Summary: Atos, a French IT services giant, has denied any compromise of its systems despite claims by the ransomware group Space Bears that they have stolen data from the company. Atos confirmed that while some data mentioning the company may have been obtained, no sensitive information or proprietary data was exposed.…
Read More
Author: SecurityWeek
Summary: Cybersecurity leader Tenable announced the unexpected death of its CEO Amit Yoran at 54, following a battle with cancer. Yoran was a prominent figure in the cybersecurity community, having held various leadership roles throughout his career.
Read More
Threat Actor: N/A | N/A Victim: Tenable | Tenable
Key Point :
Amit Yoran served as CEO of Tenable since 2016 and was a veteran in the cybersecurity industry.…
Summary: This week’s cybersecurity news roundup highlights significant incidents and vulnerabilities that have emerged, including data leaks, ransomware attacks, and hacking incidents involving major companies.
Read More
Threat Actor: Various | Various Victim: Volkswagen, Pittsburgh Regional Transit, Ford, NTT Docomo, US Treasury, and others | Volkswagen, Pittsburgh Regional Transit, Ford, NTT Docomo, US Treasury
Key Point :
Volkswagen experienced a data leak affecting 800,000 electric cars due to unsecured AWS storage.…
Summary: SafeBreach has released proof-of-concept exploit code for a recently patched denial-of-service vulnerability in Windows LDAP, tracked as CVE-2024-49113. This vulnerability could allow attackers to crash unpatched Windows Server deployments, particularly if connected to the internet, raising concerns alongside a critical remote code execution flaw in the same system.…
Read More
Summary: A new Android malware named FireScam has been identified as an information stealer and spyware, capable of harvesting sensitive information from various applications. It is distributed through a phishing website disguised as the legitimate ‘Telegram Premium’ application, targeting devices running Android 8 and newer.
Read More
Threat Actor: Unknown | FireScam Victim: Android Users | Android Users
Key Point :
FireScam is distributed via a phishing website that mimics the RuStore application store.…
Summary: The Richmond University Medical Center in New York has been investigating a ransomware attack that occurred in May 2023, which has now been confirmed to have resulted in a data breach affecting over 670,000 individuals. The breach involved the potential exposure of sensitive personal and health information, prompting the hospital to offer credit monitoring services to those affected.…
Read More
### #SiriSettlement #PrivacyLawsuit #ConsumerRights
Read More
Summary: Apple has agreed to a $95 million settlement over allegations that Siri was used to eavesdrop on users without their consent. The lawsuit claims that recordings were made even when Siri was not activated, contradicting Apple’s privacy commitments.
Threat Actor: Apple Inc.…
### #Kiberphant0m #SnowflakeHacking #TelecomDataBreach
Read More
Summary: A US Army soldier, Cameron John Wagenius, was arrested for allegedly leaking confidential call logs and is suspected to be involved in the Snowflake hacking campaign. His activities included extorting telecom companies and boasting about hacking multiple providers.
Threat Actor: Kiberphant0m | Kiberphant0m Victim: AT&T and Verizon | AT&T, Verizon
Key Point :
Wagenius, using the alias Kiberphant0m, leaked call logs for high-profile individuals, including President Trump and Vice President Harris.…Secure enterprise microservices development startup Codezero this week announced that it has raised $3.5 million in a seed funding round led by Ballistic Ventures, with additional funding from angel investors.
The Vancouver, Canada-based company aims to streamline Kubernetes software development workflows by providing an identity-aware overlay network for managing access and control over staging and production systems.…
Thousands of WordPress websites are potentially at risk of takeover due to a critical-severity vulnerability in two MiniOrange plugins that were discontinued recently, the Wordfence team at WordPress security company Defiant warns.
The two plugins, Malware Scanner and Web Application Firewall from MiniOrange, were closed on March 7, two days after the critical flaw was reported to the maintainers.…
The Federal Trade Commission has announced a $26 million settlement with two tech support firms that duped consumers into paying for unnecessary antivirus and computer repair services.
According to an FTC complaint (PDF), the Cyprus-based Restoro and Reimage, which previously operated out of Isle of Man, used fake Microsoft Windows pop-ups to scare consumers into believing that their computers were infected with viruses.…
A recent data breach at France’s government unemployment agency could impact as many as 43 million people, authorities announced this week.
The affected agency, France Travail, formerly known as Pole Emploi, was targeted in a cyberattack that resulted in the theft of personal information between February 6 and March 5, 2024, according to the country’s Cybermalveillance cybercrime prevention initiative.…
Cloud account attacks, increasing Mac malware, malvertising morphing from the distribution of adware to more dangerous malware, and more, are all discussed by Red Canary in its 2024 Threat Detection Report.
Released this week, the Report (PDF) is based on the analysis of almost 60,000 threats drawn from 216 petabytes of telemetry from more than 1,000 customers’ endpoints, identities, clouds, and SaaS applications throughout 2023.…
Google today announced that the standard Safe Browsing protections in the Chrome browser can now identify bad sites in real time.
The real-time protection was previously available if the Enhanced protection mode was enabled in Safe Browsing, while the standard settings checked the visited sites against a list stored on the device that was refreshed every 30 to 60 minutes.…
Web traffic management firm BotGuard OU on Wednesday announced raising €12 million (~$13.1 million) in a Series A funding round that brings the total investment to approximately $13.7 million.
The new funding round was led by MMC Ventures, with additional investment from Tera Ventures, Expeditions Fund, and angel investors.…
Microsoft announced on Wednesday that its Copilot for Security solution will become generally available worldwide on April 1, 2024.
Microsoft Copilot for Security, which has been available to some users as part of an invite-only early access program, is a generative AI-powered solution designed to help defenders by enhancing their efficiency and capabilities. …
Cisco on Wednesday announced patches for multiple vulnerabilities in IOS RX software, including three high-severity flaws leading to denial-of-service (DoS) and elevation of privilege.
The most severe of the high-severity bugs is CVE-2024-20320, an issue in the SSH feature of IOS RX that could allow attackers to elevate privileges to root by sending crafted SSH commands to the CLI.…
Since OpenAI’s release of ChatGPT in November 2022, the number of products using Generative AI has skyrocketed. Right now there are some 12,000 AI tools available promising to help with over 16,000 job tasks and we’re seeing this number grow at around 1,000 every month.
The growth of these tools is fast outpacing the capability of employers to control them.…
TikTok once again finds itself in a precarious position as lawmakers in Washington move forward with a bill that could lead to a nationwide ban on the platform.
The House on Wednesday passed legislation that would ban TikTok if its China-based owner ByteDance doesn’t sell its stakes in the popular social media platform within six months of the bill’s enactment.…
The exploitation of a high-severity Kubernetes vulnerability can lead to arbitrary code execution with System privileges on all Windows endpoints in a cluster, Akamai warns.
The issue, tracked as CVE-2023-5528 and impacting default Kubernetes installations, exists in the way the open source container orchestration system processes YAML files, which it uses for virtually every function.…