Firstmac Limited just started warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm. Firstmac is a significant player in Australia's financial services industry, focusing primarily on mortgage lending, investment management, and securitization services. The company is headquartered in Brisbane, Queensland, and employs 460 people. The firm has issued 100,000 home loans and currently manages $15 billion in mortgages.

Threat actors have been conducting Domain Name System (DNS) tunneling to track when targets open phishing emails and click on malicious links. They are also applying the method to scan networks for vulnerabilities.

Cyberattackers launching "Mallox" ransomware, also known as "Fargo," "TargetCompany," and "Mawahelper" have applied sophisticated methods, as shown by a recent Microsoft SQL (MS-SQL) honeypot incident. The Sekoia research team's honeypot was attacked by an intrusion set involving brute-force methods to deploy Mallox via PureCrypter, exploiting MS-SQL vulnerabilities. This article continues to discuss findings regarding the deployment of Mallox ransomware. 

A recent data breach faced by the Debt collection agency Financial Business and Consumer Solutions (FBCS) compromised the personal information of almost 2.7 million people. In an update to a filing with the Maine Attorney General's Office, FBCS revealed the identification of an additional 724,000 individuals affected by the breach, increasing the estimated impact to 2,679,555 people. This article continues to discuss new findings regarding the FBCS breach.

Security researchers at Security Research (SR) Labs have warned online shoppers to be on their guard after revealing news of an extensive network of fake e-commerce stores designed to steal victims’ card details and cash. Operated primarily from China, the researchers noted that the BogusBazaar network has processed over one million orders since 2021. The researchers estimated that over 850,000 shoppers have already fallen victim, mostly from Western Europe and the US.

Several vulnerabilities in cellular modem technology impact millions of Internet of Things (IoT) devices in financial services, telecommunications, healthcare, and other sectors. Telit Cinterion modems have Remote Code Execution (RCE) flaws. The most severe is a memory heap overflow vulnerability that lets remote attackers execute arbitrary code via SMS on affected devices. This article continues to discuss the vulnerabilities found in widely deployed Telit Cinterion modems.

A well-known threat actor is starting to sell what they claim to be a legitimate trove of highly sensitive internal data stolen from Europol this month. "IntelBroker" recently took to the hacking site BreachForums to advertise their wares. IntelBroker claimed that in May 2024, Europol suffered a data breach that led to the exposure of FOUO and classified data.

According to a Joint Cybersecurity Advisory (CSA) issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), the Black Basta ransomware group and its affiliates compromised hundreds of organizations worldwide between April 2022 and May 2024. The advisory claims that Black Basta attacks have impacted more than 500 organizations in North America, Europe, and Australia.

Researchers from North Carolina State University have demonstrated a new tool called "VFCFinder" that analyzes open source software updates to determine which sections of code are being modified to address recently identified security vulnerabilities. VFCFinder should help programmers quickly and easily identify security updates needed to prevent vulnerabilities without making unnecessary changes. This article continues to discuss the research and benefits behind the VFCFinder tool.

Attackers can manipulate routing tables to bypass traffic meant for a Virtual Private Network (VPN) and redirect it to an untrusted local network using a technique called "TunnelVision." It involves the exploitation of a Dynamic Host Configuration Protocol (DHCP) design flaw. According to researchers at the Leviathan Security Group, this technique does not rely on exploiting VPN technologies or underlying protocols. Instead, it works entirely independently of the VPN provider or implementation.