securityaffairs.com Open in urlscan Pro
2606:4700:3031::6815:90b  Public Scan

URL: https://securityaffairs.com/151999/data-breach/crm-provider-really-simple-systems-data-leak.html
Submission: On October 05 via api from TR — Scanned from DE

Form analysis 3 forms found in the DOM

GET https://securityaffairs.com

<form method="get" action="https://securityaffairs.com">
  <input type="search" name="s" placeholder="Search.." class="site-search-field" value="">
  <input type="submit" class="sm-icon">
</form>

<form class="comment">
  <div class="row">
    <div class="col-sm-12 col-md-6 col-lg-6">
      <div class="mb-3">
        <input type="name" name="cmnt_auth_name" class="form-control cmnt_auth_name" placeholder="Name">
      </div>
    </div>
    <div class="col-sm-12 col-md-6 col-lg-6">
      <div class="mb-3">
        <input type="email" name="cmnt_auth_email" class="form-control cmnt_auth_email" placeholder="Email">
      </div>
    </div>
    <div class="col-sm-12 col-md-12 col-lg-12">
      <div class="mb-3">
        <textarea name="cmnt_msg" class="form-control cmnt_msg" placeholder="Comments" rows="3"></textarea>
      </div>
    </div>
    <div class="col-sm-12 col-md-12 col-lg-12">
      <input class="cmnt_submit_btn btn btn-blue btn-inline btn-big" type="submit" name="cmnt_submit" value="Leave comment">
      <input type="hidden" name="pid" class="pid" value="MTUxOTk5">
      <input type="hidden" name="parentcommentid" class="parentcommentid" value="0">
    </div>
  </div>
</form>

POST /151999/data-breach/crm-provider-really-simple-systems-data-leak.html#wpcf7-f149934-p151999-o1

<form action="/151999/data-breach/crm-provider-really-simple-systems-data-leak.html#wpcf7-f149934-p151999-o1" method="post" class="wpcf7-form init" aria-label="Contact form" novalidate="novalidate" data-status="init">
  <div style="display: none;">
    <input type="hidden" name="_wpcf7" value="149934">
    <input type="hidden" name="_wpcf7_version" value="5.8.1">
    <input type="hidden" name="_wpcf7_locale" value="en_US">
    <input type="hidden" name="_wpcf7_unit_tag" value="wpcf7-f149934-p151999-o1">
    <input type="hidden" name="_wpcf7_container_post" value="151999">
    <input type="hidden" name="_wpcf7_posted_data_hash" value="">
  </div>
  <div class="form-field"><span class="wpcf7-form-control-wrap" data-name="your-email"><input size="40" class="wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email" autocomplete="email" aria-required="true"
        aria-invalid="false" placeholder="Your email address" value="" type="email" name="your-email"></span><input class="wpcf7-form-control wpcf7-submit has-spinner" type="submit" value="SIGN UP"><span class="wpcf7-spinner"></span></div>
  <div class="wpcf7-response-output" aria-hidden="true"></div>
</form>

Text Content

WE VALUE YOUR PRIVACY

We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products. With your
permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
691 partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting. Please note that some processing of your personal data may not
require your consent, but you have a right to object to such processing. Your
preferences will apply to this website only. You can change your preferences at
any time by returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
 * Home
 * Cyber Crime
 * Cyber warfare
 * APT
 * Data Breach
 * Deep Web
 * Digital ID
 * Hacking
 * Hacktivism
 * Intelligence
 * Internet of Things
 * Laws and regulations
 * Malware
 * Mobile
 * Reports
 * Security
 * Social Networks
 * Terrorism
 * ICS-SCADA
 * POLICIES
 * Contact me

MUST READ

CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited
Vulnerabilities catalog

 | 

NATO is investigating a new cyber attack claimed by the SiegedSec group

 | 

Global CRM Provider Exposed Millions of Clients’ Files Online

 | 

Sony sent data breach notifications to about 6,800 individuals

 | 

Apple fixed the 17th zero-day flaw exploited in attacks

 | 

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

 | 

A cyberattack disrupted Lyca Mobile services

 | 

Chipmaker Qualcomm warns of three actively exploited zero-days

 | 

DRM Report Q2 2023 - Ransomware threat landscape

 | 

Phishing campaign targeted US executives exploiting a flaw in Indeed job search
platform

 | 

San Francisco’s transport agency Metropolitan Transportation Commission (MTC)
exposes drivers’ plate numbers and addresses

 | 

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

 | 

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and
more)

 | 

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

 | 

European Telecommunications Standards Institute (ETSI) suffered a data breach

 | 

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

 | 

National Logistics Portal (NLP) data leak: seaports in India were left
vulnerable to takeover by hackers

 | 

North Korea-linked Lazarus targeted a Spanish aerospace company

 | 

Ransomware attack on Johnson Controls may have exposed sensitive DHS data

 | 

BlackCat gang claims they stole data of 2.5 million patients of McLaren Health
Care

 | 

Security Affairs newsletter Round 439 by Pierluigi Paganini – International
edition

 | 

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

 | 

FBI warns of dual ransomware attacks

 | 

Progress Software fixed two critical severity flaws in WS_FTP Server

 | 

Child abuse site taken down, organized child exploitation crime suspected –
exclusive

 | 

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

 | 

Chinese threat actors stole around 60,000 emails from US State Department in
Microsoft breach

 | 

Misconfigured WBSC server leaks thousands of passports

 | 

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities
catalog

 | 

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

 | 

Dark Angels Team ransomware group hit Johnson Controls

 | 

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

 | 

Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones
and Android devices

 | 

China-linked APT BlackTech was spotted hiding in Cisco router firmware

 | 

Watch out! CVE-2023-5129 in libwebp library affects millions applications

 | 

DarkBeam leaks billions of email and password combinations

 | 

'Ransomed.vc' in the Spotlight - What is Known About the Ransomware Group
Targeting Sony and NTT Docomo

 | 

Top 5 Problems Solved by Data Lineage

 | 

Threat actors claim the hack of Sony, and the company investigates

 | 

Canadian Flair Airlines left user data leaking for months

 | 

The Rhysida ransomware group hit the Kuwait Ministry of Finance

 | 

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care
patients

 | 

Xenomorph malware is back after months of hiatus and expands the list of targets

 | 

Smishing Triad Stretches Its Tentacles into the United Arab Emirates

 | 

Crooks stole $200 million worth of assets from Mixin Network

 | 

A phishing campaign targets Ukrainian military entities with drone manual lures

 | 

Alert! Patch your TeamCity instance to avoid server hack

 | 

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

 | 

Nigerian National pleads guilty to participating in a millionaire BEC scheme

 | 

New variant of BBTok Trojan targets users of +40 banks in LATAM

 | 

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

 | 

Alphv group claims the hack of Clarion, a global manufacturer of audio and video
equipment for cars

 | 

Security Affairs newsletter Round 438 by Pierluigi Paganini – International
edition

 | 

National Student Clearinghouse data breach impacted approximately 900 US schools

 | 

Government of Bermuda blames Russian threat actors for the cyber attack

 | 

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt
with Predator spyware

 | 

CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its
Known Exploited Vulnerabilities catalog

 | 

Information of Air Canada employees exposed in recent cyberattack

 | 

Sandman APT targets telcos with LuaDream backdoor

 | 

Apple rolled out emergency updates to address 3 new actively exploited zero-day
flaws

 | 

Ukrainian hackers are behind the Free Download Manager supply chain attack

 | 

Space and defense tech maker Exail Technologies exposes database access

 | 

Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports
causing severe disruptions

 | 

Experts found critical flaws in Nagios XI network monitoring software

 | 

The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs

 | 

International Criminal Court hit with a cyber attack

 | 

GitLab addressed critical vulnerability CVE-2023-5009

 | 

Trend Micro addresses actively exploited zero-day in Apex One and other security
Products

 | 

ShroudedSnooper threat actors target telecom companies in the Middle East

 | 

Recent cyber attack is causing Clorox products shortage

 | 

Earth Lusca expands its arsenal with SprySOCKS Linux malware

 | 

Microsoft AI research division accidentally exposed 38TB of sensitive data

 | 

German intelligence warns cyberattacks could target liquefied natural gas (LNG)
terminals

 | 

Deepfake and smishing. How hackers compromised the accounts of 27 Retool
customers in the crypto industry

 | 

FBI hacker USDoD leaks highly sensitive TransUnion data

 | 

North Korea's Lazarus APT stole almost $240 million in crypto assets since June

 | 

Clop gang stolen data from major North Carolina hospitals

 | 

CardX released a data leak notification impacting their customers in Thailand

 | 

Security Affairs newsletter Round 437 by Pierluigi Paganini – International
edition

 | 

TikTok fined €345M by Irish DPC for violating children’s privacy

 | 

Dariy Pankov, the NLBrute malware author, pleads guilty

 | 

Dangerous permissions detected in top Android health apps

 | 

Caesars Entertainment paid a ransom to avoid stolen data leaks

 | 

Free Download Manager backdoored to serve Linux malware for more than 3 years

 | 

Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn
Medical Center in New York

 | 

The iPhone of a Russian journalist was infected with the Pegasus spyware

 | 

Kubernetes flaws could lead to remote code execution on Windows endpoints

 | 

Threat actor leaks sensitive data belonging to Airbus

 | 

A new ransomware family called 3AM appears in the threat landscape

 | 

Redfly group infiltrated an Asian national grid as long as six months

 | 

Mozilla fixed a critical zero-day in Firefox and Thunderbird

 | 

Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws

 | 

Save the Children confirms it was hit by cyber attack

 | 

Adobe fixed actively exploited zero-day in Acrobat and Reader

 | 

A new Repojacking attack exposed over 4,000 GitHub repositories to hack

 | 

MGM Resorts hit by a cyber attack

 | 

Anonymous Sudan launched a DDoS attack against Telegram

 | 

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the
U.A.E. using a new backdoor

 | 

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

 | 

CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities
Catalog

 | 

UK and US sanctioned 11 members of the Russia-based TrickBot gang

 | 

New HijackLoader malware is rapidly growing in popularity in the cybercrime
community

 | 

Some of TOP universities wouldn’t pass cybersecurity exam: left websites
vulnerable

 | 

Evil Telegram campaign: Trojanized Telegram apps found on Google Play

 | 

Rhysida Ransomware gang claims to have hacked three more US hospitals

 | 

Akamai prevented the largest DDoS attack on a US financial company

 | 

Security Affairs newsletter Round 436 by Pierluigi Paganini – International
edition

 | 

US CISA added critical Apache RocketMQ flaw to its Known Exploited
Vulnerabilities catalog

 | 

Ragnar Locker gang leaks data stolen from the Israel's Mayanei Hayeshua hospital

 | 

North Korea-linked threat actors target cybersecurity experts with a zero-day

 | 

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

 | 

Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

 | 

Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs

 | 

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

 | 

Two flaws in Apache SuperSet allow to remotely hack servers

 | 

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to
a mistake

 | 

Google addressed an actively exploited zero-day in Android

 | 

A zero-day in Atlas VPN Linux Client leaks users' IP address

 | 

MITRE and CISA release Caldera for OT attack emulation

 | 

ASUS routers are affected by three critical remote code execution flaws

 | 

Hackers stole $41M worth of crypto assets from crypto gambling firm Stake

 | 

Freecycle data breach impacted 7 Million users

 | 

Meta disrupted two influence campaigns from China and Russia

 | 

A massive DDoS attack took down the site of the German financial agency BaFin

 | 

"Smishing Triad" Targeted USPS and US Citizens for Data Theft

 | 

University of Sydney suffered a security breach caused by a third-party service
provider

 | 

Cybercrime will cost Germany $224 billion in 2023

 | 

PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for
Networks

 | 

Security Affairs newsletter Round 435 by Pierluigi Paganini – International
edition

 | 

LockBit ransomware gang hit the Commission des services electriques de Montréal
(CSEM)

 | 

UNRAVELING EternalBlue: inside the WannaCry’s enabler

 | 

Researchers released a free decryptor for the Key Group ransomware

 | 

Fashion retailer Forever 21 data breach impacted +500,000 individuals

 | 

Russia-linked hackers target Ukrainian military with Infamous Chisel Android
malware

 | 

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

 | 

Paramount Global disclosed a data breach

 | 

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and
2K others leaked by workplace safety organization

 | 

Abusing Windows Container Isolation Framework to avoid detection by security
products

 | 

Critical RCE flaw impacts VMware Aria Operations Networks

 | 

UNC4841 threat actors hacked US government email servers exploiting Barracuda
ESG flaw

 | 

Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy
for Cybersecurity (NISC) for months

 | 

FIN8-linked actor targets Citrix NetScaler systems

 | 

Japan's JPCERT warns of new 'MalDoc in PDF' attack technique

 | 

Attackers can discover IP address by sending a link over the Skype mobile app

 | 

Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software

 | 

Cloud and hosting provider Leaseweb took down critical systems after a cyber
attack

 | 

Crypto investor data exposed by a SIM swapping attack against a Kroll employee

 | 

China-linked Flax Typhoon APT targets Taiwan

 | 

Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035

 | 
 * Home
 * Cyber Crime
 * Cyber warfare
 * APT
 * Data Breach
 * Deep Web
 * Digital ID
 * Hacking
 * Hacktivism
 * Intelligence
 * Internet of Things
 * Laws and regulations
 * Malware
 * Mobile
 * Reports
 * Security
 * Social Networks
 * Terrorism
 * ICS-SCADA
 * POLICIES
 * Contact me

Ad

 * Home
 * Breaking News
 * Data Breach
 * Security
 * Global CRM Provider Exposed Millions of Clients’ Files Online


GLOBAL CRM PROVIDER EXPOSED MILLIONS OF CLIENTS’ FILES ONLINE

Pierluigi Paganini October 05, 2023



RESEARCHER DISCOVERED THAT GLOBAL B2B CRM PROVIDER REALLY SIMPLE SYSTEMS EXPOSED
ONLINE A NON-PASSWORD-PROTECTED DATABASE WITH MILLION RECORDS.

Cybersecurity Researcher, Jeremiah Fowler, discovered and reported
to vpnMentor about a non-password protected database that contained over 3
million records. The documents appeared to be associated with internal invoices,
communications, and customer’s stored CRM files.

Upon further research, records indicated that the database belonged to global
B2B CRM provider Really Simple Systems. Cloud-based customer relationship
management systems allow a business or another organization to manage
interactions with customers, store documents or other important business data
and allow them to access it from anywhere. The database contained hundreds of
folders, and most of them appeared to hold documents related to individual
companies and their customers. Other folders contained shared images, invoices,
templates, and other Really Simple Systems internal records. Among other
documents, the database contained 2,565,602.dat files, 50,242 image files, and
101,290 invoices that may expose the customers’ name, address, and CRM plan
details. There were many other types of file extensions and these represent the
top three most common files in the database.

Ad

In a limited sampling, I saw an incredibly wide range of documents, which
belonged to different kinds of organizations, from small businesses to global
well-known organizations. I saw information from companies and customers located
in the USA, UK, Australia, multiple EU countries, and more. Notably, a vast
majority of these records could be considered highly sensitive, as they exposed
personally identifiable information (PII). Some of the most potentially
sensitive files I saw were medical records, identification documents, real
estate contracts, credit reports, legal documents, tax documents, non-disclosure
agreements, and even disability claims, all of which showed SSN and tax
identification numbers. One of the client folders contained a large collection
of child psychological examination documents marked as confidential. I also saw
plenty of internal document templates that are believed to be associated with
Really Simple Systems and their users that included emails, billing data and
invoices, service agreements, and more.

The records inside the database were publicly accessible to anyone with an
internet connection. Upon discovering the exposure, I sent a responsible
disclosure notice and received a reply thanking me for the notification. One
folder specifically belonging to a managed educational platform that provides
educational and school management services was removed from public access the
same day. However, other folders remained accessible for several days before
being restricted. After sending a follow-up email, I received the following
message: “As of Tuesday 29th August, we, at the CRM Success Team, understands
that : Further settings changes / code changes are being applied to further
resolve, over the next few days. The relevant company directors and gdpr
officers have been notified, by the development manager”.

I cannot say how long the data was exposed nor if anybody else actually accessed
it before Really Simple Systems restricted access. I also imply no wrongdoing or
malicious activity that led to the data exposure.

According to Wikipedia, “Really Simple Systems CRM has over 18,000 users of its
hosted customer relationship management systems. Customers include the Royal
Academy, the Red Cross, the NHS and IBM as well as thousands of small and medium
sized companies”.

There were millions of diverse documents in the database belonging to Really
Simple Systems and their customers. As an ethical security researcher, I never
download the data I find. These screenshots represent an example of a small
portion of the exposed documents that I saw in the database.


MANY DOCUMENTS FROM MANY DIFFERENT COMPANIES ALL IN ONE PLACE

A Customer Relationship Management (CRM) data breach can have potentially
serious consequences for both businesses and individuals. CRM systems store a
wealth of sensitive business data as well as a large amount of personal and
confidential customer data, including names, addresses, multiple contact
information, business records, and other important files used in daily business
operations. This makes CRM systems an attractive potential target for
cybercriminals. The majority of the files in the database were.dat files. This
is a generic data file that contains information in a plain text or binary
format. The term “dat” stands for “data,” and these files can store a wide
variety of data. Additionally, there were PDF documents, and image files in png
and jpg formats.

With over 100,000 exposed invoices, this situation highlights the vulnerability
that can allow anyone with an internet connection to see who are Really Simple
System’s customers, how much they are spending, their storage plans, account
numbers, and other information that was not intended to be public. This could
potentially allow criminals to manipulate or send fraudulent invoices to the
customers of Really Simple Systems. The criminals could change payment details,
and redirect funds to their own accounts. Invoice fraud is a serious concern; in
2022, Forbes reported that among the 2,750 surveyed businesses, more than 34,000
cases of invoice fraud were found in a single year.

Other potential risks include targeted phishing attacks where criminals could
send convincing phishing emails using insider information from the exposed
database to target employees, clients, or vendors. They could hypothetically
impersonate the company using Really Simple Systems services and instruct
recipients to click on malicious links or malware. Attacks where criminals
impersonate company employees or clients can also potentially open the door to
unauthorized access of additional internal systems or resources. This highly
increases the likelihood of success, as the emails appear more legitimate to
recipients and contain information that only official company representatives
would know.

I saw a very large number of documents in multiple folders inside the publicly
exposed database that contained tax identification numbers or SSN numbers. In
the wrong hands, this information could potentially be used for financial frauds
or identity theft. For instance, a common tactic for criminals is to use the
stolen information to file false tax returns and attempt to claim refunds that
don’t belong to them, thus creating a very difficult situation for the
individual whose information was used. According to the IRS, in 2023 the US tax
agency found that nearly 1.1 million tax returns were potentially fraudulent.
The estimated total value of the fraudulent returns was nearly $6.3 billion.

I am highlighting the importance of security, rather than implying any
wrongdoing by Really Simple Systems or saying that their customers or the
customer’s clientele were ever in imminent risk. I am only stating the facts of
potential vulnerabilities and their implications, and describing the
hypothetical real world impact and potential risks of a CRM data breach. We
publish our findings for educational purposes and to raise awareness of cyber
security and best practices. I highly recommend that any company that collects
and stores records, documents, or other files on behalf of other businesses
conduct regular penetration testing and ensure the firewall is properly
configured to restrict public access. It is crucial to implement robust
cybersecurity measures, such as encryption, access controls, regular security
audits, employee training, intrusion detection systems, and incident response
plans.

If an individual’s personal information has been exposed in a data breach, there
are several steps they should take to protect themselves and mitigate potential
risks.

The author’s recommendations are available in the original post at:

https://www.vpnmentor.com/news/report-reallysimplesystems-breach/

About the Author: Jeremiah Fowler

Cybersecurity researcher at vpnMentor and Co-Founder of Security Discovery.

Jeremiah finds and reports data breaches and vulnerabilities. He identifies real
world examples of how exposed data can be a much bigger risk to personal
privacy. Together with the vpnMentor team he has helped secure the personal data
of millions of people from all over the world.

Jeremiah has over 10 years of experience in cyber security and has found some of
the largest data breaches recorded in yearly summaries. After the company he was
working for had a data breach of their own customers he became inspired to find
out how data exposures happen. What started as digital treasure hunting quickly
became more than a hobby. He quickly became a well known security researcher and
thought leader frequently appearing in the news.

He has been a keynote speaker at multiple security conferences and has given
lectures and webinars to startups and Fortune 100 companies on the topics of
cyber security, privacy, and data protection. Jeremiah lives by the saying “Do
what you love, and you will always love what you do”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CRM Provider)



--------------------------------------------------------------------------------

facebook linkedin twitter

--------------------------------------------------------------------------------

CRM Provider data breach data leak Hacking hacking news information security
news IT Information Security Pierluigi Paganini Security Affairs Security News

YOU MIGHT ALSO LIKE

Pierluigi Paganini October 05, 2023

CISA ADDS JETBRAINS TEAMCITY AND WINDOWS FLAWS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

Read more
Pierluigi Paganini October 05, 2023

NATO IS INVESTIGATING A NEW CYBER ATTACK CLAIMED BY THE SIEGEDSEC GROUP

Read more

LEAVE A COMMENT



NEWSLETTER

SUBSCRIBE TO MY EMAIL LIST AND STAY
UP-TO-DATE!



RECENT ARTICLES

CISA ADDS JETBRAINS TEAMCITY AND WINDOWS FLAWS TO ITS KNOWN EXPLOITED
VULNERABILITIES CATALOG

Hacking / October 05, 2023



NATO IS INVESTIGATING A NEW CYBER ATTACK CLAIMED BY THE SIEGEDSEC GROUP

Hacking / October 05, 2023



GLOBAL CRM PROVIDER EXPOSED MILLIONS OF CLIENTS’ FILES ONLINE

Data Breach / October 05, 2023



SONY SENT DATA BREACH NOTIFICATIONS TO ABOUT 6,800 INDIVIDUALS

Data Breach / October 05, 2023



APPLE FIXED THE 17TH ZERO-DAY FLAW EXPLOITED IN ATTACKS

Hacking / October 04, 2023



To contact me write an email to:

Pierluigi Paganini :
pierluigi.paganini@securityaffairs.co

LEARN MORE

QUICK LINKS

 * Home
 * Cyber Crime
 * Cyber warfare
 * APT
 * Data Breach
 * Deep Web
 * Digital ID
 * Hacking
 * Hacktivism
 * Intelligence
 * Internet of Things
 * Laws and regulations
 * Malware
 * Mobile
 * Reports
 * Security
 * Social Networks
 * Terrorism
 * ICS-SCADA
 * POLICIES
 * Contact me

Copyright@securityaffairs 2023



We use cookies on our website to give you the most relevant experience by
remembering your preferences and repeat visits. By clicking “Accept All”, you
consent to the use of ALL the cookies. However, you may visit "Cookie Settings"
to provide a controlled consent.
Cookie SettingsAccept All
Manage consent
Close

PRIVACY OVERVIEW

This website uses cookies to improve your experience while you navigate through
the website. Out of these cookies, the cookies that are categorized as necessary
are stored on your browser as they are essential for the working of basic
functionalities...
Necessary
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly.
This category only includes cookies that ensures basic functionalities and
security features of the website. These cookies do not store any personal
information.
Non-necessary
Non-necessary
Any cookies that may not be particularly necessary for the website to function
and is used specifically to collect user personal data via analytics, ads, other
embedded contents are termed as non-necessary cookies. It is mandatory to
procure user consent prior to running these cookies on your website.
SAVE & ACCEPT


Go to mobile version