Sustainable energy giant Hitachi Energy has blamed a data breach affecting employees on the exploitation of a recently disclosed zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) software. In a press release published on Friday, Hitachi Energy said the Cl0p ransomware gang targeted the GoAnywhere product and may have gained unauthorized access to employee data in some … [Read more...]
NBA Notifying Individuals of Data Breach at Mailing Services Provider
The National Basketball Association (NBA) is notifying individuals that their personal data was stolen in a data breach at a third-party service provider. Last week, the NBA started sending out notification emails to an unknown number of individuals, to inform them that their information was compromised in a data breach at a third-party provider of newsletter services. The incident has resulted in … [Read more...]
Adobe Acrobat Sign Abused to Distribute Malware
Cybercriminals have been observed abusing Adobe’s Acrobat Sign service to deliver emails leading to a RedLine stealer infection, cybersecurity firm Avast warns. Acrobat Sign is a cloud service that allows registered users to sign, send, and track documents in real-time, as well as to send signature requests to anyone. When a signature request is sent, Acrobat Sign automatically generates and sends … [Read more...]
New York Man Arrested for Running BreachForums Cybercrime Website
A New York man accused of running the popular cybercrime forum BreachForums was arrested and charged last week. He is believed to be Pompompurin, an individual whose online moniker was mentioned in several high-profile hacking stories in the past years. The suspect is 21-year-old Conor Brian Fitzpatrick of Peekskill, New York. According to court documents filed last week, he was arrested on … [Read more...]
Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder
Chinese technology giant Huawei has replaced thousands of product components banned by the United States with homegrown versions, its founder has said, according to a transcript of a recent speech released by a Shanghai university. A leading supplier of telecom gear, smartphones and other advanced equipment, Huawei has been repeatedly targeted by Washington in recent years over cybersecurity and … [Read more...]
Latitude Financial Services Data Breach Impacts 300,000 Customers
Australian financial services company Latitude Financial Services is notifying roughly 300,000 customers that their personal information might have been compromised in a data breach. A subsidiary of Deutsche Bank and KKE operating since 2015 and headquartered in Melbourne, Latitude is the largest non-bank lender of consumer credit in Australia, also offering services in New Zealand, under the … [Read more...]
US Government Warns Organizations of LockBit 3.0 Ransomware Attacks
The Federal Bureau of Investigation (FBI), the Cybersecurity and Information Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) this week issued an alert on the LockBit 3.0 ransomware operation. Since January 2020, LockBit has functioned based on the ransomware-as-a-service (RaaS) model, targeting a broad range of businesses and critical infrastructure … [Read more...]
New ‘Trigona’ Ransomware Targets US, Europe, Australia
A new ransomware family has proven highly active over the past several months, cybersecurity firm Palo Alto Networks warns. Dubbed Trigona, the malware emerged at the end of October 2022, targeting organizations in agriculture, construction, finance, high tech, manufacturing, and marketing in Australia, Italy, France, Germany, New Zealand, and the United States. One of the main features that sets … [Read more...]
New Espionage Group ‘YoroTrooper’ Targeting Entities in European, CIS Countries
A newly identified threat actor has been observed targeting government and energy organizations in the Commonwealth of Independent States (CIS) region for espionage and data theft, Cisco warns. Dubbed YoroTrooper, the group has been active since at least June 2022, mainly hitting governments across Eastern Europe, but was also seen compromising accounts at a European Union healthcare agency and … [Read more...]
Exploitation of Recent Fortinet Zero-Day Linked to Chinese Cyberspies
Fortinet recently warned that a FortiOS zero-day vulnerability has been exploited in attacks aimed at government organizations. Google-owned cybersecurity firm Mandiant reported on Thursday that those attacks were likely conducted by a Chinese state-sponsored threat actor. The vulnerability in question is tracked as CVE-2022-41328 and it has been described as a medium-severity path traversal issue … [Read more...]
Project Zero: Samsung Mobile Chipsets Vulnerable to Baseband Code Execution Exploits
Google’s Project Zero unit is calling urgent attention to multiple security defects found in Samsung’s Exynos chipsets, warning that attackers can remotely compromise a phone at the baseband level with no user interaction whatsoever. Project Zero leam lead Tim Willis said his researchers reported at least 18 zero-day vulnerabilities in the Exynos modems produced by Samsung Semiconductor and used … [Read more...]
Meta Develops New Kill Chain Thesis
Facebook parent Meta has officially unveiled a ten-phase kill chain model that it believes will be more inclusive and more effective than the existing range of kill chain models. Cybersecurity theorists have long sought to understand the stages of an attack. The idea is simple: if you can recognize a stage in the attack process, you will be more able to disrupt the attack and protect your … [Read more...]
Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111
Mozilla announced this week the release of Firefox 111, which patches over a dozen vulnerabilities, including potentially serious issues. Of the 13 CVEs, seven have been assigned a ‘high’ severity rating. Three of them only impact Firefox for Android, and they can allow a hacker to hide fullscreen notifications — this can lead to user confusion or spoofing attacks — and open third-party apps … [Read more...]
Poland Breaks up Russian Spy Ring
Polish counter-intelligence has dismantled a Russian spy ring that gathered information on military equipment deliveries to Ukraine via the EU member, Poland’s interior minister said Thursday. “The ABW counter-intelligence agency has arrested nine people suspected of working for the Russian secret service,” Interior Minister Mariusz Kaminski told reporters. “The suspects had been conducting … [Read more...]
CISA Seeks Public Opinion on Cloud Application Security Guidance
The US Cybersecurity and Infrastructure Security Agency (CISA) is seeking public comment on guidance for securing cloud business applications. Titled Secure Cloud Business Applications (SCuBA) Hybrid Identity Solutions Architecture, the document is meant to help federal agencies securely integrate cloud-based solutions with existing on-premises infrastructure. The SCuBA project includes two … [Read more...]
Webinar Today: How to Build Resilience Against Emerging Cyber Threats
Thursday, March 16, 2023 | 1:00 PM Eastern Daylight Time – Register Innovative cyber attacks are on the rise—threatening corporate and government infrastructure, supply chains, brand reputations, and revenues. One of the best ways to prepare for the evolving threats of tomorrow is to revisit the details of recent major cybersecurity incidents. The benefit of hindsight can help us spot warning … [Read more...]
Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
Russia has been ramping up its cyberespionage operations in 2023, according to a new intelligence report from Microsoft that analyzes Russia’s hybrid warfare in Ukraine. Russia has launched many disruptive cyberattacks against Ukraine, including DDoS attacks and wiper attacks, and it has stepped up its misinformation campaigns. Since the start of the conflict, Moscow-backed hackers have deployed … [Read more...]
Make Your Picks: Cyber Madness Bracket Challenge Starts Today
SecurityWeek’s Cyber Madness Bracket challenge starts today as the NCAA tournament kicks off at 12PM ET. It’s not too late to join in the action and have some fun! As bracket-mania sweeps across the country for the 2023 NCAA Men’s Basketball Tournament, commonly referred to as “March Madness,” SecurityWeek will host its own “Cyber Madness” bracket challenge for those in the cybersecurity community … [Read more...]
Data Breach at Independent Living Systems Impacts 4 Million Individuals
Florida-based health services company Independent Living Systems (ILS) has started sending out notification letters to more than 4 million individuals to inform them of a data breach impacting their personal and medical information. Founded in 2001, ILS has 10 offices across the US and provides managed care organizations and providers with clinical and third-party administrative services. The … [Read more...]
Russia-Linked APT ‘Winter Vivern’ Targeting Governments in Europe, Asia
A Russia-linked advanced persistent threat (APT) actor tracked as Winter Vivern has been observed targeting government entities in several European and Asian countries. Initially detailed in early 2021, the group is known to support the interests of Belarus and Russia’s governments, and was previously observed targeting government organizations in India, Lithuania, Slovakia, and Vatican. Following … [Read more...]
- « Previous Page
- 1
- …
- 129
- 130
- 131
- 132
- 133
- …
- 144
- Next Page »