News
-
"Culprit Behind Twilio Hack Traced to Earlier Vishing Attack That Nabbed Employee Credentials"Further investigation into an August smishing attack on Twilio has revealed a link to a previous vishing attack (voice phishing) attack. The malicious actor behind the August Twilio hack appears to have also hit the company in June in a separate incident…
-
"Private Conversations Between ADF Members at Risk Due to Cyberattack on Australian Defense Contractor"A ransomware attack may have exposed up to 40,000 records of private communications between current and former Australian defense force members. Data from a communications network called ForceNet may have been stolen as a result of an attack on an…
-
"Yanluowang Ransomware Leaks Suggest Pseudo Chinese Persona, REvil Links"Leaked chat data from the Yanluowang ransomware organization reveals a fake Chinese persona and possible connections to other ransomware organizations. Although Yanluowang is named after the Chinese and Buddhist mythological figure Yanluo Wang, chat data…
-
"White House Hosts International Summit Aimed At Thwarting Ransomware"The White House has hosted a global ransomware summit to combat the threat of ransomware. The International Counter Ransomware Summit includes 36 participating countries and technology companies, including Microsoft, Siemens, Mandiant, and more.…
-
"New Gangs and New Tactics Mean More Victims of Ransomware"According to the latest 2022 Bi-Annual Cyber Threat Report from Deep Instinct, ransomware actors have been forming affiliate gangs and employing new tactics to draw more victims. The report reveals changes in ransomware gangs such as LockBit, Hive,…
-
"US Agencies Issue Guidance on Responding to DDoS Attacks"The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have recently released joint guidance for responding to distributed denial-of-…
-
"FTC Orders Chegg to Improve Security Following Multiple Data Breaches"The Federal Trade Commission (FTC) recently announced that it has reached an agreement with education technology provider Chegg over the company’s cybersecurity failures leading to several data breaches. Chegg is based in California and provides…
-
"ESF Partners, NSA, and CISA Release Software Supply Chain Guidance for Suppliers"The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and Office of the Director of National Intelligence (ODNI) have released Securing the Software Supply Chain: Recommended Practices Guide for Suppliers. The…
-
"Researchers: 'CosMiss' Vulnerability Affecting Microsoft Azure Cosmos DB Could Give Attacker RCE Privileges"Researchers at Orca Security discovered a critical vulnerability in Azure Cosmos DB, a Microsoft-owned NoSQL database used for app development, in which authentication checks were missing from Cosmos DB Notebooks. According to the researchers, the "…
-
"Samsung Galaxy Store Flaw Could Have Allowed Installing Malicious Apps on Target Devices"A now-patched vulnerability in Samsung's Galaxy Store app could have resulted in remote command execution on affected phones. The flaw is a cross-site scripting (XSS) bug that can be triggered when certain deep links are handled. The flaw affected Galaxy…
-
"Bed Bath & Beyond Investigating Data Breach After Employee Falls for Phishing Attack"Bed Bath & Beyond recently revealed in an SEC filing that it suffered a data breach after an employee fell victim to a phishing attack. The retailer has only shared a few details as the investigation is ongoing. The company stated that it…
-
"OT/ICS Cybersecurity Threats Remain High"Organizations' security postures have significantly matured in response to Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity threats. According to the SANS 2022 OT/ICS Cybersecurity Report, a Nozomi Networks-sponsored SANS…