rate, putting public anonymity at risk. The FindFace app was launched two months ago on Google Play and Apple's App Store and currently has 500,000 registered users and processed nearly 3 Million searches, according to its co-founders, 26-year-old Artem Kukharenko, and 29-year-old Alexander Kabakov. According to The Guardian , FindFace uses image recognition technology to compare faces against profile pictures on Vkontakte, a very popular social networking site in Russia that has over 200 Million users. Besides showing the social media account of the one you are searching for, FindF...