The Cybernews research team discovered that Canadian Flair Airlines left credentials to sensitive databases and email addresses exposed for at least seven months, increasing the risk of passengers' information, such as emails, names, and addresses, being accessed by malicious actors. The leak involved publicly accessible environment files hosted on flyflair[.]com, which belongs to the Canadian ultra-low-cost carrier Flair Airlines.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released the new Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management (SCRM) product from the Information and Communications Technology (ICT) SCRM Task Force. The HBOM Framework provides a uniform and repeatable method for vendors and purchasers to communicate about hardware components, facilitating effective risk assessment and mitigation throughout the supply chain.

AtlasCross, a new Advanced Persistent Threat (APT) hacking group, uses phishing lures that impersonate the American Red Cross to deliver backdoor malware to organizations. The cybersecurity company NSFocus, has discovered two previously undocumented Trojans named DangerAds and AtlasAgent, which are linked to attacks launched by the new APT group. According to NSFocus, the AtlasCross hackers are sophisticated and evasive, making it difficult for researchers to determine their origin. This article continues to discuss findings and observations regarding the AtlasCross APT hacking group.

ShadowSyndicate, formerly known as Infra Storm, may have used as many as seven different ransomware families over the course of the past year, according to cybersecurity experts. A new report by Group-IB and Bridewell says the threat actor collaborates with multiple ransomware groups and affiliates.

The cybercriminals behind Xenomorph, a sophisticated Android banking Trojan that has been actively targeting European users for over a year, have recently shifted their focus to customers of more than two dozen US banks. Customers of major financial institutions such as Chase, Amex, Ally, Citi Mobile, Citizens Bank, Bank of America, and Discover Mobile are now in the threat actor's sights. ThreatFabric researchers discovered that new malware samples contain additional features that target multiple cryptocurrency wallets, including Bitcoin, Binance, and Coinbase.

The number of organizations impacted by Cl0p via vulnerable MOVEit installations has surpassed 2,000, and the number of individuals affected has exceeded 60 million. Most victim organizations are US-based. According to Emsisoft researchers, finance and education are the most significantly affected industries, accounting for 13.8 percent and 51.1 percent of incidents, respectively. KonBriefing Research, an Information Technology (IT) market research company, reveals similar numbers and links to many companies' data breach notification alerts.

Sony has recently announced that it has launched an investigation after a cybercrime group claimed to have compromised the company's systems, offering to sell stolen data.  The probe was launched after a relatively new ransomware group named RansomedVC listed Sony on its Tor-based website, claiming to have compromised all Sony systems.

According to security researchers at Keeper Security, fear, ignorance, and forgetfulness are some of the reasons for widespread shortcomings in reporting cyberattacks and breaches, both internally and externally.  During the study, the researchers found that despite cyberattacks being top of mind for IT and security leaders, 40% of them said they had experienced one, and 74% admitted they were concerned about a future “cybersecurity disaster” impacting their organization.

Northeastern University professor of engineering and computer science Kevin Fu, who specializes in discovering and exploiting new technologies, figured out how to make self-driving cars hallucinate. Fu hopes to get ahead of how hackers could exploit these technologies by exploring a new type of cyberattack, which is an "acoustic adversarial" form of Machine Learning (ML) that he and his team have dubbed Poltergeist attacks. This article continues to discuss Poltergeist attacks aimed at making self-driving cars hallucinate. 

New research explores user perceptions of mobile device security and provides recommendations for users and manufacturers of such devices. A team of researchers at North-West University (NWU) in Mahikeng, South Africa, reveals findings regarding the awareness of mobile security issues of students in the region. A survey of 142 students at NWU showed that some students incorrectly believe mobile phones are inherently secure. Others are unaware that these devices can be less secure than desktop or laptop computers.