CyberSecurityBoard
Sponsor Register Login

33,000 Employee Records Leaked from Tech Service Provider Without Authentication

“Any attacker could simply send an HTTP request and extract confidential data without any authentication barriers,” CloudSEK researchers shared with Cyber Security News. CloudSEK’s BeVigil security platform discovered that a prominent technology service provider left critical API endpoints completely unprotected, allowing unrestricted access to confidential employee data without any authentication mechanisms in place. Organizations must adopt proactive API security postures to prevent similar vulnerabilities, as the consequences of exposed endpoints can lead to data breaches, regulatory penalties, and significant reputational damage. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. These vulnerable endpoints were configured without proper OAuth 2.0 authentication or API key validation, creating a significant security gap in the company’s infrastructure. Security researchers have identified a sophisticated malware campaign utilizing Agent Tesla variants delivered through elaborate multi-stage attack sequences.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 17 Apr 2025 10:55:06 +0000


Cyber News related to 33,000 Employee Records Leaked from Tech Service Provider Without Authentication

Electronic Frontier Foundation - We're not just talking about the ballot box, but the everyday power we all have to demand government agencies make their records and data available to public scrutiny. At every level of government in the United States, there are laws that empower the ...
1 year ago Eff.org
Data Breaches in US Schools Exposed 37.6M Records - Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded - a dramatic rise from 139 in ...
1 year ago Infosecurity-magazine.com
Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets - Infostealers infect computers, steal all of the credentials saved in the browser along with active session cookies and other data, then export it back to command and control infrastructure before, in some cases, self-terminating. This article will ...
1 year ago Bleepingcomputer.com
Wearable Tech Future: Where Fashion Meets Function - From fitness trackers and smartwatches to augmented reality glasses, the future of wearable tech is full of potential. In this article, we will explore the current benefits and challenges of wearable technology, uncover its different types and ...
1 year ago Securityzap.com
AT&T says leaked data of 70 million people is not from its systems - AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to ...
1 year ago Bleepingcomputer.com Hunters
Alleged ShinyHunters Hacker Pleads Not Guilty After US Extradition - The ShinyHunters group is known for some of the largest data breaches in 2021-2022, in which the personal data of hundreds of millions of users was leaked on the now-seized Raidforums. In July 2022, HackRead.com reported on Sebastian Raoult, an ...
2 years ago Hackread.com Hunters
Internationalizing Efforts to Counter Tech Support Scams - The Central Bureau of Investigation, India's federal enforcement agency, recently conducted a series of criminal raids against illegal call centers across the country in an attempt to clamp down on tech support fraud. These raids were the result of a ...
1 year ago Darkreading.com
Passwordless Login: Effortless Authentication - Let's explore how passwordless login paves the way for seamless and secure user authentication, fostering trust and loyalty. The Password Dilemma Though conventional complex password-based authentication has long been a cornerstone of robust ...
1 year ago Feeds.dzone.com
70 million account credentials were leaked in a massive password dump - A security researcher has unearthed what appears to be one of the biggest password dumps ever. Over 70 million unique credentials have been leaked on the dark web. ADVERTISEMENT. The news came to light when Troy Hunt, the owner of the popular breach ...
1 year ago Ghacks.net
Tech workers fear being left unprepared for the future - While tech workers want to learn and organizations are spending thousands of dollars per employee on learning technology, it is not translating into improved on-the-job performance for 4 out of 10 IT employees, according to Skillable. Inadequate ...
1 year ago Helpnetsecurity.com
CVE-2017-12757 - Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i ...
6 years ago
How To Assess MDR Providers with MITRE ATT&CK Steps - It has become essential for organizations to leverage managed detection and response (MDR) solutions in order to protect their systems and data from the ever-increasing number of cybersecurity threats. However, when assessing potential MDR providers, ...
2 years ago Csoonline.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
CVE-2021-20698 - Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 ...
2 years ago
CVE-2021-20699 - Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 ...
2 years ago
The Future of IT: Info-Tech 2024 Conference - PRESS RELEASE. TORONTO, Jan. 9, 2024 /PRNewswire/ - Info-Tech Research Group, a global leader in IT research and advisory, has announced that its flagship annual conference, Info-Tech LIVE, will be hosted this year at Bellagio in Las Vegas from ...
1 year ago Darkreading.com
33,000 Employee Records Leaked from Tech Service Provider Without Authentication - “Any attacker could simply send an HTTP request and extract confidential data without any authentication barriers,” CloudSEK researchers shared with Cyber Security News. CloudSEK’s BeVigil security platform discovered that a ...
2 months ago Cybersecuritynews.com
What Is Kerberos Authentication?: Implementing Effective Security Protocols - Kerberos is a vital security protocol that any serious computer user must be familiar with. It is an open standard that provides a secure way of verifying the identity of user across multiple systems. The Kerberos authentication protocol is a ...
2 years ago Heimdalsecurity.com
23andMe confirms nearly 7 million customers affected in data leak - Nearly 7 million 23andMe customers had their profile data leaked in a cybersecurity incident in October, a company spokesperson confirmed to SC Media on Monday. The vast majority of the leaked data was scraped from the site's DNA Relatives feature ...
1 year ago Packetstormsecurity.com
Tech Support Scammers Are Still At It: What To Look Out For - Tech scams are unfortunately still an issue in 2021, with technological advancements leading cybercriminals to find more creative ways to gain access to your data or charge you for services you don't need. As such, it's important to be aware of the ...
2 years ago Welivesecurity.com
Cofense enhances PhishMe to identify engagement and resilience gaps across all employee levels - Cofense unveiled new enhancements to its PhishMe Employee Security Awareness Training Platform. Employee Engagement Index, is set to transform how organizations manage email security risks. The introduction of the Employee Engagement Index transforms ...
1 year ago Helpnetsecurity.com
Big Tech to EU: "Drop Dead" - There's just one wrinkle: the Big Tech companies don't want that future, and they're trying their damndest to strangle it in its cradle. Right from the start, it was obvious that the tech giants were going to war against the DMA, and the freedom it ...
1 year ago Eff.org Inception
Yandex Source Code Online Leaked, Company Denies Hack - According to analysis from different sources, Yandex source code does not contain user data, but it does contain over 1,900 factors for ranking search results and more. The source code repository of the Yandex search engine and technology giant was ...
2 years ago Hackread.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
1 year ago Bleepingcomputer.com
Threat Actor Leaked Data from Major Bulletproof Hosting Medialand - A significant data breach occurred when an unidentified threat actor leaked internal data from Medialand, a major bulletproof hosting (BPH) provider with extensive ties to cybercriminal operations worldwide. ????️ On March 28, 2025, a threat actor ...
3 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)