Security

First American, a major insurance company in the US, has confirmed that a ransomware attack led to the loss of sensitive data for thousands of people. The cyber-attack, which occurred in late December 2023, forced First American to shut down some systems, including its website.  The company later reported to the US Securities and Exchange

Events like the upcoming 2024 Paris Olympic Games, taking place from July 26, 2024, provides threat actors with the opportunity to disrupt a highly anticipated event that attracts global attention. With more than 15 million tourists expected to descend into Paris during the games, there are huge safety and security risks for authorities to manage

The BBC has confirmed a breach of its pension scheme, exposing the personal data of many of its employees. The public service broadcaster revealed that attackers copied files containing some BBC Trust members’ personal details from a cloud-based storage device. The information includes names, National Insurance numbers, dates of birth and home addresses. The BBC

A new operation coordinated by Europol has targeted several significant malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot.  Dubbed “Endgame” and conducted between May 27 and 29 2024, the operation aimed to disrupt criminal networks by arresting high-value targets, dismantling their infrastructure and freezing illicit proceeds. The targeted malware facilitated ransomware and other malicious

A malicious email campaign has been discovered leveraging piano-themed messages to perpetrate advance fee fraud (AFF) scams.  These campaigns, active since at least January 2024, primarily target students and faculty at North American colleges and universities.  However, industries such as healthcare and food and beverage services have also been affected. According to Proofpoint, who discovered

Cybersecurity firm Check Point has urged customers to review their VPN configurations to prevent potential exploitation by threat actors seeking initial access to enterprise networks. Writing in a security advisory on Monday, the company reported that VPNs from various cybersecurity vendors have been increasingly targeted.  In particular, Check Point has observed attempts to breach its

Security researchers have reported a significant increase in cyber activity targeting the upcoming Indian general election.  This surge, driven by various hacktivist groups, has resulted in the leakage of personal identifiable information (PII) of Indian citizens on the dark web. The election, set to occur in seven phases from April 19 to June 1 2024, will

Source code of fake Pegasus spyware is being sold on the surface web, the dark web and instant messaging platforms, CloudSEK has found. Following Apple’s recent warning about “mercenary spyware” attacks, cloud security provider CloudSEK investigated the clear and dark web for spyware-related threats. The firm analyzed approximately 25,000 Telegram posts and found that many

Microsoft has warned retailers and restaurants of sophisticated gift card fraud which can cost victims up to $100,000 a day. In a new Cyber Signals report, the tech giant highlighted a 30% rise in intrusion activity by the threat actor Storm-0539 between March and May 2024. The group, which operates out of Morocco, focuses on

Australian patients’ health and personal information has reportedly been published online by following the ransomware attack on medical prescriptions provider MediSecure. The Melbourne-based company confirmed on May 24 that a data set containing the personal information and limited health data of its customers has been posted onto a dark web forum by a cybercriminal group.

Security researchers have revealed a series of criminal campaigns that exploit cloud storage services such as Amazon S3, Google Cloud Storage, Backblaze B2 and IBM Cloud Object Storage.  These campaigns, driven by unnamed threat actors, aim to redirect users to malicious websites to steal their information using SMS messages. According to a technical write-up published

Security experts have reported a 341% increase in malicious phishing links, business email compromise (BEC), QR code and attachment-based threats in the past six months.  This data comes from SlashNext’s mid-year The State of Phishing 2024 report, which also identified an 856% increase in malicious email and messaging threats over the previous 12 months. Since the

Security researchers have observed a new DoppelGänger campaign dubbed Operation Matriochka aimed at challenging the credibility of journalists and fact-checkers since May 2022.  By leveraging X (formerly Twitter), the operation not only disseminated disinformation articles but also engaged in commenting and sharing to prompt further investigation. According to a technical write-up published by the Sekoia

A new report has revealed that 59% of geographically distributed businesses encounter network issues at least once a month.  Kaspersky’s findings, titled “Managing geographically distributed businesses: challenges and solutions,” highlight the frequent network outages, lost connections and poor performance of services and applications that these companies face. The study also shows that 46% of these businesses

Australian healthcare company MediSecure has suffered a “large scale” ransomware attack, putting individuals’ personal and health information at risk. The electronic prescriptions provider confirmed the incident in a statement on May 16, which it admitted has impacted the personal and health information of individuals. The company confirmed that the attack was caused by an attack

A new banking Trojan targeting Android devices has been detected by Cyble Research and Intelligence Labs (CRIL), the research branch of threat intelligence provider Cycble. In a report published on May 16, CRIL described sophisticated malware incorporating a range of malicious features, including overlay attacks, keylogging and obfuscation capabilities. The researchers called the Trojan “Antidot”

Multiple UK councils have warned that citizens’ personal data may have been breached following a ransomware attack on a medical equipment supplier. Nottingham Rehab Supplies (NRS) Healthcare, which supplies health and care equipment numerous local authorities across the UK, was hit by a ransomware attack at the start of April 2024. The attack resulted in

Security researchers have detected Storm-1811, a financially motivated cybercriminal group, exploiting Quick Assist, a client management tool, in social engineering attacks.  According to a technical blog post published by Microsoft on Wednesday, Storm-1811, notorious for deploying Black Basta ransomware, has been observed initiating these attacks through voice phishing (vishing) since mid-April 2024, employing tactics like

A cyber-attack has disrupted auction house Christie’s attempts to sell art and other high-value items worth an estimated $840m. Among the items up for auction are a Vincent van Gogh painting valued at $35m and a rare wine.  The cyber-attack has taken Christie’s website offline, possibly last week, preventing potential buyers from viewing the lots

Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records.  According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded – a dramatic rise from 139 in 2022 and 783 in 2021. This surge was primarily attributed to MOVEit file transfer software vulnerabilities,

The chief information security officer (CISO) role has been under increased scrutiny from regulators over the past few years. This is especially true in the US, where the former CSO of Uber, Joe Sullivan, was sentenced to three years of probation and to pay a $50,000 fine in 2023 after a 2016 breach exposed the

A recent study conducted by the Sysdig Threat Research Team (TRT) has shed light on a novel cyber attack dubbed “LLMjacking,” which exploits stolen cloud credentials to target cloud-hosted large language model (LLM) services.  The attackers gained access to these credentials from a vulnerable version of Laravel (CVE-2021-3129), according to a blog post published on

As cybercriminals and threat actors increase their tooling and capabilities, new sophisticated attack techniques are emerging and it is vital that defenders stay abreast of this evolution. Daniel Blackford, senior manager, threat research at Proofpoint, explained: “A lot of money is following into the hands of bad actors, they’re being very successful. That has allowed

Cybersecurity professionals have an urgent duty to secure AI tools, ensuring these technologies are only used for social good, was a strong message at the RSA Conference 2024. AI bring enormous promise in the real-world setting, such as diagnosing health conditions faster and with more accuracy. However, with the pace of innovation and adoption of

A well-known threat actor is selling what they claim to be a legitimate trove of highly sensitive internal data stolen from Europol this month. “IntelBroker” took to hacking site BreachForums on Friday to advertise their wares. “In May 2024 Europol suffered a data breach and lead [sic] to the exposure of FOUO [for official use

The UK’s AI Safety Institute has made its AI testing and evaluation platform available to the global AI community as of 10 May, 2024. The platform, called Inspect, is set to pave the way for the safe innovation of AI models, according to the AI Safety Institute and Department for Science, Innovation and Technology (DIST).

A recent incident involving an MS-SQL (Microsoft SQL) honeypot has shed light on the sophisticated tactics employed by cyber-attackers relying on Mallox ransomware (also known as Fargo, TargetCompany, Mawahelper, etc.). The honeypot, set up by the Sekoia research team, was targeted by an intrusion set utilizing brute-force techniques to deploy the Mallox ransomware via PureCrypter,

A ransomware attack on US private healthcare giant Ascension has led to ambulances being diverted and patient appointments being postponed. Ascension confirmed the attack on May 9 after detecting unusual activity on select technology network systems on May 8. The healthcare provider, which operates 140 hospitals across the US, said that several hospitals are currently

The Black Basta ransomware group and its affiliates compromised hundreds of organizations worldwide between April 2022 and May 2024, according to a new report from several US government agencies. The Joint Cybersecurity Advisory (CSA) was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and Multi-State Information

Critical vulnerabilities have been found within Cinterion cellular modems. Disclosed during a Kaspersky presentation at OffensiveCon in Berlin on May 11, these flaws could allow remote attackers to execute arbitrary code, posing a significant threat to the integrity of millions of industrial devices reliant on these modems. The identified vulnerabilities, including CVE-2023-47610, highlight severe security weaknesses within