First American Financial said it is working diligently to recover from an unauthorized cyber incident that led it to isolate its systems from the internet, according to a filing Friday with the Securities and Exchange Commission. The firm, the nation's second-largest title insurance provider, has taken steps to restore normal operations, but can't estimate the time or extent of the disruption at this time, according to the filing. READ MORE...
An unprotected database belonging to Real Estate Wealth Network was left accessible from the internet for an unknown period, vpnMentor reports. Founded in 1993 and based in New York, Real Estate Wealth Network is an online real estate education platform that provides subscribers with access to courses, training materials, and a community. Discovered by cybersecurity researcher Jeremiah Fowler, the unprotected database was 1.16 terabytes in size, containing more than 1.5 billion records. READ MORE...
Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. Mint is a mobile virtual network operator (MVNO) offering budget, pre-paid mobile plans. T-Mobile has proposed paying $1.3 billion to purchase the company. The company began notifying customers on December 22nd via emails titled "Important information regarding your account," stating that they suffered a security incident. READ MORE...
A British teenage hacker has been sentenced to an indefinite hospital stay to be treated for his inability to control himself online. Arion Kurtaj, 18, was found responsible by a British court in August of carrying out one of the biggest breaches in the history of the video game industry between August 2020 and September 2022 when he went on an unprecedented hacking spree that targeted the makers of "Grand Theft Auto", among others. READ MORE...
Iranian cyberspies are targeting defense industrial base organizations with a new backdoor called FalseFont, according to Microsoft. In a series of Xeets posted Thursday, Redmond's threat intel team said it spotted a nation-state backed gang it calls Peach Sandstrom attempting to deliver the (presumably Windows) malware to defense-sector employees. Mandiant, which tracks the Iran-backed crew as APT33, says it targets organizations in the US, Saudi Arabia and South Korea for "strategic cyberespionage." READ MORE...
Phishing is the art of sending an email with the aim of getting users to open a malicious file or click on a link to then steal credentials. But most phishers aren't very good, and the success rate is relatively low: In 2021, the average click rate for a phishing campaign was 17.8%. However, now cybercriminals have AI to write their emails, which might well improve their phishing success rates. Here's why. READ MORE...
Notable security breaches have bypassed MFA to compromise taxi broker Uber, games company EA, and authentication business Okta, according to SE Labs. SE Labs advised CISOs to step-up their efforts against attacks on systems protected by MFA in response to increased attacker activity to exploit failure points. As is often the case when compromising systems, attackers have not reinvented the wheel to circumvent MFA, or 2FA (two-factor authentication), as it is also known. READ MORE...
A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices. By detecting the attacks and identifying their origin, users can take targeted protection measures, and culprits can potentially be held accountable for their actions. The ability to launch Bluetooth LE (BLE) spam attacks using the Flipper Zero portable wireless pen-testing and hacking tool was first demonstrated in September 2023 by security researcher 'Techryptic.' READ MORE...