Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Passwords. Show all posts
Windows
Apple Google Internet Microsoft Passkeys Passwords Technology Windows

Ditch Passwords, Use Passkeys to Secure Your Account

Ditch Passwords, Use Passkeys to Secure Your Account

Ditch passwords, use passkeys

Microsoft and Google users, in particular, have been warned about ditching passwords for passkeys. Passwords are easy to steal and can unlock your digital life. Microsoft has been at the forefront, confirming it will delete passwords for more than a billion users. Google, too, has warned that most of its users will have to add passkeys to their accounts. 

What are passkeys?

Instead of a username and password, passkeys use our device security to log into our account. This means that there is no password to hack and no two-factor authentication codes to bypass, making it phishing-resistant.

At the same time, the Okta team warned that it found threat actors exploiting v0, an advanced GenAI tool made by Vercelopens, to create phishing websites that mimic real sign-in webpages

Okta warns users to not use passwords

A video shows how this works, raising concerns about users still using passwords to sign into their accounts, even when backed by multi-factor authentication, and “especially if that 2FA is nothing better than SMS, which is now little better than nothing at all,” according to Forbes. 

According to Okta, “This signals a new evolution in the weaponization of GenAI by threat actors who have demonstrated an ability to generate a functional phishing site from simple text prompts. The technology is being used to build replicas of the legitimate sign-in pages of multiple brands, including an Okta customer.”

Why are passwords not safe?

It is shocking how easy a login webpage can be mimicked. Users should not be surprised that today’s cyber criminals are exploiting and weaponizing GenAI features to advance and streamline their phishing attacks. AI in the wrong hands can have massive repercussions for the cybersecurity industry.

According to Forbes, “Gone are the days of clumsy imagery and texts and fake sign-in pages that can be detected in an instant. These latest attacks need a technical solution.”

Users are advised to add passkeys to their accounts if available and stop using passwords when signing in to their accounts. Users should also ensure that if they use passwords, they should be long and unique, and not backed up by SMS 2-factor authentication. 

Read more »
Teams API
ATO Azure cloud storage Credential CyberCrime Cyberhackers Data Breach Microsfot Entra ID Microsoft Passwords Teams API

Microsoft Entra ID Faces Surge in Coordinated Credential-Based Attacks

An extensive account takeover (ATO) campaign targeting Microsoft Entra ID has been identified by cybersecurity experts, exploiting a powerful open-source penetration testing framework known as TeamFiltration. 

First detected in December 2024, the campaign has accelerated rapidly, compromising more than 80,000 user accounts across many cloud environments over the past several years. It is a sophisticated and stealthy attack operation aimed at breaching enterprise cloud infrastructure that has been identified by the threat intelligence firm Proofpoint with the codename UNK_SneakyStrike, a sophisticated and stealthy attack operation. 

UNK_SneakyStrike stands out due to its distinctive operational pattern, which tends to unfold in waves of activity throughout a single cloud environment often targeting a broad spectrum of users. The attacks usually follow a period of silent periods lasting between four and five days following these aggressive bursts of login attempts, a tactic that enables attackers to avoid triggering traditional detection mechanisms while maintaining sustained pressure on organizations' defence systems. 

Several technical indicators indicate that the attackers are using TeamFiltration—a sophisticated, open-source penetration testing framework first introduced at the Def Con security conference in 2022—a framework that is highly sophisticated and open source. As well as its original purpose of offering security testing and red teaming services in enterprises, TeamFiltration is now being used by malicious actors to automate large-scale user enumeration, password spraying, and stealthy data exfiltration, all of which are carried out on a massive scale by malicious actors. 

To simulate real-world account takeover scenarios in Microsoft cloud environments, this tool has been designed to compromise Microsoft Entra ID, also known as Azure Active Directory, in an attempt to compromise these accounts. It is important to know that TeamFiltration's most dangerous feature is its integration with the Microsoft Teams APIs, along with its use of Amazon Web Services (AWS) cloud infrastructure to rotate the source IP addresses dynamically. 

Not only will this strategy allow security teams to evade geofencing and rate-limiting defences, but also make attribution and traffic filtering a significant deal more challenging. Additionally, the framework features advanced functionalities that include the ability to backdoor OneDrive accounts so that attackers can gain prolonged, covert access to compromised systems without triggering immediate alarms, which is the main benefit of this framework. 

A combination of these features makes TeamFiltration a useful tool for long-term intrusion campaigns as it enhances an attacker's ability to keep persistence within targeted networks and to siphon sensitive data for extended periods of time. By analysing a series of distinctive digital fingerprints that were discovered during forensic analysis, Proofpoint was able to pinpoint both the TeamFiltration framework and the threat actor dubbed UNK_SneakyStrike as being responsible for this malicious activity. 

As a result, there were numerous issues with the tool, including a rarely observed user agent string, hardcoded client identifications for OAuth, and a snapshot of the Secureworks FOCI project embedded within its backend architecture that had been around for quite some time. As a result of these technical artefacts, researchers were able to trace the attack's origin and misuse of tools with a high degree of confidence, enabling them to trace the campaign's origin and tool misuse with greater certainty. 

An in-depth investigation of the attack revealed that the attackers were obfuscating and circumventing geo-based blocking mechanisms by using Amazon Web Services (AWS) infrastructure spanning multiple international regions in order to conceal their real location. A particularly stealthy manoeuvre was used by the threat actors when they interacted with the Microsoft Teams API using a "sacrificial" Microsoft Office 365 Business Basic account, which gave them the opportunity to conduct covert account enumeration activities. 

Through this tactic, they were able to verify existing Entra ID accounts without triggering security alerts, thereby silently creating a map of user credentials that were available. As a result of the analysis of network telemetry, the majority of malicious traffic originated in the United States (42%). Additional significant activity was traced to Ireland (11%) and the United Kingdom (8%) as well. As a consequence of the global distribution of attack sources, attribution became even more complex and time-consuming, compromising the ability to respond efficiently. 

A detailed advisory issued by Proofpoint, in response to the campaign, urged organisations, particularly those that rely on Microsoft Entra ID for cloud identity management and remote access-to initiate immediate mitigations or improvements to the system. As part of its recommendations, the TeamFiltration-specific user-agent strings should be flagged by detection rules, and multi-factor authentication (MFA) should be enforced uniformly across all user roles, based on all IP addresses that are listed in the published indicators of compromise (IOCs). 

It is also recommended that organisations comply with OAuth 2.0 security standards and implement granular conditional access policies within Entra ID environments to limit potential exposure to hackers. There has been no official security bulletin issued by Microsoft concerning this specific threat, but internal reports have revealed that multiple instances of unauthorised access involving enterprise accounts have been reported. This incident serves as a reminder of the risks associated with dual-use red-teaming tools such as TeamFiltration, which can pose a serious risk to organisations. 

There is no doubt in my mind that such frameworks are designed to provide legitimate security assessments, however, as they are made available to the general public, they continue to raise concerns as they make it more easy for threat actors to use them to gain an advantage, blurring the line between offensive research and actual attack vectors as threats evolve. 

The attackers during the incident exploited the infrastructure of Amazon Web Services (AWS), but Amazon Web Services (AWS) reiterated its strong commitment to promoting responsible and lawful use of its cloud platform. As stated by Amazon Web Services, in order to use its resources lawfully and legally, all customers are required to adhere to all applicable laws and to adhere to the platform's terms of service. 

A spokesperson for Amazon Web Services explained that the company maintains a clearly defined policy framework that prevents misappropriation of its infrastructure. As soon as a company receives credible reports that indicate a potential violation of these policies, it initiates an internal investigation and takes appropriate action, such as disabling access to content that is deemed to be violating the company's terms. As part of this commitment, Amazon Web Services actively supports and values the global community of security researchers. 

Using the UNK_SneakyStrike codename, the campaign has been classified as a highly orchestrated and large-scale operation that is based on the enumeration of users and password spraying. According to researchers at Proofpoint, these attempts to gain access to cloud computing services usually take place in bursts that are intense and short-lived, resulting in a flood of credentials-based login requests to cloud environments. Then, there is a period of quietness lasting between four and five days after these attacks, which is an intentional way to prevent continuous detection and prolong the life cycle of the campaign while enabling threat actors to remain evasive. 

A key concern with this operation is the precision with which it targets its targets, which makes it particularly concerning. In the opinion of Proofpoint, attackers are trying to gain access to nearly all user accounts within the small cloud tenants, while selectively targeting particular users within the larger enterprise environments. 

TeamFiltration's built-in filtering capabilities, which allow attackers to prioritise the highest value accounts while avoiding detection by excessive probing, are a calculated approach that mirrors the built-in filtering capabilities of TeamFiltration. This situation underscores one of the major challenges the cybersecurity community faces today: tools like TeamFiltration that were designed to help defenders simulate real-world attacks are increasingly being turned against organisations, instead of helping them fight back. 

By weaponizing these tools, threat actors can infiltrate cloud infrastructure, extract sensitive data, establish long-term access, and bypass conventional security controls, while infiltrating it, extracting sensitive data, and establishing long-term control. In this campaign, we are reminded that dual-purpose cybersecurity technologies, though essential for improving organization resilience, can also pose a persistent and evolving threat when misappropriated. 

As the UNK_SneakyStrike campaign demonstrates, the modern threat landscape continues to grow in size and sophistication, which is why it is imperative that cloud security be taken into account in a proactive, intelligence-driven way. Cloud-native organisations must take steps to enhance their threat detection capabilities and go beyond just reactive measures by investing in continuous threat monitoring, behavioural analytics, and threat hunting capabilities tailored to match their environments' needs. 

In the present day, security strategies must adapt to the dynamic nature of cloud infrastructure and the growing threat of identity-based attacks, which means relying on traditional perimeter defences or static access controls will no longer be sufficient. In order to maintain security, enterprise defenders need to routinely audit their identity and access management policies, verify that integrated third-party applications are secure, and review logs for anomalies indicative of low-and-slow intrusion patterns. 

In order to build a resilient ecosystem that can withstand emerging threats, cloud service providers, vendors, and enterprise security teams need to work together in order to create a collaborative ecosystem. As an added note, cybersecurity community members must engage in ongoing discussions about how dual-purpose security tools should be distributed and governed to ensure that innovation intended to strengthen defences is not merely a weapon that compromises them, but rather a means of strengthening those defences. 

The ability to deal with advanced threats requires agility, visibility, and collaboration in order for organisations to remain resilient. There is no doubt that organisations are more vulnerable to attacks than they were in the past, but they can minimise exposure, contain intrusions quickly, and ensure business continuity despite increasingly coordinated, deceptive attack campaigns if they are making use of holistic security hygiene and adopting a zero-trust architecture.

Read more »
pins
AT&T Data Breach Passwords pins

AT&T Customers at Risk Again After New Data Leak

 




AT&T customers are once more facing serious security concerns following reports of a fresh leak involving their personal information. This comes after the telecom company experienced multiple data breaches last year.


Previous Data Breaches Raised Alarms

In 2024, AT&T reported two major security incidents. The first breach, which took place in March, affected over 70 million people. Sensitive details like social security numbers, home addresses, phone numbers, and birth dates were stolen and later found for sale on the dark web.

Just a month later, another breach occurred. Hackers reportedly gained access to AT&T’s Snowflake cloud platform, which allowed them to collect call and text records from a large number of AT&T users. Some sources later claimed that AT&T paid the hackers a ransom of approximately $370,000 to prevent the data from being exposed, but this detail remains unconfirmed.

These incidents increased the risk of identity theft, scams, and phishing attempts targeting AT&T customers. The company later provided those affected with a free one-year subscription to identity protection services.


New Customer Data Surfaces Online

Recently, another batch of customer data—belonging to around 86 million people—has appeared on the dark web. The leaked information includes names, birth dates, phone numbers, email addresses, home addresses, and social security numbers, raising fresh concerns about fraud and misuse.

AT&T responded by saying that the data seems to be from the earlier breach in March 2024 and is likely being recirculated by cybercriminals looking to make money. According to the company, their teams are fully investigating this recent exposure and law enforcement has been notified.


Why Customers Should Stay Alert

Data breaches have been rising sharply in the United States. A report by the Identity Theft Resource Center shows that over 1 billion people were affected by data leaks in just the first half of 2024—a massive increase compared to the previous year.

Even if this recent leak involves old data, the danger is still real. Hackers can combine stolen information to create fake identities, apply for loans, open accounts, or carry out other fraudulent activities.


Steps to Protect Yourself

AT&T customers and anyone affected by data breaches should take these precautions:

1. Change passwords and PINs immediately, especially for bank accounts and financial services.

2. Avoid reusing old passwords and set strong, unique ones for each account.

3. Enable two-factor authentication for extra security where possible.

4. Monitor bank and credit accounts closely for any unusual or suspicious activity.

5. Place a fraud alert on your credit file to warn lenders of potential identity theft. This is free and stays active for one year, with options to renew.

6. Consider freezing your credit report to prevent new accounts from being opened in your name.


It’s essential for all consumers to remain careful and take quick action to protect their personal information in today’s rising cyber threat landscape.

Read more »
PumaBot
Data Login Credentials malware Passwords PumaBot

PumaBot: A New Malware That Sneaks into Smart Devices Using Weak Passwords

 


A recently found malware called PumaBot is putting many internet-connected devices at risk. This malicious software is designed to attack smart systems like surveillance cameras, especially those that use the Linux operating system. It sneaks in by guessing weak passwords and then quietly takes over the system.


How PumaBot Finds Its Victims

Unlike many other threats that randomly scan the internet looking for weak points, PumaBot follows specific instructions from a remote command center. It receives a list of selected device addresses (known as IPs) from its control server and begins attempting to log in using common usernames and passwords through SSH — a tool that lets people access devices remotely.

Experts believe it may be going after security and traffic camera systems that belong to a company called Pumatronix, based on clues found in the malware’s code.


What Happens After It Breaks In

Once PumaBot gets into a device, it runs a quick check to make sure it's not inside a fake system set up by researchers (known as a honeypot). If it passes that test, the malware places a file on the device and creates a special service to make sure it stays active, even after the device is restarted.

To keep the door open for future access, PumaBot adds its own secret login credentials. This way, the hackers can return to the device later, even if some files are removed.


What the Malware Can Do

After it takes control, PumaBot can be told to:

• Steal data from the device

• Install other harmful software

• Collect login details from users

• Send stolen information back to the attackers

One tool it uses captures usernames and passwords typed into the device, saves them in a hidden file, and sends them to the hackers. Once the data is taken, the malware deletes the file to cover its tracks.


Why PumaBot Is Concerning

PumaBot is different from other malware. Many botnets simply use infected devices to send spam or run large-scale attacks. But PumaBot seems more focused and selective. Instead of causing quick damage, it slowly builds access to sensitive networks — which could lead to bigger security breaches later.


How to Protect Your Devices

If you use internet-connected gadgets like cameras or smart appliances, follow these safety steps:

1. Change factory-set passwords immediately

2. Keep device software updated

3. Use firewalls to block strange access

4. Put smart devices on a different Wi-Fi network than your main systems

By following these tips, you can lower your chances of being affected by malware like PumaBot.

Read more »
Vulnerability
AI Cybersecurity Data Encryption Hacking Passwords penetration redteam SharePoint Vulnerabilities and Exploits Vulnerability

Pen Test Partners Uncovers Major Vulnerability in Microsoft Copilot AI for SharePoint

 

Pen Test Partners, a renowned cybersecurity and penetration testing firm, recently exposed a critical vulnerability in Microsoft’s Copilot AI for SharePoint. Known for simulating real-world hacking scenarios, the company’s redteam specialists investigate how systems can be breached just like skilled threatactors would attempt in real-time. With attackers increasingly leveraging AI, ethical hackers are now adopting similar methods—and the outcomes are raising eyebrows.

In a recent test, the Pen Test Partners team explored how Microsoft Copilot AI integrated into SharePoint could be manipulated. They encountered a significant issue when a seemingly secure encrypted spreadsheet was exposed—simply by instructing Copilot to retrieve it. Despite SharePoint’s robust access controls preventing file access through conventional means, the AI assistant was able to bypass those protections.

“The agent then successfully printed the contents,” said Jack Barradell-Johns, a red team security consultant at Pen Test Partners, “including the passwords allowing us to access the encrypted spreadsheet.”

This alarming outcome underlines the dual-nature of AI in informationsecurity—it can enhance defenses, but also inadvertently open doors to attackers if not properly governed.

Barradell-Johns further detailed the engagement, explaining how the red team encountered a file labeled passwords.txt, placed near the encrypted spreadsheet. When traditional methods failed due to browser-based restrictions, the hackers used their red team expertise and simply asked the Copilot AI agent to fetch it.

“Notably,” Barradell-Johns added, “in this case, all methods of opening the file in the browser had been restricted.”

Still, those download limitations were sidestepped. The AI agent output the full contents, including sensitive credentials, and allowed the team to easily copy the chat thread, revealing a potential weak point in AI-assisted collaborationtools.

This case serves as a powerful reminder: as AItools become more embedded in enterprise workflows, their securitytesting must evolve in step. It's not just about protecting the front door—it’s about teaching your digital assistant not to hold it open for strangers.

For those interested in the full technical breakdown, the complete Pen Test Partners report dives into the step-by-step methods used and broader securityimplications of Copilot’s current design.

Davey Winder reached out to Microsoft, and a spokesperson said:

“SharePoint information protection principles ensure that content is secured at the storage level through user-specific permissions and that access is audited. This means that if a user does not have permission to access specific content, they will not be able to view it through Copilot or any other agent. Additionally, any access to content through Copilot or an agent is logged and monitored for compliance and security.”

Further, Davey Winder then contacted Ken Munro, founder of Pen Test Partners, who issued the following statement addressing the points made in the one provided by Microsoft.

“Microsoft are technically correct about user permissions, but that’s not what we are exploiting here. They are also correct about logging, but again it comes down to configuration. In many cases, organisations aren’t typically logging the activities that we’re taking advantage of here. Having more granular user permissions would mitigate this, but in many organisations data on SharePoint isn’t as well managed as it could be. That’s exactly what we’re exploiting. These agents are enabled per user, based on licenses, and organisations we have spoken to do not always understand the implications of adding those licenses to their users.”
Read more »
ZeroTrust
2FA AIsecurity credentialstuffing CyberCrime Darkweb Data Breach GenZ Infostealer passwordmanager Passwords phishing Ransomware ZeroTrust

Infostealer Malware Soars 500% as 1.7 Billion Passwords Leak on Dark Web

 

A new report has exposed a staggering 500% rise in infostealer malware attacks, with over 1.7 billion passwords leaked on the dark web in 2024 alone. Despite the growing threat, poor password hygiene continues to be a critical issue, especially among Gen Z users. Cybersecurity experts are now calling for a complete rethink of digital safety practices, urging organizations and individuals to adopt zero-trust frameworks, AI-driven defenses, and reform in user behavior.

Infostealer malware is gaining traction as a preferred tool among cybercriminals. These lightweight, silent programs are often embedded in pirated software or spread via phishing attacks. Once inside a system, they exfiltrate sensitive data including stored credentials, autofill data, cookies, and even crypto wallet details without raising alarms. This stolen information is then compiled into massive combo lists—datasets of usernames and passwords—that are sold or traded on dark web forums. These lists power credential-stuffing attacks that enable hackers to take control of accounts on a mass scale.

Underground marketplaces have reportedly listed over 100 billion compromised credentials, marking a 42% increase from the previous year. Cybercrime syndicates such as BestCombo, BloddyMery, and ValidMail have become notorious for brokering access to stolen identities, fueling everything from account takeovers to financial fraud, ransomware deployment, and corporate espionage.

Yet, despite repeated warnings, user behavior remains worryingly casual. The 2025 World Password Day Survey revealed that 72% of Gen Z users admit to reusing passwords across multiple services. Even more strikingly, 79% acknowledge the risks of reuse, while 59% continue to use the same credentials even after a breach. Shockingly, only 10% reported updating their passwords consistently after being informed of a compromise. Additionally, 38% of Gen Z respondents said they only alter one character when prompted to update a password, and 30% frequently forget their credentials—despite the availability of password recovery features and password managers.

Although 46% of Gen Z users claim to use password managers, their actual habits—like sharing credentials via body text, screenshots, or in conversation—undermine any security those tools provide. This gap between intention and action continues to weaken overall cyber defense.

On the enterprise front, the situation is no better. According to a cybersecurity expert, 27% of businesses still do not enforce basic password policies. Even among organizations that do, users often respond to frequent password change requirements with insecure workarounds, such as reusing slightly modified passwords.

A data privacy solicitor commented, “If your system allows users to bypass complexity rules or reuse old passwords, your policy is meaningless,” she warned.

Experts also note that even strong password practices can't address all threats. Vulnerabilities like device-level breaches, session hijacking, and social engineering tactics necessitate broader security strategies. Resta advises that organizations should go beyond password policies and invest in multi-layered defenses:
“Organizations must maintain robust incident response plans alongside 2FA, AI-driven anomaly detection, and Zero Trust Architecture (ZTA).”
Read more »
Passwords
Cyber Security FIDO Alliance Passkey Passwords

Many Internet Users Suffer Account Breaches Due to Weak Passwords, Study Finds

 



A recent study has shown that more than one in three people have had at least one of their online accounts broken into during the past year. The main reason? Poor or stolen passwords.

The report comes from the FIDO Alliance, a group that focuses on improving online safety. Their findings reveal that passwords are still a major weak spot in keeping digital accounts secure.


People Struggle with Passwords

The research found that 36% of people had their accounts hacked because their passwords were either easy to crack or already leaked online. Many users still rely on passwords that are short, simple, or reused across different accounts. These habits make it easier for cybercriminals to gain access.

Forgetting passwords is another common issue. Nearly half of the participants said they gave up making a purchase online because they couldn’t remember their password.


What Are Passkeys and Why Are They Safer?

To fix the problem with passwords, many websites and apps are now supporting a new method called passkeys. These don’t require typing anything in. Instead, you can log in using your fingerprint, face scan, or a PIN stored on your device.

This system is safer because the login details never leave your phone or computer, and they don’t work on fake websites. This means scammers can’t trick people into handing over their login details like they do with traditional passwords.

According to the study, most people are now aware of this new method. Around 69% have already used passkeys on at least one of their accounts, and over a third said they’ve switched entirely to using them wherever possible.


Big Tech Companies Back Passkeys

On May 2, Microsoft said it is now letting all of its users log in with passkeys instead of passwords. The company admitted that passwords simply aren’t strong enough to protect people’s accounts, even if they’re long or frequently updated.

Microsoft users can now sign in using face ID, fingerprint, or PIN on devices from Windows, Apple, or Google.


Moving Away from Passwords Altogether

To raise awareness, FIDO has renamed its annual event “World Passkey Day.” The goal is to encourage companies and users to stop relying on passwords and start using safer login tools.

As part of the event, FIDO launched a pledge for businesses that want to commit to using passkeys. More than 100 organizations have already joined in.

FIDO’s leader, Andrew Shikiar, said the shift to better login methods is necessary. He explained that years of account hacks and data leaks have shown that traditional passwords no longer offer the protection we need in a digital world.

The study surveyed 1,389 adults from the US, UK, Japan, South Korea, and China.

Read more »
Passwords
Cloud Service Data Breach Oracle Passwords

Oracle Faces Data Leak Claims, Clarifies Cloud Services Remain Safe

 



Oracle has informed its users that a recent cyberattack only affected two outdated servers that are no longer in use. These systems were separate from Oracle’s main cloud services, and the company says that no active customer data or cloud-based accounts were harmed.

In the notice sent to its customers, Oracle clearly stated that its main cloud service, known as Oracle Cloud Infrastructure (OCI), was not targeted or accessed by attackers. They reassured users that no data was viewed, taken, or misused, and there was no interruption in cloud operations.

According to Oracle, the stolen information included usernames from older systems. However, passwords stored on those servers were either scrambled or secured in such a way that they could not be used to break into any accounts. As a result, the hackers were not able to reach any customer platforms or data.

The incident first came to public attention when a hacker began selling what they claimed were millions of user records on an online cybercrime marketplace. Oracle has been under pressure since then to confirm whether or not its systems were breached. While the company continues to deny that their modern cloud platform was affected, cybersecurity experts say that the older systems— though no longer active - were once part of Oracle’s cloud services under a different name.

Some security specialists have criticized Oracle’s choice of words, saying the company is technically correct but still avoiding full responsibility by referring to the older system as separate from its current services.

Reports suggest that the hackers may have broken into these old systems as early as January 2025. The intruders allegedly installed harmful software, allowing them to collect data such as email addresses, usernames, and coded passwords. Oracle described the stolen data as outdated, but some of the records being shared online are from late 2024 and early 2025.

This comes shortly after another reported incident involving Oracle’s healthcare division, formerly called Cerner. That breach affected hospitals in the U.S., and a hacker is now reportedly demanding large payments to prevent the release of private medical information.

Even though Oracle insists its main cloud platform is secure, these incidents raise questions about how clearly companies communicate data breaches. Users who are concerned have been advised to reach out to Oracle’s support team for more information.


Read more »
Subscribe to: Posts (Atom)