PowerSchool starts notifying victims of massive data breach
Education software giant PowerSchool has started notifying individuals in the U.S. and Canada whose personal data was exposed in a late December 2024 cyberattack. Though this is a step forward, the company has still not officially disclosed the exact number of individuals impacted by the security incident. Moreover, a detailed report on what exactly has happened, expected by CrowdStrike, who is involved in the investigations, continues to be overdue. READ MORE...
How Lazarus Group built a cyber espionage empire
Since September 2024, SecurityScorecard's STRIKE team has been investigating Lazarus Group's activity, uncovering key details about their infrastructure. Despite variations in payload delivery and obfuscation techniques, the campaign relied on a consistent C2 framework. Through deep analysis, researchers identified a hidden administrative layer within the C2 servers, offering the attackers centralized control over compromised systems. READ MORE...
The U.S. is trying to unravel a hacking plot that targeted climate activists
A yearslong U.S. Justice Department investigation of a global hacking campaign that targeted prominent American climate activists took a turn in a London court this week amid an allegation that the hacking was ordered by a lobbying firm working for ExxonMobil. Both the lobbying firm and ExxonMobil have denied any awareness of or involvement with alleged hacking. The hacking was allegedly commissioned by a Washington, D.C., lobbying firm, according to a lawyer representing the U.S. government. READ MORE...
Ex-worker arrested after 'shutdown' of British Museum computer systems
London's world-famous British Museum was forced to partially close its doors at the end of last week, following a serious security breach involving a former IT contractor. As The Guardian reports, police were called to the museum on Friday after a recently dismissed worker allegedly trespassed onto the museum site and was able to shut down various systems, including the museum's ticketing platform. READ MORE...
Rockwell Patches Critical, High-Severity Vulnerabilities in Several Products
Rockwell Automation on Tuesday published six new security advisories to inform customers about several critical- and high-severity vulnerabilities patched in its products. In the FactoryTalk industrial automation software, Rockwell patched one critical- and one high-severity issue in View Machine Edition, and two high-severity flaws in View Site Edition. The FactoryTalk View Machine Edition vulnerabilities can be exploited for arbitrary command execution. READ MORE...
Procter & Gamble operations unhindered by Blue Yonder disruption
Procter & Gamble CFO Andre Schulten said a shutdown of its transportation management service provider Blue Yonder in Q4 had a "relatively benign" impact on its operations, according to a Dec. 3 session at the Morgan Stanley Global Consumer and Retail Conference. While Schulten didn't specify the cause of the shutdown, Blue Yonder was the target of a ransomware attack in late November, and major companies, including Starbucks, experienced disruptions due to the outage. READ MORE...
AI haters build tarpits to trap and trick AI scrapers that ignore robots.txt
Last summer, Anthropic inspired backlash when its ClaudeBot AI crawler was accused of hammering websites a million or more times a day. And it wasn't the only artificial intelligence company making headlines for supposedly ignoring instructions in robots.txt files to avoid scraping web content on certain sites. Around the same time, Reddit's CEO called out all AI companies despite the tech industry otherwise agreeing to respect "no scraping" robots.txt rules. READ MORE...
OAuth Flaw Exposed Millions of Airline Users to Account Takeovers
A vulnerability that exposed millions of airline customers to potential account takeovers has highlighted the significant risks organizations face from misconfigured OAuth authentication processes. The vulnerability in this case involved a major provider of online travel services for hotels and car rentals. Researchers at Salt Security, hunting for real-world examples of API supply chain attacks, stumbled upon a vulnerability in the travel company's process for authenticating users. READ MORE...
New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones
Academic researchers have disclosed the details of two new CPU side-channel attacks impacting millions of phones, tablets, laptops and desktop computers made by Apple. The attack methods, discovered by researchers from the Georgia Institute of Technology and Ruhr University Bochum, have been named SLAP (Speculation via Load Address Prediction) and FLOP (False Load Output Predictions). READ MORE...
- ...in 1737, political theorist Thomas Paine ("Common Sense", "The Rights of Man") is born in Norfolk, Great Britain.
- ...in 1845, Edgar Allen Poe's "The Raven" is first published in the New York Evening Mirror.
- ...in 1886, Karl Benz receives a patent for his 3-wheeled "Motorwagen", the first automobile to be powered by an internal-combustion engine.
- ...in 1954, television host and producer Oprah Winfrey is born in Kosciusko, MS.
- ...in 1964, Stanley Kubrick's "Dr. Strangelove or: How I Learned to Stop Worrying and Love the Bomb" debuts in theaters.
