A threat actor claims to have breached Link3, a major IT solutions and internet service provider based in Bangladesh. The data has been put up for sale on a dark web forum. According to the forum post: Link3 is the largest ISP in the country by active subscribers, offering essential …
Read More »
Security researcher Jeremiah Fowler discovered a database containing sensitive information from gym customers and staff, including names, financial details, and possible phone call, left unencrypted and unprotected. Jeremiah Fowler claims he discovered the wide-open AWS repository managed by HelloGym in late July. The database was open for a week, and …
Read More »
Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance. The company states that it was one of hundreds of companies affected by a supply-chain attack disclosed last week, in …
Read More »
A new Android malware called SikkahBot is targeting students in Bangladesh by pretending to be official apps from the Bangladesh Education Board. Cyble Research and Intelligence Labs (CRIL) found that this malware has been active since July 2024. According to CRIL, the SikkahBot malware is distributed through shortened URLs, including …
Read More »
Storm-0501 has erased data and backups after stealing information from a victim’s Microsoft Azure environment in a new cloud based ransomware attack. Microsoft Threat Intelligence recently provided details of the tactics deployed by the actor tracked as Storm-0501 in a blog published on August 27. Sherrod DeGrippo, director of Microsoft …
Read More »
A significant security vulnerability has been discovered in Microsoft’s Copilot for M365 that allowed users, including potential malicious insiders, to access and interact with sensitive files without leaving any record in the official audit logs. After patching the flaw, Microsoft has reportedly decided against issuing a formal CVE or notifying …
Read More »
Cybersecurity researcher Jeremiah Fowler found an unprotected database with 957,434 records belonging to an Ohio organization that assists people in obtaining certified medical marijuana cards. The database contained personal information, including PII, driver’s licenses, medical records, Social Security numbers, and other sensitive data. The publicly exposed databases were not password-protected …
Read More »
Researchers have identified a new Crypto24 ransomware campaign, which they describe as a “dangerous evolution” in cybersecurity threats. According to Trend Micro researchers, recent attacks by Crypto24 actors display a combination of advanced evasion techniques and custom tools that can disable EDR solutions — including Trend Micro’s own Vision One …
Read More »
UK telecoms company Colt suffered a cyberattack by the Warlock ransomware gang. The attack began on Tuesday, 12th August, around 11 am BST, initially reported as a technical issue. By Thursday, 14th August, Cold announced they were addressing a cyber incident affecting Colt Technology Services, including hosting, porting services, Colt …
Read More »
Google confirmed that a recent data breach in one of its Salesforce CRM systems exposed information about potential Google Ads customers. “We’re writing to let you know about an event that affected a limited set of data in one of Google’s corporate Salesforce instances used to communicate with prospective Ads …
Read More »
InfoSecBulletin Cybersecurity for mankind