"Have I Been Pwned Adds 71 Million Emails From Naz.API Stolen Account List"

"Have I Been Pwned Adds 71 Million Emails From Naz.API Stolen Account List"

Have I Been Pwned has added about 71 million email addresses associated with stolen accounts listed in the Naz.API data set to its data breach notification service. The Naz.API data set contains 1 billion credentials gathered from credential stuffing lists and data stolen by information-stealing malware. Credential stuffing lists are collections of username and password pairs stolen from past data breaches. They are used to compromise accounts on other websites.

Submitted by Gregory Rigby on

"Energy Department to Invest $30 Million in Clean Energy Cybersecurity Solutions"

"Energy Department to Invest $30 Million in Clean Energy Cybersecurity Solutions"

The US Department of Energy (DoE) recently announced plans to invest $30 million in projects aimed at securing the clean energy infrastructure against cyber threats.  Meant to support the research, development, and demonstration (RD&D) of innovative cybersecurity tools, the federal funding is provided as part of the Biden-Harris administration’s efforts to improve the country’s energy and national security.

Submitted by Adam Ekwall on

"Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks"

"Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks"

According to CISA, the Rapid SCADA open source industrial automation platform is affected by several vulnerabilities that could allow hackers to gain access to sensitive industrial systems, but the flaws remain unpatchedRapid SCADA is advertised as ideal for industrial automation and IIoT systems, energy accounting systems, and process control systems.

Submitted by Adam Ekwall on

"Customer Information of Toyota Insurance Company Exposed Due to Misconfigurations"

"Customer Information of Toyota Insurance Company Exposed Due to Misconfigurations"

According to security researcher Eaton Zveare, a series of misconfigurations and security vulnerabilities allowed him to access customer information stored in an email account at Toyota Tsusho Insurance Broker India (TTIBI).  The researcher noted that the unauthorized access was possible because the TTIBI site had a dedicated Eicher Motors subdomain with a premium calculator.

Submitted by Adam Ekwall on

"CISA Releases 2023 Year in Review Showcasing Efforts to Protect Critical Infrastructure"

"CISA Releases 2023 Year in Review Showcasing Efforts to Protect Critical Infrastructure"

The Cybersecurity and Infrastructure Security Agency (CISA) has released its fourth annual Year in Review, which highlights the US agency's efforts to protect the nation from cyber and physical threats as well as improve the resilience of critical infrastructure. The 2023 Year in Review delves into the agency's achievements in its cybersecurity, infrastructure security, and emergency communications missions.

Submitted by Gregory Rigby on

"NIST Offers Guidance on Measuring and Improving Your Company's Cybersecurity Program"

"NIST Offers Guidance on Measuring and Improving Your Company's Cybersecurity Program"

The two-volume document, with the overall title "NIST Special Publication (SP) 800-55 Revision 2: Measurement Guide for Information Security," provides guidance on establishing an effective cybersecurity program as well as a flexible approach to developing information security measures to meet an organization's performance objectives. NIST is requesting public feedback on this initial public draft by March 18, 2024. The publication is designed to be used in conjunction with any risk management framework, such as NIST's Cybersecurity Framework or Risk Management Framework.

Submitted by Gregory Rigby on

"Revolutionizing UAV Communication With Security Enhancements"

"Revolutionizing UAV Communication With Security Enhancements"

Khalifa University researchers developed a novel approach to improve Unmanned Aerial Vehicle (UAV) communication security and robustness. The team's proposed design includes a device authentication protocol to ensure that only authorized devices can connect to and communicate with the UAV system, protecting against unauthorized access and security breaches. This article continues to discuss the team's efforts to enhance UAV communication security. 

Submitted by Gregory Rigby on

"DDoS Attackers Put Environmental Services Firms in Their Crosshairs"

"DDoS Attackers Put Environmental Services Firms in Their Crosshairs"

Environmental services websites are becoming major targets for Distributed Denial-of-Service (DDoS) attacks, with Cloudflare researchers reporting a 61,839 percent year-over-year increase in the fourth quarter of 2023. The significant increase in HTTP DDoS attacks against the environmental services industry coincided with the United Nations' COP28 climate conference, held in the United Arab Emirates from November 30 to December 12, according to Cloudflare's Q4 2023 DDoS report.

Submitted by Gregory Rigby on

"Pirates Beware: Covert Cyber Gang Hijacking Brains of Android TVs"

"Pirates Beware: Covert Cyber Gang Hijacking Brains of Android TVs"

According to cyber threat analysts at China's Qianxin X Laboratory, over 100,000 Android TVs and set-top boxes have been infected with unknown malware. The researchers discovered a large-scale cybercrime gang based in Brazil dubbed Bigpanzi that targets Android TVs, set-top boxes, and eCos devices. The malware used by the group is preloaded with weaponization tools for Distributed Denial-of-Service (DDoS) attacks, transforming TVs into zombies in a massive botnet. Compromised devices also serve as operational nodes for illicit streaming.

Submitted by Gregory Rigby on

"Taiwanese Semiconductor Company Hit by Ransomware Attack"

"Taiwanese Semiconductor Company Hit by Ransomware Attack"

Foxsemicon, one of Taiwan's largest semiconductor manufacturers has suffered a cyberattack, allegedly carried out by the LockBit ransomware gang. The hackers hijacked the company's website and left a threatening message, claiming that they had stolen its customers' personal information and would publish it on their darknet site if the company refused to pay. They claimed to have accessed five terabytes of the company's data.

Submitted by Gregory Rigby on
Subscribe to