Another day, another exposed S3 bucket. This time, 5 million US credit cards and personal details were leaked online. The Leakd.com security team discovered that 5 terabytes of sensitive screenshots were exposed in a freely accessible Amazon S3 bucket. An S3 bucket is like a virtual file folder in the cloud where you can store various types of data, such as text files, images, videos, and more. READ MORE...
Nebraska-based healthcare insurance firm Regional Care has disclosed a data breach impacting more than 225,000 individuals. The third-party insurance administrator is informing impacted individuals that their personal and medical information may have been compromised as a result of an incident identified in mid-September 2024. Regional Care discovered at the time that there had been some unusual activity on an account in its network. The compromised account was immediately shut down. READ MORE...
A new Ledger phishing campaign is underway that pretends to be a data breach notification asking you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency. Ledger is a hardware cryptocurrency wallet that allows you to store, manage, and sell cryptocurrency. The funds in these wallets are secured using 24-word recovery phrases or 12 and 18-word phrases generated by other wallets. READ MORE...
Unknown hackers are targeting individuals associated with Thailand's government, using a new and unwieldy backdoor dubbed "Yokai," potentially named after a type of ghost found in the video game Phasmophobia, or after spirits in Japanese folklore. Researchers from Netskope recently came across two shortcut (LNK) files disguised as .pdf and .docx files, unsubtly named as if they pertained to official US government business with Thailand. READ MORE...
An ongoing cyber-espionage campaign by Russia's Midnight Blizzard threat group may be much larger in scope than generally assumed, targeting international entities in government, armed forces, and academic institutions, Trend Micro said in recently released research. At its peak in October, Trend Micro researchers observed Midnight Blizzard hitting as many as 200 entities a day with phishing emails to take control of victim systems and steal data or plant malware on them. READ MORE...
The Cybersecurity and Infrastructure Security Agency said it issued 2,131 pre-ransomware notifications this year, as of November, nearly double the amount the agency issued in 2023. The agency's year in review features ample evidence of the ceaseless security challenges confronting critical infrastructure at large. The agency also released almost 1,300 cyber defense alerts and advisories through the Joint Cyber Defense Collaborative during fiscal year 2024. READ MORE...
This is no secret, online criminals are leveraging artificial intelligence (AI) and large language models (LLMs) in their malicious schemes. While AI tends to be abused to trick people (i.e. deepfakes) in order to gain something, sometimes, it is meant to defeat computer security programs. With AI, this process has just become easier and we are seeing more and more cases of fake content produced for deception purposes. READ MORE...
In what we can assure you is a new cybersecurity incident despite sounding incredibly similar to incidents of past notoriety: threat actors tied to a notorious ransomware and extortion group have exploited file-transfer software to carry out attacks. Clop has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software. READ MORE...
Threat actors have started exploiting a critical-severity vulnerability in Apache Struts 2 less than a month after it was publicly disclosed. The issue, tracked as CVE-2024-53677 (CVSS score of 9.5), is described as a file upload logic flaw that could enable an attacker to perform a path traversal attack. "An attacker can manipulate file upload params to enable paths traversal," Apache notes in its advisory. READ MORE...
Over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical severity flaws, with 20,000 using a SonicOS/OSX firmware version that the vendor no longer supports. These results come from an analysis conducted by cybersecurity firm Bishop Fox, which was motivated by a series of important vulnerabilities disclosed this year impacting SonicWall devices. Vulnerabilities affecting SonicWall SSL VPN devices were recently exploited by ransomware groups. READ MORE...