Items tagged with cybersecurity
Over the weekend, a group of Iranian hackers stole a trove of files from a nuclear technology agency. However, rather than comprising a state-backed hacking group, the hackers in question identify as anti-regime hacktivists who operate under the name “Black Reward.” The group claims to have stolen at least 50 GB of...
Read more...
Advocate Aurora Health (AAH), a healthcare provider with locations in Illinois and Wisconsin, has published a data breach notice to its website. However, rather than being the victim of a ransomware attack or some other form of unauthorized access, AAH has instead attributed the incident to a bit of JavaScript...
Read more...
On September 24, the cyber threat intelligence company SOCRadar notified Microsoft that one of its Azure Blob Storage servers was misconfigured and leaking customer information. Now, almost a month later, both Microsoft and SOCRadar have released blog posts warning businesses that some of their transaction data and...
Read more...
The US Department of Education is currently preparing to forgive up to $20,000 per person in federal student loan debt. While there are multiple outstanding legal challenges to the executive order that authorizes this plan, those with student loans can already apply for debt relief on the official Federal Student Aid...
Read more...
On October 10, less than a month after Australia was hit by its largest ever data breach, the Australian online retail store MyDeal was struck by a data breach. According to Woolworths Group, which recently acquired the online retailer, an unknown actor used a set of compromised employee credentials to access MyDeal’s...
Read more...
Researchers at the cybersecurity company Zscaler have discovered a new version of the Ducktail Infostealer in a malware campaign seeking to steal Facebook Business account credentials. Cybersecurity researchers first identified the Ducktail Infostealer in 2021, attributing the bit of malware to a Vietnamese threat...
Read more...
This week, Cloudflare released a threat report detailing the state of distributed-denial-of-service (DDoS) attacks in the third quarter of 2022. Cloudflare is a major provider of DDoS mitigation services, giving the company insight into the frequency, strength, and nature of DDoS attacks. The largest attack Cloudflare...
Read more...
This week, the Northern District of California court is considering whether to let a lawsuit filed against Google continue as a class action lawsuit. The suit in question is seeking statutory damages on behalf of millions of Google Chrome users, claiming that Google misled users of Chrome’s Incognito mode into a false...
Read more...
Mullvad VPN, the Swedish VPN service that powers Mozilla VPN, is currently in the midst of a security audit of its Android app. While conducting this audit, the company discovered that Android’s VPN settings don’t block the operating system from making certain connections to Google servers outside the VPN tunnel...
Read more...
Toyota, the world’s largest car company, recently discovered that an access key for one of its data servers has been publicly available on GitHub for almost five years, exposing the data on this server to potential unauthorized third party access. The data server in question stores information related to subscribers...
Read more...
Researchers at the cybersecurity firm Trellix have been keeping tabs on a sophisticated phishing campaign, known as BazarCall, since it first drew attention in 2020. This campaign evolved over time, pioneering a social engineering technique called "callback phishing" that is now employed by many different threat...
Read more...
Researchers at the cybersecurity firm Checkmarx have managed to map out a complex web of criminal activity that all ties back to a threat actor known as LofyGang. This group of cybercriminals caters to other nefarious actors and Discord users by offering hacking tools, Discord-related npm packages, and other services...
Read more...
Zimperium, a cybersecurity company that focuses on mobile devices, has published research detailing a new family of Android spyware. Dubbed “RatMilad,” this spyware seems to be targeting enterprise mobile devices located in the Middle East. However, unlike many other spyware families, such as Pegasus and Hermit...
Read more...
Last month, researchers at the cybersecurity firm GTSC discovered cyberattacks actively exploiting two zero-day vulnerabilities in the Microsoft Exchange email system. The researchers reported these two vulnerabilities to the Zero Day Initiative (ZDI), which verified this report and passed it on to Microsoft. The...
Read more...
On September 5, Los Angeles Unified School District (LAUSD), the second largest school district in the United States, published a news release disclosing a ransomware attack on its internal systems. While LAUSD is far from the only school to have been hit by ransomware this year, the size of the school district has...
Read more...
Last year, Cloudflare, a company that provides DDoS mitigation, content delivery network (CDN) services, and many others, published a blog post declaring its intention to kill CAPTCHAs. Now about a year and a half later, the company is introducing an alternative to standard CAPTCHAs that should be much faster and...
Read more...
Last Thursday, one of Australia’s biggest telecommunications and broadband providers, Optus, disclosed a cyberattack that compromised customer data. While the data breach took place a week ago, the story continues to develop. As it currently stands, a threat actor accessed the personal information of as many as 11.2...
Read more...
Yesterday evening, iPhone users may have been surprised to see multiple push notifications from Apple News containing a racist slur and other obscene language. The notifications were triggered by Fast Company’s Apple News account, prompting Apple News to disable the publication’s news channel. As it turns out, a...
Read more...
Edward Snowden has gained Russian citizenship nine years after fleeing the United States and landing in Russia. On Monday, Russian president Vladimir Putin signed a decree granting citizenship to 75 foreigners residing in the country, with Snowden among them.
Snowden, a former NSA contractor, publicly exposed the...
Read more...
Threat analysis teams from two different cybersecurity firms, Cyderes and Stairwell, have published a joint report detailing a new ransomware technique that may be the next big evolution in ransomware. Rather than encrypting data on victims’ computers, ransomware may soon corrupt the data instead, rendering it...
Read more...
Researchers at the cybersecurity firm ReasonLabs have discovered a credit card scam campaign estimated to have extracted tens of millions of dollars from tens of thousands of credit card holders. This scheme utilizes fake dating websites, a dedicated payment processor, and customer support services all created and...
Read more...
2K, the publisher of numerous video game series, including Borderlands, Civilization, and Bioshock, has issued a notice to warn customers that an unknown actor recently gained unauthorized access to its help desk platform. The threat actor in question abused this access to distribute malware by way of the 2K Games...
Read more...
