VF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme, said that more than 35 million customers had their personal information stolen in a December ransomware attack. The American global apparel and footwear giant said that the affected customers' social security numbers, bank account information, or payment card information was not impacted since it doesn't store such data on its systems. READ MORE...
Kansas State University (K-State) announced it is managing a cybersecurity incident that has disrupted certain network systems, including VPN, K-State Today emails, and video services on Canvas and Mediasite. Kansas State University is a public land-grant research university offering 65 masters and 45 doctoral programs. On Tuesday morning, the university announced on its media portal that it was experiencing disruption in some IT systems, and confirmed a cyberattack had caused it. READ MORE...
The US Justice Department this week announced separate charges against two Russian nationals accused of being involved in cybercriminal activities, including a man allegedly involved in the 2013 hacking of retailers Michaels and Neiman Marcus. One of the indicted individuals is Aleksey Timofeyevich Stroganov, also known as Aleksei Stroganov, Flint, Flint24, Gursky Oleg, and Oleg Gurskiy. READ MORE...
The Russia-backed advanced persistent threat (APT) known as ColdRiver has taken a dive into the icy waters of custom malware, rolling out a proprietary backdoor called "Spica." The use of malware represents a significant evolution in the group's tactics, techniques, and procedures (TTPs), and one that potential targets need to take note of, researchers say - especially as election season looms. READ MORE...
Two US government agencies, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI), warned on Wednesday that drones made in China could be used to gather information on critical infrastructure. "The People's Republic of China (PRC) has enacted laws that provide the government with expanded legal grounds for accessing and controlling data held by firms in China," according to a statement on the CISA website. READ MORE...
A security researcher in Germany has been fined €3,000 ($3,300, £2,600) for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records. Back in June 2021, according to our pals at Heise, an contractor identified elsewhere as Hendrik H. was troubleshooting software for a customer of IT services firm Modern Solution GmbH. He discovered that the Modern Solution code made an MySQL connection to a MariaDB database server operated by the vendor. READ MORE...
VMware is warning customers that CVE-2023-34048, a critical vCenter Server vulnerability patched in October 2023, is being exploited in the wild. CVE-2023-34048 has been described as an out-of-bounds write issue related to the implementation of the DCERPC protocol. It can allow an attacker who has network access to vCenter Server to remotely execute arbitrary code. The issue was deemed so critical that VMware decided to release patches in October even for end-of-life versions of the product. READ MORE...
On Thursday, UK's Government Communications Headquarters (GCHQ) announced the release of previously unseen images and documents related to Colossus, one of the first digital computers. The release marks the 80th anniversary of the code-breaking machines that significantly aided the Allied forces during World War II. While some in the public knew of the computers earlier, the UK did not formally acknowledge the project's existence until the 2000s. READ MORE...