DarkReading
Shein Shopping App Glitch Copies Android Clipboard Contents
The Android app unnecessarily accessed clipboard device contents, which often includes passwords and other sensitive data.
Infosecurity News
Shein App Accessed Clipboard Data on Android Devices
The findings come from Microsoft, in an advisory published on Monday
Infosecurity News
Shein Holding Company Fined $1.9m For Not Disclosing Data Breach
The data breach saw Zoetop allegedly trying to keep the real impact of the leak quiet
CyberNews
Epic Games, DJI, Shein, and Kick claimed by Mogilevich ransom gang
Major companies like Epic Games have been added to the ransomware gang’s data leak site.
Naked Security
SHEIN shopping app goes rogue, grabs price and URL data from your clipboard
It’s not exactly data theft, but it’s worryingly close to “unintentional treachery” – apparently because it’s great for marketing purposes
DataBreaches
Attorney General James Secures $1.9 Million from E-Commerce SHEIN and ROMWE Owner Zoetop for Failing to Protect Consumers’ Data
October 12 – NEW YORK – New York Attorney General Letitia James today secured $1.9 million from e-commerce retailer, Zoetop Business Company, Ltd...
The Hacker News
Shein's Android App Caught Transmitting Clipboard Data to Remote Servers
If you're using the Shein shopping app, beware of a recent bug that has been capturing and transmitting your clipboard contents to a remote server.
HACKRead
Unsecured Video Doorbells Sold on Major Platforms: Millions at Risk of Hacking
Consumer Reports exposes security vulnerabilities in popular video doorbells allowing unauthorized access, stolen footage, and privacy risks.
SecurityWeek
Some Doorbell Cameras Sold on Amazon and Other Online Sites Have Major Security Flaws, Report Says
Security vulnerabilities were found in cameras manufactured by the Chinese company Eken Group, which makes video doorbells under brand names EKEN and Tuck, and others.
Security Affairs
Eken camera doorbells allow ill-intentioned individuals to spy on you
Doorbell Cameras manufactured by the Chinese company Eken Group Ltd under the brands EKEN and Tuck are affected by major vulnerabilities.
The Cyber Express
Major Australian Women Fashion Store Hit by Cyberattack, Customer Data at Risk
A group identifying themselves as RansomedVC has emerged on the dark web, claiming to possess access to an Australian women's
The Record
Shoe retailer Aldo says LockBit posting is related to system at franchise partner
An incident involving an overseas partner was the source of a claim by the ransomware group, Canada-based Aldo said.
Infosecurity News
Telegram, WhatsApp Trojanized to Target Cryptocurrency Wallets
Most of these apps rely on clipper malware to steal the contents of the Android clipboard
CyberSecurity Dive
Henry Schein says customer data breached in cyber incident
The company lowered its 2023 sales and earnings forecasts in response to the incident, which took some of its distribution systems offline.
The Record
Nearly 540,000 people have SSNs leaked after cyberattack on retailer Forever 21
The fast-fashion giant said that hackers had access to its systems from January 5 to March 21 of this year.
The Record
Blackbaud agrees to $49.5 million settlement with AGs of nearly all 50 states
The agreement stems from a 2020 ransomware attack that ended up affecting dozens of the software company's customers in education, healthcare and other areas.
Bleeping Computer
SSH keys stolen by stream of malicious PyPI and npm packages
A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software developers on the platforms.
The Record
NY college forced to invest $3.5 million in cybersecurity after breach affecting 200,000
Attorney General Letitia James and Marymount Manhattan College announced the agreement, which is part of the response to a 2021 incident.
DataBreaches
Henry Schein re-encrypted by BlackCat again
On October 15, Henry Schein, Inc. disclosed a breach: On Saturday, October 14, Henry Schein, Inc. (Nasdaq: HSIC) determined that a portion of its...
Cyber Security News
Internet-connected Doorbell Cameras Flaw Let Attackers Hijack Devices
The security flaws in popular video doorbell cameras could allow attackers to hijack popular camera devices.
DataBreaches
Attorney General James Reaches Agreement with Marymount Manhattan College to Invest $3.5 Million to Protect Students’ Online Data
NEW YORK – New York Attorney General Letitia James today announced an agreement with Marymount Manhattan College (MMC), a private non-profit liberal arts...
The Record
NY AG issues $450k penalty to US Radiology after unpatched bug led to ransomware attack
One of the nation’s largest private radiology companies agreed to pay a $450,000 fine after a 2021 ransomware attack led to the exposure of sensitive information from nearly 200,000 patients.
The Record
Medical firm reaches $100,000 settlement with HHS over 2017 ransomware attack
Doctors’ Management Services — which provides medical billing and payer credentialing services — was attacked by the now-defunct GandCrab ransomware gang in April 2017. The settlement with HHS is the first for the agency over a ransomware attack.
CyberNews
Got tips? US offers $15M reward for info on ALPHV/BlackCat
The ALPHV/BlackCat ransomware syndicate now has a $15 million bounty on its head, courtesy of the US government.
DataBreaches
Attorney General James Secures $450,000 from US Radiology Specialists for failing to protect patient data
The following press release from the NYS Attorney General’s Office relates to an incident previously noted on DataBreaches.net. The Assurance of...
DataBreaches
NY Attorney General James Secures $300,000 from Online Sporting Goods Retailers for Failing to Protect Consumers’ Personal Information
NEW YORK – New York Attorney General Letitia James secured $300,000 from Sports Warehouse Inc. (Sports Warehouse), an online sporting goods retailer for...
DataBreaches
Attorney General James Secures $300,000 from NewYork-Presbyterian Hospital for Failing to Protect Patient Data
December 27 NEW YORK – New York Attorney General Letitia James today secured $300,000 from The NewYork-Presbyterian Hospital (NYP) for disclosing the health...
The Cyber Express
Top 20 Cyberattacks in Recent Past: Key Lessons for Companies in 2024
As the year nears its end, the cybersecurity sector offers profound lessons through incidents like data breaches, leaks, and cyberattacks,
Naked Security
S3 Ep105: WONTFIX! The MS Office cryptofail that “isn’t a security flaw” [Audio + Text]
The coolest video game ever! And lots of solid cybersecurity advice – listen now!
Naked Security
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English… just like old times, with Duck and Chet!
Naked Security
S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]
Listen now – latest episode – audio plus full transcript