Security

0 Comments
The BBC has confirmed a breach of its pension scheme, exposing the personal data of many of its employees. The public service broadcaster revealed that attackers copied files containing some BBC Trust members’ personal details from a cloud-based storage device. The information includes names, National Insurance numbers, dates of birth and home addresses. The BBC
0 Comments
A new operation coordinated by Europol has targeted several significant malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot.  Dubbed “Endgame” and conducted between May 27 and 29 2024, the operation aimed to disrupt criminal networks by arresting high-value targets, dismantling their infrastructure and freezing illicit proceeds. The targeted malware facilitated ransomware and other malicious
0 Comments
A malicious email campaign has been discovered leveraging piano-themed messages to perpetrate advance fee fraud (AFF) scams.  These campaigns, active since at least January 2024, primarily target students and faculty at North American colleges and universities.  However, industries such as healthcare and food and beverage services have also been affected. According to Proofpoint, who discovered
0 Comments
Cybersecurity firm Check Point has urged customers to review their VPN configurations to prevent potential exploitation by threat actors seeking initial access to enterprise networks. Writing in a security advisory on Monday, the company reported that VPNs from various cybersecurity vendors have been increasingly targeted.  In particular, Check Point has observed attempts to breach its
0 Comments
Source code of fake Pegasus spyware is being sold on the surface web, the dark web and instant messaging platforms, CloudSEK has found. Following Apple’s recent warning about “mercenary spyware” attacks, cloud security provider CloudSEK investigated the clear and dark web for spyware-related threats. The firm analyzed approximately 25,000 Telegram posts and found that many
0 Comments
Australian patients’ health and personal information has reportedly been published online by following the ransomware attack on medical prescriptions provider MediSecure. The Melbourne-based company confirmed on May 24 that a data set containing the personal information and limited health data of its customers has been posted onto a dark web forum by a cybercriminal group.
0 Comments
Security researchers have revealed a series of criminal campaigns that exploit cloud storage services such as Amazon S3, Google Cloud Storage, Backblaze B2 and IBM Cloud Object Storage.  These campaigns, driven by unnamed threat actors, aim to redirect users to malicious websites to steal their information using SMS messages. According to a technical write-up published
0 Comments
Security experts have reported a 341% increase in malicious phishing links, business email compromise (BEC), QR code and attachment-based threats in the past six months.  This data comes from SlashNext’s mid-year The State of Phishing 2024 report, which also identified an 856% increase in malicious email and messaging threats over the previous 12 months. Since the
0 Comments
Security researchers have observed a new DoppelGänger campaign dubbed Operation Matriochka aimed at challenging the credibility of journalists and fact-checkers since May 2022.  By leveraging X (formerly Twitter), the operation not only disseminated disinformation articles but also engaged in commenting and sharing to prompt further investigation. According to a technical write-up published by the Sekoia
0 Comments
A new report has revealed that 59% of geographically distributed businesses encounter network issues at least once a month.  Kaspersky’s findings, titled “Managing geographically distributed businesses: challenges and solutions,” highlight the frequent network outages, lost connections and poor performance of services and applications that these companies face. The study also shows that 46% of these businesses
0 Comments
Australian healthcare company MediSecure has suffered a “large scale” ransomware attack, putting individuals’ personal and health information at risk. The electronic prescriptions provider confirmed the incident in a statement on May 16, which it admitted has impacted the personal and health information of individuals. The company confirmed that the attack was caused by an attack
0 Comments
A new banking Trojan targeting Android devices has been detected by Cyble Research and Intelligence Labs (CRIL), the research branch of threat intelligence provider Cycble. In a report published on May 16, CRIL described sophisticated malware incorporating a range of malicious features, including overlay attacks, keylogging and obfuscation capabilities. The researchers called the Trojan “Antidot”
0 Comments
Security researchers have detected Storm-1811, a financially motivated cybercriminal group, exploiting Quick Assist, a client management tool, in social engineering attacks.  According to a technical blog post published by Microsoft on Wednesday, Storm-1811, notorious for deploying Black Basta ransomware, has been observed initiating these attacks through voice phishing (vishing) since mid-April 2024, employing tactics like
0 Comments
A cyber-attack has disrupted auction house Christie’s attempts to sell art and other high-value items worth an estimated $840m. Among the items up for auction are a Vincent van Gogh painting valued at $35m and a rare wine.  The cyber-attack has taken Christie’s website offline, possibly last week, preventing potential buyers from viewing the lots
0 Comments
Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records.  According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded – a dramatic rise from 139 in 2022 and 783 in 2021. This surge was primarily attributed to MOVEit file transfer software vulnerabilities,
0 Comments
A recent study conducted by the Sysdig Threat Research Team (TRT) has shed light on a novel cyber attack dubbed “LLMjacking,” which exploits stolen cloud credentials to target cloud-hosted large language model (LLM) services.  The attackers gained access to these credentials from a vulnerable version of Laravel (CVE-2021-3129), according to a blog post published on
0 Comments
As cybercriminals and threat actors increase their tooling and capabilities, new sophisticated attack techniques are emerging and it is vital that defenders stay abreast of this evolution. Daniel Blackford, senior manager, threat research at Proofpoint, explained: “A lot of money is following into the hands of bad actors, they’re being very successful. That has allowed
0 Comments
A well-known threat actor is selling what they claim to be a legitimate trove of highly sensitive internal data stolen from Europol this month. “IntelBroker” took to hacking site BreachForums on Friday to advertise their wares. “In May 2024 Europol suffered a data breach and lead [sic] to the exposure of FOUO [for official use
0 Comments
A recent incident involving an MS-SQL (Microsoft SQL) honeypot has shed light on the sophisticated tactics employed by cyber-attackers relying on Mallox ransomware (also known as Fargo, TargetCompany, Mawahelper, etc.). The honeypot, set up by the Sekoia research team, was targeted by an intrusion set utilizing brute-force techniques to deploy the Mallox ransomware via PureCrypter,
0 Comments
The Black Basta ransomware group and its affiliates compromised hundreds of organizations worldwide between April 2022 and May 2024, according to a new report from several US government agencies. The Joint Cybersecurity Advisory (CSA) was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and Multi-State Information
0 Comments
Critical vulnerabilities have been found within Cinterion cellular modems. Disclosed during a Kaspersky presentation at OffensiveCon in Berlin on May 11, these flaws could allow remote attackers to execute arbitrary code, posing a significant threat to the integrity of millions of industrial devices reliant on these modems. The identified vulnerabilities, including CVE-2023-47610, highlight severe security weaknesses within