The January 2022 International Committee of the Red Cross (ICRC) data breach was caused by an unpatched critical vulnerability in the Single Signe-In tool developed by Zoho, a business software development company. After exploiting the vulnerability (tracked as CVE-2021-40539), the cybercriminals deployed offensive security tools to help gain access to ICRC's contact database, resulting in the compromise of more than 515,000 globally.

Few companies expect to be at the center of a newsworthy data breach incident. However, according to some sources, cybercriminals can access 93% of businesses in an average of two days. Around 150 million data records were compromised in the third quarter of 2022 alone. Businesses are increasingly reliant on data systems such as cloud computing and remote working to compete in the modern workplace.

In 2022, cyber incidents in businesses and organizations worldwide have skyrocketed, with data breaches being one of the main concerns. Almost 109 million personal accounts and emails were compromised in Q3 2022 — a 70% increase compared to Q2. Particularly, Australia has seen a significant rise in data breaches, especially in its financial services and healthcare sectors.

Last week, T-Mobile disclosed that the personally identifiable information (PII) of 37 million of its past and present customers had been breached in an API attack. They also shared that the attack had been going on since November but was only caught January 5 by T-Mobile’s security team. Coverage of the attack has been swift, far-reaching, and harsh, as this represents T-Mobile’s 8th breach since 2018.

Your organization could be at risk if you’re not handling hard-coded secrets properly. The Synopsys AST portfolio has you covered at every stage of the SDLC. By: Ksenia Peguero, Naveen Tiwari, Lijesh Krishnan, and DeWang Li The most severe vulnerabilities in a system or application can be caused by an easily overlooked issue—for example, a leaked hard-coded secret can allow an attacker to steal data or compromise a system.

A thriving hacker has been found to be posting a college database showcasing it to be a breach. This happened to one of the colleges in the southern region of India, Kerala. Necessary measures have been taken to keep them up to date! The college’s information was found to be floating around on the Dark Web. These data seem to be highly sensitive. These data could be acquired by any human being for just a few thousand.

It's incredibly important that you learn the latest cybersecurity threats that can threaten a business in 2023. Learn them here.

In what may be the largest Twitter data breach attack to date, the personal data of over 400 million users was stolen from the social media giant’s grasp and put up for sale on the dark net on the day after Christmas. This attack couldn’t have happened at a worse time for the company, as the Irish Data Protection Commission (DPC) has announced an investigation into an earlier Twitter data leak in November 2022 that had affected over 5.4 million users.

On January 4, CircleCI, an automated CI/CD pipeline setup tool, reported a security incident in their product by sharing an advisory.