Browsing category
The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a “new experimental campaign” designed to breach cloud environments. “Intriguingly, the attacker is also broadening the horizons of their cloud-native attacks by extracting credentials from the Cloud Service Provider (CSP),” […]
Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. “In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations,” cybersecurity firm Rapid7 disclosed in […]
A former employee of the U.S. National Security Agency (NSA) has pleaded guilty to charges accusing him of attempting to transmit classified defense information to Russia. Jareh Sebastian Dalke, 31, served as an Information Systems Security Designer for the NSA from June 6, 2022, to July 1, 2022, where he had Top Secret clearance to […]
Spanish law enforcement officials have announced the arrest of 34 members of a criminal group that carried out various online scams, netting the gang about €3 million ($3.2 million) in illegal profits. Authorities conducted searches across 16 locations Madrid, Malaga, Huelva, Alicante, and Murcia, seizing two simulated firearms, a katana sword, a baseball bat, €80,000 […]
Identity services provider Okta on Friday disclosed a new security incident that allowed unidentified threat actors to leverage stolen credentials to access its support case management system. “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” David Bradbury, Okta’s chief security officer, said. “It should […]
Taiwanese networking equipment manufacturer D-Link has confirmed a data breach that led to the exposure of what it said is “low-sensitivity and semi-public information.” “The data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as early as 2015,” the company said. “The […]
Passwords are at the core of securing access to an organization’s data. However, they also come with security vulnerabilities that stem from their inconvenience. With a growing list of credentials to keep track of, the average end-user can default to shortcuts. Instead of creating a strong and unique password for each account, they resort to […]
APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interact with external services, allowing them to integrate various functionalities into their own applications. However, this increased reliance on APIs has also […]
Introduction In today’s interconnected digital ecosystem, Application Programming Interfaces (APIs) play a pivotal role in enabling seamless communication and data exchange between various software applications and systems. APIs act as bridges, facilitating the sharing of information and functionalities. However, as the use of APIs continues to rise, they have become an increasingly attractive target for […]
The mobile application of T-Mobile has recently been a cause of concern among its customers due to issues concerning privacy. Users have reported accessing sensitive information belonging to other customers when logging into their own accounts. This alarming situation has raised questions about the security of personal data within T-Mobile’s systems. The incident was first […]
IBM’s 2023 installment of their annual “Cost of a Breach” report has thrown up some interesting trends. Of course, breaches being costly is no longer news at this stage! What’s interesting is the difference in how organizations respond to threats and which technologies are helping reduce the costs associated with every IT team’s nightmare scenario. […]
In a recent development, Forever 21 disclosed a cyber incident that came to light on March 20, 2023, affecting a limited number of its systems. Forever 21 is a multinational fast fashion retailer headquartered in Los Angeles, California, United States. Originally founded as the store Fashion 21 in Highland Park, Los Angeles, in 1984, it […]
PurFoods, LLC, operating under the trade name Mom’s Meals, has announced the compromise of personal information affecting its clients and employees. The company acknowledged that its cybersecurity defenses had been compromised, allowing unauthorized access to a treasure trove of consumer data. The incident occurred between January 16, 2023, and February 22, 2023, with the attack […]
Risk and financial advisory solutions provider Kroll on Friday disclosed that one of its employees fell victim to a “highly sophisticated” SIM swapping attack. The incident, which took place on August 19, 2023, targeted the employee’s T-Mobile account, the company said. “Specifically, T-Mobile, without any authority from or contact with Kroll or its employee, transferred […]
Two U.K. teenagers have been convicted by a jury in London for being part of the notorious LAPSUS$ (aka Slippy Spider) transnational gang and for orchestrating a series of brazen, high-profile hacks against major tech firms and demanding a ransom in exchange for not leaking the stolen information. This includes Arion Kurtaj (aka White, Breachbase, […]
Unfortunately, data breaches and similarly related physical security threats are something of an eventuality in the modern world. Recently published data reveals 28% of businesses saw a rise in physical security incidents during 2022, with 83% of organizations experiencing multiple data breaches during the same period, due in part to a global increase in sophisticated […]
The U.K. Electoral Commission on Tuesday disclosed a “complex” cyber attack on its systems that went undetected for over a year, allowing the threat actors to access years worth of voter data belonging to 40 million people. “The incident was identified in October 2022 after suspicious activity was detected on our systems,” the regulator said. […]
A hacktivist group known as Mysterious Team Bangladesh has been linked to over 750 distributed denial-of-service (DDoS) attacks and 78 website defacements since June 2022. “The group most frequently attacks logistics, government, and financial sector organizations in India and Israel,” Singapore-headquartered cybersecurity firm Group-IB said in a report shared with The Hacker News. “The group […]
Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. This includes a specific class of bugs called Insecure Direct Object Reference (IDOR), a type of access control flaw […]
The U.S. Securities and Exchange Commission (SEC) on Wednesday approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a “material” impact on their finances, marking a major shift in how computer breaches are disclosed. “Whether a company loses a factory in […]
Data is a critical asset in today’s digital business landscape. The loss of crucial information can result in severe financial damages and harm to a company’s reputation. Protecting your company from data loss involves implementing proactive measures to secure data integrity. This article highlights best practices to prevent catastrophic data loss and protect your company’s […]