Category: Information Security Buzz

WH Smith reports a cyberattack and claims that employee data was accessed. Attackers were able to obtain the company’s data during a cybersecurity breach, according to WH Smith, which was the target of the intrusion. The store reported that information…

Read more →

Researchers from the cybersecurity company ESET in Slovakia have discovered that a UEFI bootkit known as BlackLotus is capable of getting beyond UEFI Secure Boot, a crucial platform security feature. The researchers discovered that BlackLotus makes use of an outdated…

Read more →

Chick-fil-A, an American fast food company, has acknowledged that consumers’ accounts were compromised in a months-long credential stuffing assault, giving threat actors access to personal data and the ability to use saved reward balances. Chick-fil-A started looking into what it…

Read more →

On Thursday, the White House instituted its National Cyber Strategy, which serves as a roadmap for how the Biden administration plans to protect the United States from dangers online. The strategy would transfer responsibility for cybersecurity from people and small…

Read more →

Trezor wallet is involved in an ongoing phishing attack that attempts to steal a target’s cryptocurrency wallet and assets by impersonating Trezor data breach alerts. Trezor is a cryptocurrency wallet that allows users to keep their cryptocurrency offline as opposed…

Read more →

A public transit company ‘Pierce Transit’ operating in sections of Washington state, believed some of its systems were affected by a ransomware attack two weeks ago. The ransomware attack began on February 14 and required Pierce Transit to implement temporary…

Read more →

According to cybersecurity company eSentire, six law firms were the targets of distinct GootLoader and SocGholish malware attacks in January and February 2023. The first effort, which targeted employees of legal firms, sought to infect victims’ machines with GootLoader, a…

Read more →

After testing the functionality in late 2022, Google has now made client-side encryption (CSE) for Gmail and Calendar generally available. According to Google’s Ganesh Chilakapati and Andy Wen, the data privacy restrictions allow “even more businesses to take charge of…

Read more →

A free MortalKombat ransomware decryptor has been made available by cybersecurity company Bitdefender in order to prevent victims from having to pay a ransom to regain their files. The publication of a viable decryptor for the particular strain came shortly…

Read more →

The theft of private law enforcement data is being looked into by the U.S. Marshals Service (USMS) as a result of a ransomware attack that hit “a stand-alone USMS system,” according to the USMS. The Justice Department’s USMS bureau supports…

Read more →

Following the discovery of 91 million threats over the course of 28 days in January, security experts have warned that remote employees in the capital of the UK are under constant cyberattacks. In order to determine the extent of cyber-threat…

Read more →

LastPass DevOps engineers were compromised because they had access to the decryption keys. LastPass detailed an “organized second attack” in which a threat actor took data from Amazon AWS cloud storage servers for two months. Threat actors obtained partially encrypted…

Read more →

Anonymous Sudan’s DDoS strikes took down nine Danish hospitals’ websites on Sunday evening. Copenhagen’s health authority tweeted that hospital care was unaffected by the attacks despite hospital websites being down. “A couple of hours” later, the sites were back online.…

Read more →

The importance of cybersecurity has never been higher than it is in the current digital era. The threat of online thieves and cyberattacks increases as technology develops and penetrates more aspects of our daily lives. The need for cybersecurity experts…

Read more →

The websites and apps of Dish Network, a leading American TV company and satellite broadcaster, have unexpectedly stopped working for the past 24 hours. According to customers, the company’s call center phone numbers appear to be unavailable. A number of…

Read more →

A new malware campaign called S1deload Stealer has been discovered by Bitdefender’s Advanced Threat Control (ATC) team, targeting YouTube and Facebook users. The malware infects computers, hijacks social media accounts, and uses devices to mine cryptocurrency. Security researchers discovered that…

Read more →

Dutch police detained three individuals on suspicion of hacking into businesses’ computer systems, extorting their management, issuing threats, and dealing in stolen data. The criminals allegedly damaged property worth millions of euros. Tens of millions of people’s private information was…

Read more →

One of the world’s biggest growers and distributors of fresh food, Dole Food Company, has disclosed that a ransomware attack has affected its business. There is now little information available, and the business is looking into “the scope of the…

Read more →

E.U. bans TikTok; the executive body of the European Union announced on Thursday that TikTok had been temporarily removed from employee phones as a cybersecurity precaution. Reflecting growing concerns from Western officials about the Chinese-owned video-sharing app. The use of…

Read more →

With the Vulnerability Reward Program, Google last year awarded its highest bug bounty ever for an important exploit chain disclosure that the business valued at $605,000. For a total of more than 2,900 vulnerabilities in its products that security researchers…

Read more →

Most of the thousands of systems that MyloBot has seized control of are in Iran, India, the US, Indonesia, and Indonesia. A high of 250,000 unique hosts was reached in 2020. However, new research from BitSight claims that “more than…

Read more →

Hydrochasma, a threat actor that no one knew about before, has been going after shipping and medical labs that work on COVID-19 vaccine development and treatments. The hackers’ goal seems to be to steal intelligence, and threat hunters at Symantec,…

Read more →

Cybersecurity remains a continual battle, with data breaches occurring at PayPal and T-Mobile in the first month of 2023 alone. To combat this challenge, businesses can strengthen their security posture by looking to reinforce their data encryption measures. In most…

Read more →

On Monday, the U.S. Department of Defense shut down a server that had been leaking private emails from the American military to the public internet for the previous two weeks. The exposed server was housed on a Department of Defense…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Information Security Buzz Read the original article: Trellix Finds LockBit Ransomware Gang Most Apt To Leak Stolen…

Read more →

Several websites that were broadcasting President Putin’s speech in the state of the nation address on Tuesday were reportedly taken down by a suspected distributed denial of service (DDoS) attack. During the address, the All-Russia State Television and Radio Broadcasting…

Read more →

Activision has confirmed that it had a data breach at the beginning of December 2022. Hackers got into the company’s internal systems by sending an SMS phishing text to a worker and getting them to click on a link. The…

Read more →

A phone call from a con artist was made to one of the employees who had fallen for the fraud after the SMS phishing attempt (also known as “smishing”). The largest bitcoin exchange on the planet, Coinbase, has disclosed a…

Read more →

To protect Galaxy smartphone users from so-called “zero-click” exploits that use malicious picture files, Samsung has created a new security solution called Samsung Message Guard. According to the Korean tech giant, its new security system will be able to identify…

Read more →

Although the RailYatri attack occurred in December 2022, the stolen data was only recently made public on a well-known hacker forum. In addition to exposing personal information, the RailYatri hack revealed the locations of millions of travelers throughout India. A…

Read more →

The Lazarus Group stole cryptocurrencies worth 60 million NOK (about $5.84 million) in March 2022 as a result of the Axie Infinity Ronin Bridge hack, according to a statement from the Norwegian police agency Økokrim. The agency stated in a…

Read more →

The Lazarus Group stole cryptocurrencies worth 60 million NOK (about $5.84 million) in March 2022 as a result of the Axie Infinity Ronin Bridge hack, according to a statement from the Norwegian police agency Økokrim. The agency stated in a…

Read more →

Twitter has stated that it will no longer enable SMS two-factor authentication unless you have a Twitter Blue subscription. However, there are multi-factor authentication alternatives that are more secure, which we outline below. Twitter said this week that non-Twitter Blue…

Read more →

GoDaddy, a major provider of web hosting services, claims that a multi-year attack on its cPanel shared hosting environment resulted in a breach where unidentified attackers took source code and put malware on its servers. Even though the attackers had…

Read more →

The APT37 threat group targets people for intelligence gathering using the new elusive “M2RAT” malware and steganography. North Korea’s APT37, sometimes referred to as “RedEyes” or “ScarCruft,” is a hacker collective thought to be funded by the government. The hacker…

Read more →

According to reports, the FBI is looking into harmful online behavior on the network of the agency. The federal law enforcement organization claims to have already stopped the “isolated occurrence” and is investigating its full extent and overall effects. The…

Read more →

Atlassian has confirmed that its network and client data are secure and that a recent data leak at a third-party vendor was the result of a compromise. Cyberscoop was the first to reveal that a hacker organization by the name…

Read more →

According to a new study, the FatalRAT malware, which spreads via bogus websites for well-known apps, targets Chinese-speaking people. FatalRat malware, which was first identified in August 2021, has the ability to record keystrokes, alter the screen resolution of a…

Read more →

Blockchain analysts have uncovered evidence that North Korean hackers have found a way to get around U.S. sanctions to launder the bitcoin gains from their heists. Through a single crypto-mixing business named Sinbad, The Lazarus Group, as the threat actor…

Read more →

Cloudflare thwarted the largest volumetric distributed denial-of-service (DDoS) attempt ever this past weekend. The company reported that it had stopped dozens of hyper-volumetric DDoS attempts over the weekend that had been directed at its clients. The most extraordinary attack exceeded…

Read more →

A cyberattack against Scandinavian Airlines was reported, and “Anonymous Sudan” took credit. On Tuesday, a hack against Scandinavian Airlines (SAS) caused its website to go down and revealed some customer information. Customers who sought to log onto the SAS mobile…

Read more →

ESXiArgs ransomware assaults have recently affected hundreds of different systems, but it’s still not known which vulnerability is being used. The number of ESXiArgs ransomware assaults has increased recently, but it’s still unclear exactly which vulnerability threat actors are utilizing.…

Read more →

Because of the effects of a ransomware assault that required the City to shut down all of its IT systems on February 8, the City of Oakland has declared a local state of emergency. G. Harold Duffey, the interim city…

Read more →

Beep 4 was discovered last week, a brand-new stealthy virus with several capabilities to avoid analysis and detection by security tools. After a flurry of samples were posted to VirusTotal, an internet portal for file scanning and harmful content identification,…

Read more →

Organizations in the Philippines, Turkey, the Philippines, and the United Kingdom have recently been affected by MortalKombat, a new ransomware that cybersecurity experts are pointing out. Using MortalKombat and a brand-new piece of malware called Laplas Clipper, researchers from Cisco’s…

Read more →

The APT37 threat group targets people for intelligence gathering using the new elusive “M2RAT” malware and steganography. North Korea’s APT37, sometimes referred to as “RedEyes” or “ScarCruft,” is a hacker collective thought to be funded by the government. The hacker…

Read more →

Preventing data breaches and other cyberattacks is paramount in today’s digital world. Members of the BlueTeam are security experts tasked with finding and fixing vulnerabilities before they cause damage to an organization. Every cybersecurity team needs access to a variety…

Read more →

Blockchain analysts have uncovered evidence that North Korean hackers have found a way to get around U.S. sanctions to launder the bitcoin gains from their heists. Through a single crypto-mixing business named Sinbad, The Lazarus Group, as the threat actor…

Read more →

Cloudflare thwarted the largest volumetric distributed denial-of-service (DDoS) attempt ever this past weekend. The company reported that it had stopped dozens of hyper-volumetric DDoS attempts over the weekend that had been directed at its clients. The most extraordinary attack exceeded…

Read more →

Following a network intrusion in which information-stealing malware was installed, and data was extracted, Pepsi Bottling Ventures LLC, one of the largest bottlers of Pepsi-Cola beverages in the United States, experienced a data breach. Although the security lapse occurred on…

Read more →

In June 2022, the advanced persistent threat (APT) actor Tonto Team attempted to target the cybersecurity firm Group-IB but was unsuccessful. The business, with its headquarters in Singapore, claimed to have identified and stopped emails the group sent to trick…

Read more →

A Sunday night email hack at domain registrar Namecheap resulted in a deluge of DHL and MetaMask phishing emails that sought to steal the recipients’ personal information and bitcoin wallets. The phishing attacks began at 4:30 PM ET and came…

Read more →

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released new cybersecurity advice that details recent tactics, methods, and procedures (TTPs) associated with North Korean ransomware attacks against public health and other critical infrastructure sectors. The report was produced jointly…

Read more →

APIs continue to play an integral role in the software development industry, paving the way for better software integration and allowing for a more seamless user experience, and transfer of data, vital or otherwise, from one server to another, or…

Read more →

The largest chain of bookstores in Canada, Indigo Books & Music, was the victim of a hack yesterday, forcing the business to restrict online payments to cash and shut down its website for customers. Although the precise nature of the…

Read more →

On Sunday night, the popular social platform Reddit was the victim of a cyberattack that granted hackers access to its internal business systems and provided them the chance to obtain sensitive data and source code. The company claims that the…

Read more →

Researchers revealed on Wednesday that hackers had found a means to get beyond ChatGPT’s limitations and are using it to market services that let users produce malware and phishing emails. ChatGPT is a chatbot that imitates human output by using…

Read more →

There is evidence that hackers with ties to Russia are using new software designed to steal information to launch attacks against Ukraine. This malware, discovered by the Computer Emergency Response Team of Ukraine (CERT-UA) and dubbed Graphiron by Broadcom-owned Symantec,…

Read more →

A data breach at the Weee! Asian and Hispanic meal delivery business exposed the private data of 1.1 million clients. Weee! bills itself as the most prominent Asian and Hispanic supermarket in North America, shipping groceries to all 48 states…

Read more →

Vulnerability scanning is the process of using automated tools to identify potential security weaknesses and vulnerabilities in an organization’s infrastructure. It is an essential step in maintaining the security of a system as it helps identify any potential points of…

Read more →

The digital age is engulfed with the issue of data privacy. With more personal data exchanged online, organizations need to have a plan in place to protect sensitive data. In this article, we’ll outline the steps that organizations can take…

Read more →

Security specialists have discovered four malicious Dota 2 game modes that a threat actor used to backdoor the players’ systems. Avast Threat Labs researchers discovered that the unidentified attacker built four game modes for the wildly played Dota 2 multiplayer…

Read more →

According to crowdsourced data examined by CNN, a new worldwide ransomware campaign has affected at least 3,800 people, including hundreds in the US, triggering warnings from European and US cybersecurity experts. However, according to “Ransomwhere,” a network created by cybersecurity…

Read more →

APIs continue to play an integral role in the software development industry, paving the way for better software integration and allowing for a more seamless user experience, and transfer of data, vital or otherwise, from one server to another, or…

Read more →

Since ChatGPT’s inception in November of last year, it has experienced phenomenal growth in popularity. This growth has finally impacted Google, as it just unveiled Bard as a ChatGPT rival and alternative. Bard is now exclusively accessible to “trusted testers,”…

Read more →

 Abnormal Security, the leading behavioral AI-based security platform, today released its H1 2023 Email Threat Report, which examines recent developments in the email threat environment and focuses on the growing risk employees pose to an organization’s cybersecurity. The latest Abnormal research…

Read more →

The Ukrainian CERT-UA (Computer Emergency Response Team) has issued a warning about potential cyberattacks against Ukrainian governmental institutions using the authorized remote access program Remcos. The agency has identified the threat actor behind the widespread phishing campaign as UAC-0050 and…

Read more →

After a massive wave of raids across Europe last week, Law enforcement has shut down an encrypted messaging service that has been on their radar since a raid on an old NATO bunker in 2019. 48 individuals that were users…

Read more →

Electronic billboards in Moscow attracted the attention of locals and Russian media over the weekend. The large signs had the words “Come to me if you’re looking for the greatest” and a picture of a woman wearing a futuristic mask.…

Read more →

Using illegal means, the Russian government has been spying on its citizens, according to 128 GB of information leaked by Caxxii, a hacktivist group affiliated with Anonymous. The biggest Russian internet provider Convex provided the hacktivist group Anonymous with 128…

Read more →

In order to propagate the ESXiArgs ransomware, attackers actively target VMware ESXi servers that have not yet gotten a patch for a two-year-old remote code execution vulnerability, according to administrators, hosting firms, with the French Computer Emergency Response Team (CERT-FR).…

Read more →

Dingo Token has been reported as a possible scam by IT security firm Check Point security researchers after discovering a feature that lets the project’s owner manipulate trading fees up to 99% of the transaction value. Check Point analysts observed…

Read more →

Digital Rights Management (DRM) systems are a crucial tool for protecting digital content from unauthorized access or reproduction. Whether you’re a content creator looking to protect your intellectual property or a business looking to protect revenue streams, DRM is an…

Read more →

The internet and phone service available in Bermuda was hampered by a major power outage that began on Friday evening. The government encouraged consumers as personnel attempted to restore service around the clock; they advised customers to “unplug all critical…

Read more →

Since the beginning of 2020, romance fraud has caused consumer retail banks to lose 95% more money, according to data released by TSB, as part of a campaign to bring attention to the problem. In a report released today, the…

Read more →

Following an attack on a firm that is crucial to the British financial system by a ransomware group with Russian ties, trading in the City of London has fallen into disarray. A top official in the US Treasury Department said…

Read more →

Since September 2021, about a thousand Redis servers have been infected by new stealthy malware meant to hunt down unprotected Redis servers online and create a botnet that mines for the Monero cryptocurrency. The malware, nicknamed HeadCrab by Aqua Security experts Nitzan…

Read more →

BlackBerry Limited (NYSE: BB; TSX: BB) today released new research revealing that the majority (76%) of UK IT leaders believe that foreign states are already using ChatGPT for malicious purposes against other nations, with almost half (48%) predicting that we are…

Read more →

Hacker gangs frequently run like businesses; they have staff, clients, and working hours. They often employ the same strategies as legitimate tech companies and startups to find fresh individuals with improved skill sets to compete in a rising industry. The…

Read more →

The world has become increasingly digital, and with that, it has also become more vulnerable to scams and fraudulent activities. One such scam is deep fake scams. Deepfake technology has been around for a few years and has been making…

Read more →

In an ongoing cyber espionage campaign that uses a new backdoor to exfiltrate data, the Iranian nation-state hacker group OilRig has continued to target Middle Eastern governments. Researchers at Trend Micro, Mohamed Fahmy, Sherif Magdy, and Mahmoud Zohdy, explained that…

Read more →

Data privacy is an increasingly important concern for individuals, businesses, and governments worldwide. With the rapid expansion of digital technology and the internet, sensitive information is more vulnerable than ever to unauthorized access, theft, and misuse. As a result, organizations…

Read more →

Over twenty thousand of QNAP network-attached storage (NAS) units are awaiting a patch to fix a serious security hole that was fixed on Monday by the Taiwanese business. This SQL injection vulnerability (CVE-2022-27596) allows remote threat actors to insert malicious…

Read more →

An authenticated attacker could use a high-severity format string vulnerability in BIG-IP to cause a denial-of-service (DoS) condition and possibly execute arbitrary code, according to a warning from F5. The security flaw, identified as CVE-2023-22374, affects iControl SOAP, an open…

Read more →

A cyberattack took down over a dozen US hospitals’ websites on Monday morning, which is being blamed on Russian hackers. A pro-Russian organization called Killnet claims to have taken down the websites of 14 US hospitals through distributed denial of…

Read more →

Porsche stopped making a new NFT line because of weak sales and criticism from the cryptocurrency community, which gave threat actors the opportunity to fill the gap by building phishing websites that steal cryptocurrency wallet users’ digital assets. Non-fungible tokens…

Read more →

Since the beginning of 2020, romance fraud has caused consumer retail banks to lose 95% more money, according to data released by TSB, as part of a campaign to bring attention to the problem. In a report released today, the…

Read more →

Since September 2021, about a thousand Redis servers have been infected by new stealthy malware meant to hunt down unprotected Redis servers online and create a botnet that mines for the Monero cryptocurrency. The malware, nicknamed HeadCrab by Aqua Security experts Nitzan…

Read more →

Following an attack on a firm that is crucial to the British financial system by a ransomware group with Russian ties, trading in the City of London has fallen into disarray. A top official in the US Treasury Department said…

Read more →

BlackBerry Limited (NYSE: BB; TSX: BB) today released new research revealing that the majority (76%) of UK IT leaders believe that foreign states are already using ChatGPT for malicious purposes against other nations, with almost half (48%) predicting that we are…

Read more →

Hacker gangs frequently run like businesses; they have staff, clients, and working hours. They often employ the same strategies as legitimate tech companies and startups to find fresh individuals with improved skill sets to compete in a rising industry. The…

Read more →

The world has become increasingly digital, and with that, it has also become more vulnerable to scams and fraudulent activities. One such scam is deep fake scams. Deepfake technology has been around for a few years and has been making…

Read more →

Over twenty thousand of QNAP network-attached storage (NAS) units are awaiting a patch to fix a serious security hole that was fixed on Monday by the Taiwanese business. This SQL injection vulnerability (CVE-2022-27596) allows remote threat actors to insert malicious…

Read more →

Data privacy is an increasingly important concern for individuals, businesses, and governments worldwide. With the rapid expansion of digital technology and the internet, sensitive information is more vulnerable than ever to unauthorized access, theft, and misuse. As a result, organizations…

Read more →

A cyberattack took down over a dozen US hospitals’ websites on Monday morning, which is being blamed on Russian hackers. A pro-Russian organization called Killnet claims to have taken down the websites of 14 US hospitals through distributed denial of…

Read more →

Porsche stopped making a new NFT line because of weak sales and criticism from the cryptocurrency community, which gave threat actors the opportunity to fill the gap by building phishing websites that steal cryptocurrency wallet users’ digital assets. Non-fungible tokens…

Read more →

A researcher has revealed the specifics of a 2FA bypass issue affecting Instagram and Facebook. A researcher has revealed the specifics of a two-factor authentication (2FA) flaw for which Facebook parent company Meta offered him a $27,000 bug bounty. In…

Read more →

Cybersecurity is an ever-evolving field and with the increasing number of cyber-attacks and data breaches. It has become crucial for organizations and individuals to be aware of the tools available to protect their online presence. With the advancement of technology,…

Read more →

Schools are a major target for malicious cybersecurity events and ransomware attacks. One reason is they sometimes need more resources or preparation to handle cybercriminal activity. Ransomware events negatively impact a school’s finances, parents, faculty and students. Why Are Schools…

Read more →

JD Sports has issued a warning that a cyberattack that affected the company may have exposed the personal information of roughly 10 million customers, including personal contact information, such as phone and email addresses. The hack may have affected customers…

Read more →