Steel giant ThyssenKrupp recently announced that hackers breached systems in its Automotive division, forcing them to shut down IT systems as part of its response and containment effort.  ThyssenKrupp AG is one of the world's largest steel producers, employing over 100,000 personnel and having an annual revenue of over $44.4 billion (2022).  The firm is a crucial component of the global supply chain of products that use steel as a material across various sectors, including machinery, automotive, elevators and escalators, industrial engineering, renewable energy, and construction.

The National Security Agency (NSA), together with the UK National Cyber Security Centre (NCSC-UK) and other partners, has released a Cybersecurity Advisory (CSA) titled "SVR Cyber Actors Adapt Tactics for Initial Cloud Access." The CSA describes how Russia-based cyber actors are changing their tactics, techniques, and procedures (TTPs) to infiltrate and access intelligence in cloud environments. The cyber actors, known as APT29, Midnight Blizzard, the Dukes, or Cozy Bear, are believed to be linked to the Russian foreign intelligence service (SVR).

In an update on January 22, LoanDepot estimated the number of potentially impacted individuals at 16.6 million without providing details on the type of personal information that might have been compromised.  Recently, the mortgage giant revised those numbers and announced that 16.9 million individuals were, in fact, impacted and that it has started sending out notification letters to them.

U-Haul has recently notified tens of thousands of customers that their personal data was compromised in a breach last year. The truck and trailer rental giant confirmed that 67,000 US and Canadian customers were impacted by the incident, which took place between July 20 and October 2 last year. The company says that it learned on December 5, 2023, that legitimate credentials were used by an unauthorized party to access a system U-Haul Dealers and Team Members use to track customer reservations and view customer records.

A new study introduces novel security schemes to address the growing security challenges with the Internet of Vehicles (IoV). The goal is to improve connected vehicles' integrity and resilience as smart technologies continue evolving to give vehicles greater autonomy and connectivity. Any connectivity involves security risks such as authentication breaches, data confidentiality breaches, and routing attacks, so the IoV must be made secure.

A new study titled "Post Hoc Security and Privacy Concerns in Mobile Apps: The Moderating Roles of Mobile Apps' Features and Providers" delves into how users' privacy and security concerns affect app usage, as well as whether elements such as privacy policies reduce these concerns. As talks regarding data leakage and mobile app security rise, users have become increasingly concerned about the level of privacy and security that mobile apps can provide. This article continues to discuss key findings and points from the study.

According to a new X-Force Threat Intelligence Index report, cyberattackers have shifted their focus from phishing to abusing valid accounts. Last year, X-Force, IBM's security research team, noticed cyberattackers increasingly targeting people's identities. For the first time, attacks using valid credentials made up nearly one-third of all incidents brought to X-Force's attention. This article continues to discuss cyberattackers increasingly abusing valid accounts.

A package on the Python Package Index (PyPI) repository has been updated after two years to spread Nova Sentinel, an information-stealing malware. According to the software supply chain security company Phylum, the package was first published to PyPI in April 2022. The company detected an anomalous update to the library on February 21, 2024. Although the linked GitHub repository has not been updated since April 10, 2022, a malicious update suggests that the developer's PyPI account has been compromised.