Chinese spies who compromised the US Treasury Department's workstations reportedly stole data belonging to a government office responsible for sanctions against organizations and individuals. On Monday, the Treasury sent a letter to Congress disclosing the cyberattack. Days later, we learned Beijing's snoops specifically targeted the Office of Foreign Assets Control (OFAC), which administers economic and trade sanctions, as well as the Office of the Treasury Secretary. READ MORE...
Volkswagen Group experienced a data breach last month, exposing sensitive personal information of roughly 800,000 electrical vehicle owners across its brands, including Volkswagen, Audi, Seat, and Skoda. Initially reported by German publication Speigel, the breach has been attributed to an Amazon cloud storage system misconfiguration, which is managed by software subsidiary Cariad. READ MORE...
The Richmond University Medical Center in New York has been investigating a ransomware attack since May 2023 and it recently determined that the incident resulted in a data breach affecting more than 670,000 people. The healthcare facility, which serves residents in Staten Island, New York, suffered significant disruptions in May 2023 after being targeted in a ransomware attack. It took the organization several weeks to restore impacted services. READ MORE...
Rhode Island officials said a ransomware group has begun to leak stolen information from a state social services database following a December attack. In a Monday press conference, Rhode Island Gov. Daniel McKee said the state was informed by Deloitte, which manages the RIBridges program, that hackers had begun to release data on a dark web leak site. "The contents of those files are still being analyzed by experts," McKee told reporters during the briefing. READ MORE...
Corporate executives are being hit with an influx of hyper-personalized phishing scams generated by artificial intelligence bots, as the fast-developing technology makes advanced cyber crime easier. Leading companies such as British insurer Beazley and ecommerce group eBay have warned of the rise of fraudulent emails containing personal details probably obtained through AI analysis of online profiles. READ MORE...
SafeBreach has published proof-of-concept (PoC) exploit code targeting a recently resolved denial-of-service (DoS) vulnerability in Windows Lightweight Directory Access Protocol (LDAP). The issue, tracked as CVE-2024-49113 (CVSS score of 7.5), was patched on December 10 along with a critical remote code execution (RCE) flaw in LDAP (CVE-2024-49112, CVSS score of 9.8). Neither of the defects has been marked as exploited. READ MORE...
People have been complaining for a while that passing a CAPTCHA is too difficult, but developer and tech CEO Guillermo Rauch has made one of the hardest yet: a fully playable CAPTCHA based on the classic PC game Doom. It's been a long-running joke that developers will make Doom run on absolutely anything, so it's not much of a surprise that it's now running inside something that resembles a CAPTCHA. READ MORE...
Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. IMAP and POP3 are two methods for accessing email on mail servers. IMAP is recommended for checking emails from multiple devices, such as phones and laptops because it keeps your messages on the server and synchronizes them between devices. POP3 downloads emails from the server, making them accessible only from the device where they were downloaded. READ MORE...
A new variation of clickjacking attacks called "DoubleClickjacking" lets attackers trick users into authorizing sensitive actions using double-clicks while bypassing existing protections against these types of attacks. Clickjacking, also known as UI redressing, is when threat actors create malicious web pages that trick visitors into clicking on hidden or disguised webpage elements. The attacks work by overlaying a legitimate webpage in a hidden iframe over a web page created by the attackers. READ MORE...