Another month, another release of personal information stolen from a school system. This time, it's a group of 14 schools in the United Kingdom. Once again, the perpetrator appears to be Vice Society, which is well known for targeting educational systems in the US. As the Cybersecurity and Infrastructure Security Agency (CISA) pointed out in a bulletin from Sept. 6, "K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data." READ MORE...
Since Russia's invasion of Ukraine in February, Moscow's digital spies and hackers loyal to the Kremlin have attacked Ukrainian systems relentlessly in a bid to support the operation. But one group - known as Turla and widely regarded as one of Russia's most capable - has been conspicuously absent from the conflict, until now. On Thursday, researchers at Mandiant disclosed they discovered Turla targeting Ukrainian systems. READ MORE...
Threat actors are using a well-crafted Pokemon NFT card game website to distribute the NetSupport remote access tool and take control over victims' devices. The website "pokemon-go[.]io," which is still online at the time of writing, claims to be home to a new NFT card game built around the Pokemon franchise, offering users strategic fun together with NFT investment profits. READ MORE...
A variant of the bad penny that is Dridex, the general-purpose malware that has been around for years, now has macOS platforms in its sights and a new way of delivering malicious macros via documents. The first sample of this latest variant appeared on Virus Total in 2019, but detections started to rise a year later and peaked in December 2022, according to threat researchers at Trend Micro. READ MORE...
After reports at the end of 2022 that hackers were selling data stolen from 400 million Twitter users, researchers now say that a widely circulated trove of email addresses linked to about 200 million users is likely a refined version of the larger trove with duplicate entries removed. The social network has not yet commented on the massive exposure, but the cache of data clarifies the severity of the leak and who may be most at risk as a result of it. READ MORE...
A seemingly run-of-the-mill breach at LastPass in August produced one of last year's most alarming security incidents. Downstream impacts mounted as the year came to a close, months after the password manager claimed the threat contained. LastPass users and business customers should be on high alert and change all passwords immediately, following a subsequent breach that exposed password vault data, according to cybersecurity analysts and threat researchers. READ MORE...
The vulnerabilities could let attackers remotely track, stop or control a car - even an entire fleet of emergency vehicles. Another could give hackers access to some 15.5 million automobiles, allowing them to send commands to control braking systems. In total, a group of ethical car hackers discovered at least 20 vulnerabilities within the application programming interfaces, or APIs, that automakers rely on so technology inside cars can interact. READ MORE...
The US Cybersecurity and Infrastructure Security Agency (CISA) published advisories last week to inform organizations using Hitachi Energy products about several recently addressed critical and high-severity vulnerabilities. CISA has published three advisories describing security flaws in three products made by energy solutions provider Hitachi Energy. The vendor published its own advisories for the vulnerabilities in December. READ MORE...
Briefly this week, it appeared that quantum computers might finally be ready to break 2048-bit RSA encryption, but that moment has passed. The occasion was the publication of an academic paper by no less than two dozen authors affiliated with seven different research institutions in China. The paper suggests that the application of Claus Peter Schnorr's recent factoring algorithm can break asymmetric RSA-2048 encryption. READ MORE...