The City of Helsinki is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel. Though information about the attack was circulated on May 2, 2024, the city's authorities shared more details in a press conference earlier today. According to the details disclosed today, an unauthorized actor gained access to a network drive after exploiting a vulnerability in a remote access server. READ MORE...
Christie's website remains offline as of Monday after a "technology security issue" shut it down Thursday night - just days before the venerable auction house planned to flog $840 million of art. As of Friday morning and still today, Christie's redirects visitors to a temporary website, reportedly due to a cyberattack. It's not thought, at the moment, that any customer data has been stolen. In a statement to the media, Christie's confirmed "a technology security issue has impacted some of our systems, including our website." READ MORE...
A Korean cybersecurity expert has been sentenced to prison for illegally accessing and distributing private videos from vulnerable "wallpad" cameras in 400,000 private households. The 41-year-old man, who has not been officially named, succeeded in remotely accessing 638 apartment complexes in South Korea. He exploited over 400,000 smart home devices used by residents to operate their video security systems and other domestic functions. READ MORE...
Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. DNS tunneling is the encoding of data or commands that are sent and retrieved via DNS queries, essentially turning DNS, a fundamental network communication component, into a covert communications channel. The threat actors encode the data in various ways... READ MORE...
Generative AI gives attackers an edge over cyber defenders, according to a Splunk survey of security experts. Cyberattacks annually soared 26% on average from 2017 until 2023, Moody's Investors Service said last month, citing University of Maryland data. "This number is likely to be understated since organizations are often not required to report cyberattacks." As cybersecurity risks rise, generative AI will likely favor attackers over the short-to-medium term, Moody's said. READ MORE...
Apple has released the latest updates for virtually all of its actively supported devices today. Most include a couple handfuls of security updates, some new features for Apple News+ subscribers, and something called Cross-Platform Tracking Protection for Bluetooth devices. The iOS 17.5, iPadOS 17.5, macOS 4.5, watchOS 10.5, tvOS 17.5, and HomePod Software 17.5 updates are all available to download now. READ MORE...
US information security agencies have published advisories on how to detect and thwart the Black Basta ransomware gang - after the crew claimed responsibility for the recent attack on US healthcare provider Ascension. Both CISA and Health-ISAC shared bulletins on Black Basta within hours of El Reg sources saying ransomware was involved in the incident and that some facilities had resorted to pen-and-paper operations. CNN later reported Black Basta specifically was behind it all. READ MORE...
Ten years have passed since Heartbleed was first identified, but the security industry is still grappling with the question of branded vulnerabilities and naming vulnerabilities appropriately. Back in April 2014, researchers uncovered a serious vulnerability in OpenSSL. There are many serious vulnerabilities, but this one was particularly bad, with security expert Bruce Schneier calling it "catastrophic." On his blog, Schneier wrote, "On the scale of 1 to 10, this is an 11." READ MORE...