The US Securities and Exchange Commission sued SolarWinds Corp. and Chief Information Security Officer Timothy Brown yesterday, alleging that they concealed security failures that led to a nearly two-yearlong cyberattack known as "Sunburst." The attack, reportedly carried out by Russian hackers, inserted malicious code into SolarWinds network-management software used by thousands of customers, including US government agencies and private companies. READ MORE...
The personal information of more than 815 million people in India has reportedly been leaked online. According to local media reports, hackers have offered for sale the personally identifiable information (PII) - including that found on Aadhaar identity cards - belonging to hundreds of millions of Indian residents. A threat actor calling themselves "pwn0001" posted on the Breach Forums black hat hacking site said that they had the records of 815 million people available. READ MORE...
Ace Hardware appears to have been the latest organization to succumb to a cyberattack, judging by its website and a message from CEO John Venhuizen. The site today warns that the retailer-owned cooperative is unable to process online orders. A memo from Venhuizen indicates the problem is serious. In a note sent to Ace retailers this week, Venhuizen said: "On Sunday morning, we detected a cybersecurity incident that is impacting the majority of our IT systems. READ MORE...
The British Library has been hit by a major IT outage affecting its website and many of its services following a "cyber incident" that impacted its systems on Saturday, October 28. The ongoing outage also affects other services, including our phone lines and onsite library services in London and Yorkshire. The British Library's facilities, including Reading Rooms for personal study, are still operational, and collection items requested on or before October 26 are accessible onsite. READ MORE...
For a period of two years between September 2019 and September 2021, two Americans and two Russians allegedly compromising the taxi dispatch system at John F. Kennedy International Airport in New York to sell cabbies a place at the front of the dispatch line. The two Russian nationals, Aleksandr Derebenetc and Kirill Shipulin, were indicted by a grand jury for conspiring to commit computer intrusions, the US Justice Department said on Tuesday. They remain at large. READ MORE...
A thriving link-shortening service is providing cyberattackers and scammers with top-level .us domains, helping them make their phishing campaigns just a bit less detectable. In a report published this week, researchers from Infoblox named the threat actor behind the operation "Prolific Puma." In the past 18 months, Prolific Puma has generated as many as 75,000 unique domain names, often circumventing regulations to provide seedy criminals with URLs that end in a .us. READ MORE...
Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday. On affected devices, users were warned to immediately uninstall the Google app because it could secretly send SMS messages, download and install other apps, or steal their sensitive information. Others saw a different alert, telling them that the Google app was a trojan that could provide remote access to their device. READ MORE...
A rise in the availability of malware "meal kits" for less than $100 is fueling a surge in campaigns using remote access Trojans (RATs), which are often embedded in seemingly legitimate Excel and PowerPoint files attached to emails. That's according to HP Wolf Security, which published its "Q3 2023 Threat Insights Report" today, observing a significant spike in Excel files with DLLs infected with the Parallax RAT. READ MORE...
The global cybersecurity workforce grew 8.7% to reach 5.5 million people in 2023, the highest number on record, according to the 2023 ISC2 Global Workforce Study. However, the industry still confronts a record gap of 4 million industry professionals - a total of 9.5 million qualified workers are necessary to adequately safeguard the world's digital assets, according to the report. READ MORE...