Category: Information Security Buzz

A new class of activity-tracking apps that have recently had significant success on Google Play, the official software store for Android, has been downloaded onto more than 20 million devices. The apps present themselves as a pedometer, fitness, and habit-building…

Read more →

Netflix wants to stop people from sharing their passwords, which will be pretty upsetting for its customer who shares passwords, especially those who don’t live with you. However, the streaming service meant business this time. The company lost 200,000 customers…

Read more →

Google Adwords phishing campaigns steal Bitwarden and other password managers’ vault passwords. As enterprises and consumers use unique passwords at every site, password managers must keep track of them. Unless you use KeePass, most password managers are cloud-based, allowing users…

Read more →

Today, the Artificial Intelligence Risk Management Framework’s initial version was released, according to the National Institute of Standards and Technology (NIST), a leading voice in developing A.I. standards (AI RMF). The AI RMF was developed over the past 18 months…

Read more →

The FBI announced in November that since June 2021, this ransomware operation had stolen almost $100 million from more than 1,500 businesses. For information that could assist in tying the Hive ransomware organization (or other threat actors) with the international…

Read more →

With the increasing number of cyberattacks targeting large enterprises, many companies have turned to zero-trust security measures to protect their networks and data. However, a recent report from Gartner has raised concerns about the limitations of zero trust as a…

Read more →

A member of the forum going by the name IntelBroker has offered a database containing the personal information of 3.7 million people participating in the Hilton Hotels Honors program. According to the actor who posed a threat, the data in…

Read more →

A “widespread cyber effort” that employed legitimate remote monitoring and management (RMM) software to spread a phishing scam affected at least two federal departments in the United States. To steal money from victims’ bank accounts through a refund scam, cybercriminals…

Read more →

The company Zacks Investment Research (Zacks) was infiltrated by hackers last year, allowing them access to 820,000 clients’ sensitive and personal data. The 1978-founded business uses cutting-edge financial data analytics systems to assist stock buyers. A threat actor entered the…

Read more →

In today’s digital environment, endpoint protection is more critical than ever. With the increasing use of mobile devices, laptops, and cloud services, endpoint devices are becoming the primary target for cyber-attacks. Endpoint protection is the process of securing organizational assets…

Read more →

The US “No Fly” list has 1.5 million entries that have been made public. The US “No Fly List” was made publicly available online by a Swiss hacker who allegedly discovered three private documents on an insecure cloud storage server.…

Read more →

Endpoint protection is a critical aspect of cybersecurity that helps organizations protect their endpoints (computers, laptops, mobile devices, servers, IoT devices, etc.) from potential threats. With the increasing use of technology in businesses, endpoints have become a prime target for…

Read more →

Customers of GoTo (previously LogMeIn) are being alerted that threat actors took encrypted backups, including user information and an encryption key for some of that data, when they infiltrated its development environment in November 2022. GoTo offers a platform for…

Read more →

Only one-third of UK organisations have a validated plan in place to handle cyberwarfare; and 57% have stalled or stopped digital transformation projects due to the threat of cyberwarfare Armis, the leading asset visibility and security company, today announced preliminary…

Read more →

The year 2022 was a record-breaking year for Distributed Denial of Service (DDoS) attacks in Russia. According to a report released by Russia’s largest internet service provider (ISP), Rostelecom. The company recorded 21.5 million critical web attacks against 600 Russian businesses,…

Read more →

What originally served as a Cobalt Strike substitute has evolved into a popular C2 platform for threat actors. All essential capabilities for adversary simulation are being offered by Sliver, an open-source, cross-platform adversary emulation/red team framework. These include staged and…

Read more →

The number of data breaches and their effects are increasing as more aspects of our lives move online. It’s not surprising that the latest IBM Data Breach report found that the average cost of a hack to businesses has reached…

Read more →

Data loss prevention (DLP) has been around for well over 15 years. It’s by far the most effective tool for protecting data assets, scanning, and blocking users from sending critical files or sensitive information, such as credit card or customer…

Read more →

Looking back at 2022 is instructive as you prepare your cybersecurity approach for 2023. Ithelps guide your security approach and helps prepare employees and systems for the yearahead. For example, some state-backed attacks focus on stealing intellectual property fromtechnology companies.…

Read more →

Due to an alleged bug in the game’s PC version, Grand Theft Auto (GTA) Online gamers claim to have lost game progress, had their in-game money taken, and been blacklisted from the game servers. GTA Online is the multiplayer version…

Read more →

As we approach Data Privacy Day on January 28th, 2023, we must take the time to reflect on the importance of protecting our personal information. With the digital age in full force, we share an enormous amount of data online,…

Read more →

After discovering last week that its development environment had been breached. Riot Games, the publisher, and producer of the computer games League of Legends and Valorant announced that it would postpone game patches. The LA-based game publisher revealed the incident…

Read more →

Customers of the FanDuel sportsbook and betting platform are being cautioned that their names and email addresses were made public due to a security breach at MailChimp in January 2023. Users are advised to be on the lookout for scam…

Read more →

The 8220 Gang, a Chinese threat organization that operates for profit, was the subject of a threat bulletin from Radware today. Using a specially created crypto miner and IRC bot, the group, also known as the 8220 Mining Group has…

Read more →

Following a network intrusion by a “unidentified malicious intruder,” around 37 million T-Mobile customers had their personal information taken. Its been confirmed that data taken were customers’ addresses, phone numbers, and dates of birth were among the data taken, the…

Read more →

35k accounts of PayPal users were affected by a large-scale credential stuffing attack that exposed their personal information. The attack, which took place between December 6th and December 8th, 2022, was quickly detected and mitigated by the company. However, PayPal also…

Read more →

Ransomware attacks continue to pose a significant threat to organizations and industries worldwide. The Q4 2022 ransomware report by ReliaQuest (formerly Digital Shadows) comprehensively analyzes the latest trends and developments in the ransomware landscape. The report is based on primary…

Read more →

Hackers gained access to an internal customer assistance and account administration tool, and the email marketing company MailChimp had another breach that gave threat actors access to the information of 133 customers. According to MailChimp, the attackers used social engineering…

Read more →

FTX, a bankrupt cryptocurrency exchange, said on Tuesday to creditors that cyberattacks had stolen around $415 million in cryptocurrencies. Since FTX declared bankruptcy on November 11, its CEO John Ray has revealed in a separate statement. That $90 million in…

Read more →

DNV, a Norwegian assurance and risk management firm and classification organization, has confirmed that almost 1,000 ships were affected by a recent ransomware cyberattack on its fleet management system. After the hack on its ShipManager fleet management and operations platform…

Read more →

In order to assist victims of the infection in retrieving their files without paying the thieves, security software provider Avast has made a free decryptor for the BianLian ransomware strain available. The release of a decryptor comes just over a…

Read more →

Nissan North America has started delivering data breach notifications that there has been a disclosure of client data due to a breach at a third-party service provider. On Monday, January 16, 2023, Nissan notified the security breach to the Office…

Read more →

One of the largest liquor distributors in Canada, the Liquor Control Board of Ontario (LCBO), serves over 670 stores throughout Ontario. It has recently confirmed that a web skimmer had been injected into its online store, compromising customers’ personal data…

Read more →

Over the past week, a group claimed to have wrecked the website of ODIN Intelligence, a business that offers technology and solutions to law enforcement and police departments. They had a severe security flaw that exposed sensitive information about upcoming…

Read more →

[17.01.23] VIPRE Endpoint Detection & Response (EDR) delivers streamlined, sophisticated, high-performing cloud-based EDR management in a single, easy-to-navigate console.  VIPRE Security Group, an industry-leader and award-winning global cybersecurity, privacy, data, and user protection company, announced today the launch of its…

Read more →

The Outpost24 research team have released the results of attack data gathered from a network of honeypots deployed to gather actionable threat intelligence. In total, 42 million attacks were registered between January 1st and September 30th 2022, with 20 honeypots evenly distributed around the…

Read more →

Datadog, a cloud security company, reports that a recent CircleCI security incident exposed one of its RPM GPG signing keys and its passphrase. The business has yet to discover proof that this key has been compromised or misused. Datadog stated…

Read more →

Ensuring risk caused by third parties does not occur to your organization is becoming increasingly difficult. Every business outsources some aspects of its operations, and ensuring these external entities are a strength and not a weakness isn’t always a straightforward…

Read more →

More than 6,000 customers of NortonLifeLock have been informed that nefarious outsiders have probably accessed their accounts and may have even gotten to their password vaults. The letter informing customers of the data breach was published on the Vermont attorney…

Read more →

Global security & privacy leader Avast has uncovered that Pro-Russia hacktivist group NoName057(16) is conducting a campaign of Distributed Denial of Service (DDoS) attacks on Ukraine and NATO organisations, which began in the early days of the war in Ukraine. Targets have…

Read more →

The race in quantum cryptography is on and people from all walks of life whether academics, business or industrialists, are going to be affected by it. The centuries old approach of encryption still holds importance while communication channels has advanced…

Read more →

The bulk of Cacti servers that are accessible via the internet has not been updated to address a severe security flaw that was just patched and is currently being actively exploited. Censys, a platform for managing attack surfaces, reports that…

Read more →

Prestigious social media platform and the latest internet giant TikTok have received a warning for breaking cookie consent requirements. According to France’s data protection regulators, TikTok UK and TikTok Ireland have been fined over €5.4 million by France’s data protection…

Read more →

The United Nations is holding its first ever global cybercrime treaty this week. The 4th round of this hearing is scheduled this January from 9 – 20 January. The focus of the hearing is “state response to cybercrime ” and…

Read more →

Unknown attackers used a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks on government organizations and government-related targets, according to Fortinet. The exploited security issue (CVE-2022-42475) is a heap-based buffer overflow vulnerability found in the FortiOS SSLVPNd that allows…

Read more →

MetaMask, a cryptocurrency wallet provider, is alerting customers about a new fraud known as ‘Address Poisoning,’ which involves tricking users into sending payments to a scammer rather than the intended receiver. When MetaMask users send or receive cryptocurrency, the transaction…

Read more →

It has been reported that the Royal Mail, a primary postal service in the United Kingdom, has been hit by a cyber-incident. The company has advised customers to stop sending items overseas while it works to resolve the issue. In…

Read more →

In an unexpected turn of events, the Federal Aviation Administration (FAA) suspended all outgoing aircraft in the United States this morning. The cause of the grounding is currently unknown, with flights now resuming but with no clear explanation as to…

Read more →

It has been reported that the Royal Mail, a primary postal service in the United Kingdom, has been hit by a cyber-incident. The company has advised customers to stop sending items overseas while it works to resolve the issue. In…

Read more →

According to Comparitech’s worldwide ransomware tracker, 2022 saw a huge dip in the number of publicly-reported ransomware attacks. In 2022, 769 attacks were collated by the researchers, compared to 1,365 in 2021.  But that’s not to say hackers have been any…

Read more →

The recent cyber-attack on the San Francisco Transit Police Department (SFTP) has highlighted the critical need for robust cyber security measures in the public sector. The attack, which took place over the weekend, targeted the department’s computer systems. This resulted…

Read more →

As of late, Kubernetes clusters have been actively breached by the Kinsing malware, which exploits vulnerabilities in container images and misconfigured, exposed PostgreSQL containers. While not new, the Defender for Cloud team at Microsoft has noticed a spike in recent…

Read more →

In yet another DDoS attack on financial institutions, according to the Denmark central bank and an IT business that works with the financial sector. Hackers have disabled access to the websites of seven private banks in Denmark this week. Reports…

Read more →

Data Loss Prevention, or DLP, is a vital component of any business’s cybersecurity strategy. It is a set of technologies and processes that help prevent the unauthorized access, use, or transfer of sensitive or confidential data. This includes data stored…

Read more →

Data loss prevention (DLP) is a security strategy that aims to prevent unauthorized access, disclosure, modification, or destruction of sensitive data. Protecting sensitive data is crucial for maintaining data confidentiality, integrity, and availability and for upholding the trust of customers,…

Read more →

Custom Android apps are now being used by online drug and other illegal substance markets on the darknet to boost privacy and elude law enforcement. These apps enable customers of pharmacy stores to contact suppliers and give particular delivery instructions…

Read more →

The well-known JsonWebToken (JWT) open-source encryption project has a high-severity vulnerability (CVE-2022-23529) that attackers might exploit to get remote code execution (RCE) on a target encryption server. The JWT open standard outlines a process for securely sending data by encrypting…

Read more →

Organisations regularly invest in their information security management systems (ISMS). These investments are a cost-of-business and cover the basics of fulfilling regulatory, compliance and certification requirements. However, most organisations implement ISMS based on the ISO framework, creating policies and documentation…

Read more →

Text-to-SQL models are a type of artificial intelligence (AI) used in database applications to facilitate communication between humans and database systems. These models use natural language processing (NLP) techniques to translate human questions into SQL queries, allowing users to interact…

Read more →

A skillfully designed website for the Pokemon NFT card game is being used by threat actors to disseminate the NetSupport remote access tool and commandeer victims’ devices. The “pokemon-go[.]io” website, which is still active as of this writing, advertises a…

Read more →

Six dangerous packages were discovered on PyPI, the Python Package Index, that used Cloudflare Tunnel to get over firewall constraints for remote access while also installing data-stealing and RAT (remote access trojan) malware. The malicious packages try to run shell…

Read more →

With the intention of building supply chain attacks, malicious extensions could be uploaded using a new attack vector that targets the Visual Studio Code extensions marketplace. According to Ilay Goldman, a security researcher at Aqua, the method “may operate as…

Read more →

“Generative AI refers to artificial intelligence systems that are capable of generating new content, such as text, images, or audio….One potential risk is related to intellectual property. Generative AI systems may be able to create original works that are difficult…

Read more →

Private information about young students was posted online as a result of a cyberattack that targeted schools across the nation. A major cyber-attack that affected 14 UK schools led to the disclosure of private student records. Hackers exposed staff contracts…

Read more →

The Wabtec Corporation has finally provided information regarding a data security breach that occurred last year and resulted in the compromise of extremely sensitive personal data. The $8 billion company was the victim of a ransomware attack that was first…

Read more →

Users of one of the leading business communication and collaboration platforms, Slack, have been warned that hackers have stolen several of its private source code repositories. At the same time, Slack insists the damage is minimal. Slack revealed the incident…

Read more →

In a recent report, web application security researcher Sam Curry revealed serious vulnerabilities in the API (application programming interfaces) endpoints of cars from 15+ major manufacturers. These vulnerabilities allow hackers to remotely access vehicle telematics systems, activate horns and lights,…

Read more →

A well-known hacker site allegedly dumped a database containing the email addresses of over 235 million Twitter users and is being sold for roughly $200,000. According to a cyber intelligence company, this data leak has the potential to rank among…

Read more →

Five Guys Enterprises LLC, a chain of burger restaurants, has reported a data breach that led to the loss of personally identifiable information from job applications. The information was provided in a form letter dated December 29 that was submitted…

Read more →

The National Health Service (NHS) is the most impersonated UK government organization in scams, according to a recent report. This is concerning news, as scams targeting the NHS can have serious consequences for individuals and the NHS as a whole.…

Read more →

As artificial intelligence (AI) becomes more prevalent in our daily lives, it’s essential to consider new technologies’ potential risks and benefits. One such example is ChatGPT, a popular new AI chatbot that has gained significant popularity in a short period…

Read more →

For over a year, Chinese overseas students in the United Kingdom have been targeted by persistent Chinese-speaking scammers as part of an operation known as RedZei (aka RedThief). “The RedZei scammers meticulously select their targets, analyze them, and know it…

Read more →

Identity and access governance is a crucial aspect of any organization’s security strategy. It involves the management of user identities and the control of access to systems and resources. Proper identity and access governance can help prevent unauthorized access, protect…

Read more →

As a website owner, it is essential to prioritize the security of your WordPress website. Cyberattacks and hacking attempts can compromise sensitive information, disrupt your website’s functionality, and damage your online reputation. To protect your website and your business, it…

Read more →

As a website owner, it is essential to prioritize the security of your WordPress website. Cyberattacks and hacking attempts can compromise sensitive information, disrupt your website’s functionality, and damage your online reputation. To protect your website and your business, it…

Read more →

LAHORE, Pakistan – The official YouTube channel of the Pakistan Cricket Board (PCB) was hacked on Tuesday, causing great panic among the board’s officials and its 4.4 million subscribers. The hackers not only changed the channel’s logo but also renamed…

Read more →

LAHORE, Pakistan – The official YouTube channel of the Pakistan Cricket Board (PCB) was hacked on Tuesday, causing great panic among the board’s officials and its 4.4 million subscribers. The hackers not only changed the channel’s logo but also renamed…

Read more →

Fahmi Fadzil, Malaysian Communications and Digital Minister, has launched an investigation into an alleged significant data breach impacting over 13 million individuals. Fadzil directed the national cyber security to investigate and take legal action if there is a data leak…

Read more →

A new strain of Linux malware is targeting WordPress sites and exploiting vulnerabilities in over two dozen plugins and themes to compromise systems. Russian security firm Doctor Web discovered the malware, which has been tracked as Linux.BackDoor.WordPressExploit.1. It targets both…

Read more →

The states of Indiana and the District of Columbia in the U.S. have settled claims against Google for its location monitoring tactics, with Google agreeing to pay a total of $29.5 million to resolve the cases. The District of Columbia…

Read more →

Identity and access governance (IAG) is a critical component of modern organizations, as it helps manage users’ identities and access various resources and systems. IAG encompasses a range of processes and technologies that help to ensure that only authorized users…

Read more →

Identity and access governance (IAG) is a critical component of modern organizations, as it helps manage users’ identities and access various resources and systems. IAG encompasses a range of processes and technologies that help to ensure that only authorized users…

Read more →