The City of Columbus, Ohio, has confirmed half a million people's data was accessed and potentially stolen when Rhysida's ransomware raided its systems over the summer. In fact, the city noted in a filing that the number of people potentially affected was 500,000 exactly, an oddly round number for data break-in disclosures of this kind. It's the first time Columbus has confirmed the scale of the ransomware attack and associated data exposure. READ MORE...
Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the company's JIRA server. "Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment," Schneider Electric told BleepingComputer. READ MORE...
Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company's stolen source code. "Nokia is aware of reports that an unauthorized actor has alleged to have gained access to certain third-party contractor data and possibly data of Nokia," the company told BleepingComputer. "Nokia takes this allegation seriously and we are investigating. To date, our investigation has found no evidence that any of our systems or data being impacted." READ MORE...
Canadian authorities have reportedly arrested an individual suspected of orchestrating a large-scale campaign leading to the compromise of Snowflake accounts belonging to 165 organizations. The campaign came to light in late May, after Snowflake warned that a limited number of customers that did not have their accounts protected with multi-factor authentication were targeted by threat actors. READ MORE...
Android's monthly security bulletin published Monday warns of two vulnerabilities with "limited, targeted exploitation" in the wild. One vulnerability impacts Qualcomm chipsets via a use-after-free vulnerability in its FastRPC driver. Designated as CVE-2024-43047, the bug was reported to be under active exploitation in early October and is rated "high" severity with a CVSS score of 7.8. READ MORE...
Synology has released fixes for an unauthenticated "zero-click" remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. CVE-2024-10443 was discovered by Rick de Jager, a security researcher at Midnight Blue, and has been exploited at the Pwn2Own Ireland 2024 hacking competition ten days ago. READ MORE...
An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries there, researchers said. The malicious packages have names that are similar to legitimate ones for the Puppeteer and Bignum.js code libraries and for various libraries for working with cryptocurrency. The campaign was reported by researchers from the security firm Phylum. READ MORE...
After weeks of early voting, voters on Tuesday will head to the polls across the country to determine the next President of the United States. But federal agencies, state and local election officials, and experts say that while American voters will ultimately choose the next chief executive, they are preparing for a chaotic, disruptive and messy post-election period. One where foreign nations, domestic political groups and other bad actors will attempt to take advantage of a divided electorate. READ MORE...
Threat actors are abusing DocuSign to deliver emails to unsuspecting users and bypass email protection mechanisms, Wallarm warns. Unlike traditional phishing, which involves spoofed email messages mimicking known brands aimed at harvesting credentials or installing malware, this campaign relies on the trusted e-signing service to deliver malicious content. Specifically, threat actors have been creating DocuSign accounts enabling them to change templates and access the service's APIs directly. READ MORE...