Ferrari has disclosed a data breach following a ransom demand received after attackers gained access to some of the company's IT systems. "We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment," Ferrari says in breach notification letters sent to customers. Ferrari is yet to disclose if this was a ransomware attack or just an extortion attempt. READ MORE...
Cryptocurrency ATM manufacturer General Bytes over the weekend disclosed a security incident that resulted in the theft of millions of dollars' worth of funds. The attackers, the company says, exploited a vulnerability in the master service interface that Bitcoin ATMs use to upload videos, which allowed them to upload a JavaScript script and execute it with batm user privileges. READ MORE...
The Clop ransomware gang claims to have attacked Saks Fifth Avenue on its dark web leak site. The cyber security incident is among Clop's ongoing attacks against vulnerable GoAnywhere MFT servers belonging to established enterprises. Although the company states no real customer data is impacted, it did not address if corporate or employee data was stolen. READ MORE...
A newly discovered attack has been targeting .NET developers with malicious packages loaded to the NuGet repository, JFrog's security researchers explain. A package manager helping developers share and consume reusable code, NuGet allows developers to create code packages using the NuGet client app and have them published in either public or private repositories. READ MORE...
An analysis of 2,007 damaged or defective hard disk drives (HDDs) has led a data recovery firm to conclude that "in general, old drives seem more durable and resilient than new drives." The statement comes from a Los Angeles-headquartered HDD, SSD, and RAID data recovery firm aptly named Secure Data Recovery that has been in business since 2007 and claims to have resolved more than 100,000 cases. It studied the HDDs it received in 2022. READ MORE...
A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device - unless and until you affirmatively opt out of this data collection. Here's a primer on why you might want to do that, and how. Telecommunications giant AT&T disclosed this month that a breach at a marketing vendor exposed certain account information for nine million customers. READ MORE...
Back in 2018, Pixel phones gained a built-in screenshot editor called "Markup" with the release of Android 9.0 Pie. The tool pops up whenever you take a screenshot, and tapping the app's pen icon gives you access to tools like crop and a few colored drawing pens. That's very handy assuming Google's Markup tool actually does what it says, but a new vulnerability points out the edits made by this tool weren't actually destructive! It's possible to uncrop or unredact Pixel screenshots taken during the past four years. READ MORE...
From February 2022, Microsoft began blocking macros in Office files by default, making it harder for attackers to run malicious code. Data collected by the HP Threat Research team shows that from Q2 2022, attackers have been diversifying their techniques to find new ways to breach devices and steal data. Based on data from millions of endpoints running HP Wolf Security, the research found the rise of QR scan scams: Since October 2022, HP has seen almost daily QR code "scan scam" campaigns. READ MORE...