The Five Guys burger empire has been hit with what appears to be a "smash-and-grab" operation: Cyberattackers busted into a file server and made off with the personally identifiable information (PII) of people who applied to work at the chain. Details are scant, but in a form letter to the impacted sent out on Dec. 29, Five Guys chief operating officer Sam Chamberlain noted that an "unauthorized access to files" was discovered on Sept. 17 and was blocked the same day. READ MORE...
Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is limited. Slack disclosed the incident on December 31. It's not uncommon for companies to disclose data breaches right before or during major holidays in hopes that they will not get too much attention. READ MORE...
A cybercrime group believed responsible for a series of thefts targeting African banks continued its attacks on financial institutions on the continent well into 2022, according new research from Symantec. In a report released Thursday, researchers at Symantec reported that the group, which it tracks as "Bluebottle," carried out attacks on African banks as late as September of last year, offering new insights into the group's tactics and tools. READ MORE...
Long-standing British newspaper The Guardian has told staff to continue working from home and notified the UK's data privacy watchdog about the security breach following a suspected ransomware attack before Christmas. The publication broke the news about the "serious IT incident" on its systems on December 21, and said the attack affected parts of the company's technology infrastructure. At the time, it told staff to work from home. READ MORE...
Threat actors are using data stolen from a Colombian bank as a lure in what appears to be a malicious campaign aimed at spreading the BitRAT malware, researchers have found. The activity demonstrates the evolution of how attackers are using commercial, off-the-shelf malware in advanced threat scenarios, they said. Researchers at IT security and compliance firm Qualys were investigating "multiple lures" for BitRAT when they identified that the infrastructure of a Colombian bank had been hijacked. READ MORE...
A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock warns. Containing information such as name, username, email address, follower count, and creation date, the database has been circulating on underground forums and was eventually leaked for free. The information in the database, however, appears to have been gathered via web-scraping rather than by hacking into Twitter's systems. READ MORE...
Hackers are abusing the Windows Problem Reporting (WerFault.exe) error reporting tool for Windows to load malware into a compromised system's memory using a DLL sideloading technique. The use of this Windows executable is to stealthy infect devices without raising any alarms on the breached system by launching the malware through a legitimate Windows executable. READ MORE...
Almost twenty car manufacturers and services contained API security vulnerabilities that could have allowed hackers to perform malicious activity, ranging from unlocking, starting, and tracking cars to exposing customers' personal information. The security flaws impacted well-known brands, including BMW, Roll Royce, Mercedes-Benz, Ferrari, Porsche, Jaguar, Land Rover, Ford, KIA, Honda, Infiniti, Nissan, Acura, Hyundai, Toyota, and Genesis. READ MORE...