Cyberattack Disrupts Unified Information System of Administrative Courts and Supreme Administrative Court in Bulgaria

Date Reported: 2025-01-27 Country: BGR | Bulgaria Victim: Tribunal administratif suprême | Supreme Administrative Court Website: sac.government.bg Additional Information :A cyberattack disrupted the operations of the unified information system for administrative courts in Bulgaria. The attack also affected the website of the Supreme Administrative Court.…
Read More
TalkTalk Confirms Data Breach, Downplays Impact
Summary: UK telecommunications firm TalkTalk has confirmed a data breach involving a third-party supplier, triggered by unauthorized access to sensitive customer information. A threat actor claimed to be selling data of over 18.8 million customers, although TalkTalk disputes this number. Investigations are ongoing, and the company is collaborating with the third-party supplier to address the issue and safeguard customer data.…
Read More
The Case for Proactive, Scalable Data Protection
Summary: Natco Home Group faced critical vulnerabilities due to outdated backup systems, which prompted a significant overhaul of their data protection strategy. Transitioning to a modern cloud-first solution not only fortified their data security but also improved business continuity, especially during peak operational periods. This shift is a crucial reminder for organizations to proactively reassess their data protection strategies to stay resilient against evolving cyber threats.…
Read More
Summary: Researcher Mehdi Elyassa from Synacktiv disclosed a critical SQL injection vulnerability in Microsoft Configuration Manager (CVE-2024-43468) with a CVSS score of 9.8, allowing unauthenticated attacks that can execute arbitrary commands. The flaw exists in the MP_Location service, enabling attackers to gain sysadmin-level privileges and potentially achieve full control over the deployment environment.…
Read More
Cyberattack Disrupts Unified Information System of Administrative Courts and Supreme Administrative Court in Bulgaria

Date Reported: 2025-01-21 Country: CAN | Canada Victim: Runway Hair Design | Runway Hair Design Website: runwayhairdesign.ca Additional Information :A hair salon in Strathmore, Alberta, was closed for several days due to a ransomware cyberattack that encrypted the company’s files. The salon managed to reopen after repairing its computers.…
Read More
Cyberattack Disrupts Unified Information System of Administrative Courts and Supreme Administrative Court in Bulgaria

Date Reported: 2025-01-21 Country: JPN | Japan Victim: Sanrio Entertainment | Sanrio Entertainment Website: sanrio.co.jp Additional Information :Sanrio Entertainment, known for its popular theme parks in Japan, including Harmonyland, was targeted in a cyberattack on January 21, 2025. The attack caused operational disruptions and restricted access for visitors to the parks.…
Read More
GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities
Summary: A new threat actor called GamaCopy has been observed emulating tactics from the Kremlin-aligned Gamaredon group, primarily targeting Russian-speaking entities. The group is noted for using military-related content to deploy UltraVNC for remote access, closely resembling techniques used by another hacking faction, Core Werewolf. This pattern of behavior highlights an evolving landscape of cyber threats amidst ongoing geopolitical tensions stemming from the Russo-Ukrainian war.…
Read More
Ransomware gang uses SSH tunnels for stealthy VMware ESXi access
Summary: Ransomware actors are increasingly targeting VMware ESXi bare metal hypervisors, exploiting SSH tunneling to maintain persistence and evade detection. These attacks can cripple organizations by encrypting files and rendering virtual machines inaccessible. Monitoring challenges related to ESXi logs further complicate detection and response efforts for system administrators.…
Read More
TalkTalk investigates breach after data for sale on hacking forum
Summary: TalkTalk is investigating a data breach involving a third-party supplier after a threat actor began selling alleged customer data on a hacking forum. The company has stated that the number of affected customers is significantly overstated and that no financial information was compromised. Ongoing investigations suggest the data may have been stolen from the Ascendon SaaS platform rather than directly from TalkTalk.…
Read More
Cyberattack Disrupts Unified Information System of Administrative Courts and Supreme Administrative Court in Bulgaria

Date Reported: 2025-01-24 Country: USA Victim: Matagorda County | Matagorda County Website: co.matagorda.tx.us Additional Information :Matagorda County, Texas, has declared a state of disaster due to a cyberattack. The cyberattack disrupted internal systems but no evidence of compromised personal data has been found. Local authorities are investigating the incident with assistance from multiple agencies, including the FBI.…
Read More
UnitedHealth updates number of data breach victims to 190 million
Summary: The ransomware attack on Change Healthcare has now impacted nearly 200 million individuals, significantly more than previously reported. UnitedHealth, the parent company, has confirmed that sensitive personal and health information was accessed, including Social Security numbers and medical records. The company is still assessing the full extent of the breach and has begun notifying affected individuals.…
Read More
3 Use Cases for Third-Party API Security
Summary: The commentary discusses the importance of adapting security strategies for third-party APIs, highlighting the unique risks and considerations that differ from first-party APIs. It emphasizes the need for security leaders to focus on three specific use cases: managing outbound data flows, protecting against inbound traffic, and overseeing data management for third-party applications.…
Read More