Uber Technologies Inc. has recently acknowledged a security breach affecting its internal computer systems, first reported late Thursday. The company stated that there is currently “no evidence” suggesting that sensitive user data, such as trip history, has been accessed during the incident. In a public statement, Uber clarified, “We have…
On Thursday, Cloudflare, a leader in web infrastructure and security, reported it has successfully mitigated the largest volumetric distributed denial of service (DDoS) attack ever recorded. This significant incident, initiated by a Mirai botnet, targeted a client within the financial sector last month. Cloudflare’s analysis revealed that at its peak,…
Twilio Faces Another Security Incident with Customer Data Compromised This week, communication services provider Twilio reported a security breach that occurred on June 29, 2022, attributed to the same group responsible for a significant breach in August 2022. The company revealed that unauthorized access to customer information was achieved through…
Coinbase, a prominent cryptocurrency exchange based in the United States, recently disclosed a cybersecurity incident that compromised the personal information of some of its employees. On February 5, 2023, the company reported that its robust cyber controls successfully thwarted the attacker from gaining direct access to its systems, effectively preventing…
OpenAI announced on Friday that a vulnerability in the Redis open source library led to the unintended exposure of personal information and chat titles belonging to users of its ChatGPT service earlier in the week. This incident, first identified on March 20, 2023, permitted certain users to access snippets of…
A sophisticated cyber operation, dubbed “PhantomCaptcha,” has targeted prominent humanitarian organizations and government entities engaged in war relief efforts in Ukraine, as detailed in recent research by SentinelLABS. The campaign has notably affected major organizations such as the International Red Cross, UNICEF, and the Norwegian Refugee Council, along with various…
Okta, a leading provider of identity services, revealed a recent security incident affecting its support case management system. Unidentified threat actors exploited compromised credentials to gain access, allowing them to view sensitive files uploaded by certain customers. David Bradbury, Okta’s Chief Security Officer, stated, “The threat actor was able to…
The Looming Threat of Quantum Computing to Encryption The integrity of current encryption methods safeguarding communications against criminal and state-level surveillance is increasingly at risk. As advancements in quantum computing continue, both industries and government entities may soon possess the capability to disrupt the algorithms that secure sensitive information, including…
Token theft continues to be a significant driver behind Software-as-a-Service (SaaS) breaches, raising critical concerns for security teams. It’s important to recognize why OAuth and API tokens are frequently overlooked and explore effective strategies that organizations can implement to enhance their token management practices and fortify their defenses. As SaaS…
