Le groupe chinois 俊思集团 (Junsi Group) a été victime d’une cyberattaque, entraînant la fuite de données personnelles de plus de 54 000 membres et employés de la marque Brooks Brothers. Les informations compromises incluent les noms, adresses e-mail, numéros de téléphone, mois de naissance, sexe et nationalité. L’entreprise a pris des mesures pour sécuriser son système et a signalé l’incident aux autorités compétentes.
Category: Cyber Attack
A threat actor is allegedly selling a zero-day Local Privilege Escalation (LPE) exploit targeting Windows 8.1, 10, and 11. This exploit purportedly leverages a race condition vulnerability in the Windows kernel, specifically designed for x64 systems. It claims to elevate the rights of any already running process to SYSTEM level. For…
AMD announced an investigation after a threat actor attempted to sell data allegedly stolen from its systems. AMD has launched an investigation after the threat actor IntelBroker announced they were selling sensitive data allegedly belonging to the company. “We are aware of a cybercriminal organization claiming to be in possession of…
A threat actor is allegedly selling unauthorized access to an UK bank server with reported revenue under $200 million. The claimed access includes full root privileges, API access, and more. Additionally, the server is reportedly connected to a local LAN, allowing for potential pivot techniques. While the data on this specific…
Supply chain attacks have become increasingly prevalent. While large corporations and government agencies typically boast complex information security systems and robust defense infrastructure, their smaller vendor counterparts often lack comparable defensive capabilities.
The Cactus ransomware group has allegedly struck again, announcing three high-profile victims in their latest series of attacks. The targeted companies span across the United States, Denmark, and Italy, with substantial ransom demands and significant data breaches. Reawire.com (USA) Reawire is one of the world’s largest manufacturers of magnet and nonferrous…
A threat actor, IntelBroker, claims to be selling data obtained from a June 2024 breach of AMD, a major player in the computing industry. The compromised data reportedly includes a wide array of sensitive information, ranging from future product details to employee and customer databases. The alleged breach encompasses information on…
Printed circuit board assembly (PCBA) manufacturer Keytronic disclosed a data breach after a ransomware attack. Keytronic has confirmed a data breach after a ransomware group leaked allegedly stolen personal information from its systems. The company did not provide any info on the ransomware operation that hit its network, however Black Basta…
In a new cyber security incident, a threat actor has announced the sale of a zero-day Remote Code Execution (RCE) exploit targeting Atlassian’s Jira. This exploit allegedly works on the latest version of the Jira desktop app, as well as Jira integrated with Confluence, without requiring any login credentials. Additionally, it…
A threat actor is reportedly selling unauthorized administrative access to a SolarWinds Orion account used by a major telecommunications company, revenue $350 Billion, in Latin America. This access allegedly manages around 200 customers, including banks, trust funds, and petroleum stations. The access being sold comes with full admin privileges, enabling the…
An alleged data breach involving Maxicare Philippines has been identified by the Deep Web Konek Team. The breach, carried out by a threat actor known as “OPCODE-90,” resulted in the unauthorized scraping of authenticated data.
The renowned French fashion brand Zadig & Voltaire has suffered a data breach, exposing 587,000 unique email addresses. The popular data breach notification service Have I Been Pwned confirmed the breach via a tweet on its official account. New breach: Zadig & Voltaire had 587k unique email…
The County of Los Angeles’ Department of Public Health (DPH) disclosed a data breach that impacted more than 200,000 individuals. The LA County’s Department of Public Health announced that the personal information of more than 200,000 was compromised after a data breach that occurred between February 19 and February 20, 2024….
A threat actor has announced the sale of an exploit for CVE-2024-30078, a Remote Code Execution (RCE) vulnerability in the WiFi driver affecting all Windows Vista and later devices. In their announcement, the threat actor details that the exploit allows for remote code execution over WiFi, leveraging compromised access points or…
A threat actor has purportedly advertised the sale of access to a European biomedical company that holds contracts with entities in the United States. The offer includes access to approximately 6 terabytes of data belonging to the company. In their announcement, the threat actor clarifies that they are selling access to…