The International Civil Aviation Organization (ICAO), the United Nations' aviation agency, has confirmed to The Register that a cyber crim did indeed steal 42,000 records from its recruitment database. Yesterday, we reported claims from an atacker that they had illegally accessed tens of thousands of documents. In response to our questions, the agency confirmed the haul pertained to particulars collected between April 2016 and July last year. READ MORE...
Japanese electronics giant Casio has completed its investigation into the data breach caused by a recent ransomware attack and found that thousands of individuals are impacted. The company revealed in early October 2024 that some systems had failed and some services had been disrupted as a result of unauthorized access to its network. A few days later it confirmed that it had been targeted in a ransomware attack that resulted in personal information and confidential corporate files getting stolen. READ MORE...
Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform. PowerSchool is a cloud-based software solutions provider for K-12 schools and districts that supports over 60 million students and over 18,000 customers worldwide. READ MORE...
One of the first things everyone predicted when artificial intelligence (AI) became more commonplace was that it would assist cybercriminals in making their phishing campaigns more effective. Now, researchers have conducted a scientific study into the effectiveness of AI supported spear phishing, and the results line up with everyone's expectations: AI is making it easier to do crimes. READ MORE...
Google on Monday announced the first set of Android security updates for 2025, which include patches for 36 vulnerabilities, including five critical-severity bugs in the System component. As usual, the update is divided into two parts, with the first arriving on devices as the 2025-01-01 security patch level and containing fixes for 24 vulnerabilities in Android's Framework, Media Framework, and System components. READ MORE...
A malicious plug-in found on a Russian cybercrime forum turns WordPress sites into phishing pages by creating fake online payment processes that convincingly impersonate trusted checkout services. Masquerading as legitimate e-commerce apps such as Stripe, the malware proceeds to steal customer payment data. Called PhishWP, the WordPress plug-in was designed by Russian cybercriminals to be particularly deceptive. READ MORE...
The telecommunications provider for the African nation of Namibia suffered a significant ransomware attack late last year, becoming a visible symbol of the merging of two trends in the region: increasing attacks on critical infrastructure and the growing threat of ransomware. Last month, Telecom Namibia alerted customers that a successful attack by the ransomware-as-a-service (RaaS) group Hunters International led to users' information being leaked online. READ MORE...
CISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Mitel MiCollab is a popular enterprise collaboration suite. CVE-2024-41713 and CVE-2024-55550 are both path traversal vulnerabilities. The former is exploitable without authentication, and may allow an attacker to gain access "to provisioning information including non-sensitive user and network information." READ MORE...