Another week down! Here’s your recap of what made headlines in the cybersecurity world this week:
6 million records from Oracle’s Cloud federated SSO login servers have reportedly been stolen by a hacker going by the alias rose87168.
Earlier this month, the attacker posted a sample database of the stolen information on the dark web, which allegedly contained encrypted SSO passwords, JKS files, and more. The data was listed for sale, with the threat actor accepting either money or zero-day exploits for the stolen information.
Oracle denies that this breach occurred, stating, “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”
(–Source: TechRadar Pro on MSN
Read More: Oracle denies data breach after hacker claims to hold six million records )
NYU students had their personal information leaked after an attack on the school’s website this past weekend. The hackers, who carried out the attack to accuse the university of continuing to use race-sensitive admissions, altered the website’s homepage to redirect to files containing the personal information of the school’s applicants dating back to 1989.
The website takeover lasted at least 2 hours and exposed the personal information including names, test scores, family member details, and more of over 3 million applicants in the format of CSV files.
(–Source: Washington Square News
Read More: Over 3 million applicants’ data leaked on NYU’s website – Washington Square News )
Popular genetic testing company 23andMe recently filed for bankruptcy. The shock of this news and concerns for the way customer data would be handled after being transferred to a new owner, caused users to delete their accounts en masse. California’s Attorney General even urged customers to delete their accounts and data.
These concerns are understandable, as the company experienced a data breach in 2023 that exposed the personal information of 6.9 million customers. A lawsuit followed, which resulted in 23andMe paying out $30 million dollars to affected individuals.
(–Source: Reuters on MSN
Read More: Consumers urged to delete 23andMe data as bankruptcy sparks privacy concerns )
Major national security concerns have been raised after The Atlantic’s editor-in-chief, Jeffrey Goldberg, was unintendedly added to a group chat on Signal in which top security officials were discussing “war plans” down to the details of the planned timing of airstrikes.
Security concerns lie in the use of the Signal app to discuss sensitive government information. While Signal does feature message encryption, security experts agree that it is still less secure than government-operated communication channels, and the security of conversations in the app can still depend on the security of the device the app is used on.
(–Source: Washington Examiner on MSN
Read More: How secure is Signal? Group chat snafu raises questions over app security )
