Japanese game developer Capcom has revealed that it suffered a security breach earlier this week which saw malicious hackers access its internal systems. The maker of such well-known video games as "Resident Evil" and "Street Fighter" disclosed in a short press release that in the early hours of Monday some of its networks "experienced issues" that affected access to email and file servers. In response, the company has shut down some of its systems. READ MORE...
A threat actor specializing in business email compromise (BEC) attacks has been observed exploiting a vulnerability to spoof the domains of Rackspace customers as part of its operations. UK-based cybersecurity company 7 Elements identified the vulnerability while conducting incident response activities for a customer. An analysis of the attack revealed that the hackers had sent out phishing emails by leveraging a flaw related to how Rackspace SMTP servers hosted at emailsrvr.com authorize users. READ MORE...
Security vendor Sophos has suggested Chinese purveyors of advanced persistent threats (APTs) are behind a recent wave of attacks on non-governmental organisations and other commercial entities in Myanmar. The attack, which Sophos has given the charming moniker "KilllSomeOne", is a DLL side-loading attack that tricks Windows executables into loading a malicious DLL instead of a real one. The dirty DLLs attempt information exfiltration. READ MORE...
Ransomware gangs are increasingly failing to keep their promise to delete stolen data after a victim pays a ransom. In 2019, the Maze ransomware group introduced a new tactic known as double-extortion, which is when attackers steal unencrypted files and then threaten to release them publicly if a ransom is not paid. Now, not only are victims being extorted through the encryption of their files but also by the risk of their data being published and causing a data breach. READ MORE...
The story of digital authentication started in an MIT lab in 1961, when a group of computer scientists got together and devised the concept of passwords. Little did they know the anguish it would cause over the next 50 years. Today, most people possess more than 90 username-and-password combinations and would rather click "Reset password" than try to remember them all. Unfortunately, passwords are not only inconvenient, but dangerous as well - it's a problem the world has been grappling with for the last 20 years, at least. READ MORE...
Details on a vulnerability impacting GitHub Actions were made public this week by Google, following a 104-day disclosure deadline. The bug was identified by security researcher Felix Wilhelm of Google Project Zero, who reported it to GitHub on July 21. As per Google's policy, information on the flaw was meant to be released after 90 days, but GitHub requested a 14-day grace period. Tracked as CVE-2020-15228, the vulnerability is related to the use of the set-env and add-path workflow commands. READ MORE...