Security

0 Comments
Japanese car giant Toyota has warned that nearly 300,000 customers may have had their personal data leaked after an access key was publicly available on GitHub for almost five years. In a statement on its website, Toyota said that the email addresses and customer control numbers of 296,019 people who have used T-Connect, a telematics
0 Comments
by Paul Ducklin The second Tuesday of every month is Microsoft’s regular day for security updates, still known by almost everyone by its unofficial nickname of “Patch Tuesday”. But the second Tuesday in October is also Ada Lovelace Day, celebrating Ada, Countess of Lovelace. Ada was a true pioneer not only of computing, but also
0 Comments
Representatives from Ukraine’s State Service of Special Communications and Information Protection (SSSCIP) and the European Union Agency for Cybersecurity (ENISA) recently met to discuss strengthening cooperation and networking. The working meeting was held during the visit to ENISA HQ in Athens as a part of the Cybersecurity East Project. Viktor Zhora, SSSCIP deputy head, said after
0 Comments
Lloyd’s of London, the London-based insurance market heavily involved in implementing sanctions against Russia, may have been hit by a cyber-attack. On Wednesday, October 5, 2022, the British insurance market revealed it had detected “unusual activity” on its systems and has turned off all external connectivity “as a precautionary measure.” “We have informed market participants
0 Comments
Chinese state–sponsored threat actors continue to exploit known vulnerabilities to target US and allied networks and companies, according to a new advisory published on October 06, 2022, by the US National Security Agency (NSA), Cybersecurity & Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI). Worse, they use “an increasing array of new and
0 Comments
A number of notable software supply chain cyber incidents have been linked to ‘LofyGang,’ an attack group that has been operating for over a year, according to a new analysis by Checkmarx. The researchers discovered around 200 malicious packages with thousands of installations linked to LofyGang. These included several classes of malicious payloads, general password
0 Comments
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) to improve asset visibility and vulnerability detection on federal networks. Named BOD 23–01 and becoming effective on April 03, 2023, the new directive requires federal civilian executive branch (FCEB) agencies to perform automated asset discovery every seven days.  “While many
0 Comments
A former US National Security Agency (NSA) employee has been arrested after trying to sell classified information to an undercover Federal Bureau of Investigation (FBI) agent posing as a foreign spy working for a foreign government. Federal prosecutors do not directly identify the government in question. Still, according to the FBI agent’s affidavit, Jareh Sebastian
0 Comments
Threat actors associated with North Korea have been spotted weaponizing legitimate open–source software targeting employees in organizations across multiple industries. The findings come from Microsoft Threat Intelligence Center (MSTIC), which published an advisory about the threat on Thursday. According to the technical write–up, the attacks were executed by an actor Microsoft tracks as Zinc –
0 Comments
Xtreme RAT and Cryptominer have been delivered through pirated copies of the Windows operating system (OS) software. The discovery comes from eSentire’s Threat Response Unit (TRU), with the security researchers publishing an advisory about the new threat on Thursday. “Several malicious Windows services on the system were responsible for modifying system permissions, disabling Windows Defender, and
0 Comments
A new multifunctional malware written in the Go programming language has been spotted in the wild, targeting both Windows and Linux systems. The discovery has been made by Black Lotus Labs, the threat intelligence team at Lumen Technologies, who published an advisory about the new threat on Wednesday. The team reportedly discovered and analyzed roughly
0 Comments
by Paul Ducklin Last week’s cyberintrusion at Australian telco Optus, which has about 10 million customers, has drawn the ire of the country’s government over how the breached company should deal with stolen ID details. Darkweb screenshots surfaced quickly after the attack, with an underground BreachForums user going by the plain-speaking name of optusdata offering
0 Comments
Security researchers at SentinelOne have uncovered a variant of the Operation In(ter)ception campaign using lures for job vacancies at cryptocurrency exchange platform Crypto.com to infect macOS users with malware. According to an advisory published on Monday, the new attacks would represent a further instance of a campaign spotted by ESET and Malwarebytes in August and