Hundreds of thousands of employees from major corporations including Xerox, Nokia, Koch, Bank of America, Morgan Stanley and others appear to be the latest victims in a massive data breach linked to last year's attacks on file transfer tool MOVEit. On Monday morning, an entity that uses the handle "Nam3L3ss" began leaking what they claimed to be personal data belonging to from the abovementioned corporations, plus workers at other firms affected by the MOVEit vulnerability. READ MORE...
Blue Yonder is making progress toward a full recovery following a pre-Thanksgiving ransomware attack, the company said Sunday. A number of impacted customers are back up and running. The Arizona-based supply chain technology company was the target of a Nov. 21 ransomware attack, which impacted its managed services hosted environment. Major companies, including Starbucks and U.K. supermarket chain Morrisons, dealt with operational disruptions in connection with the attack. READ MORE...
Phishers have come up with a new trick for bypassing email security systems: corrupted MS Office documents. Malware hunting service Any.Run has warned last week about email campaigns luring users with promises of payments, benefits and end-of-the-year bonuses. Recipients are instructed to dowload the attached document - an archive file (ZIP) or an MS Office file (e.g., DOCX) - and open it, but the file is corrupted. READ MORE...
Google on Monday released its December 2024 Android Security Bulletin, detailing a range of security vulnerabilities affecting various components across Android devices, with some potentially allowing remote code execution and local escalation of privileges. The bulletin's most critical concern centers on vulnerabilities within the system components, which allow developers to build applications with specific functionalities within the Android ecosystem. READ MORE...
Energy sector contractor ENGlobal Corporation on Monday announced that some of its operations have been affected by a ransomware attack. In a regulatory filing with the US Securities and Exchange Commission, the company revealed that it discovered the attack on November 25 and took certain systems offline to contain the incident. As a result of the containment measures and the ongoing investigation, only access to essential business operations has remained available, the company told the SEC. READ MORE...
One of Europe's busiest hospitals is investigating if it has been hacked by a notorious ransomware gang. Alder Hey Children's Hospital in Liverpool says it is aware that the INC Ransom group has published screenshots on the dark web of what is claimed to be patients' personal information, details of donations from benefactors, and other data. If INC Ransom is to be believed, the haul of stolen data is significant - stretching as far back as 2018 right up until 2024. READ MORE...
Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) - such as .shop, .top, .xyz - that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs. READ MORE...
Cisco on Monday updated an advisory covering a decade-old vulnerability to warn customers about in-the-wild exploitation. The vulnerability is tracked as CVE-2014-2120 and it has been described as a medium-severity cross-site scripting (XSS) vulnerability affecting the WebVPN login page of Cisco Adaptive Security Appliance (ASA) products. An unauthenticated, remote attacker can exploit the vulnerability to conduct XSS attacks against WebVPN users by getting them to click on a malicious link. READ MORE...
OpenAI's ChatGPT is more than just an AI language model with a fancy interface. It's a system consisting of a stack of AI models and content filters that make sure its outputs don't embarrass OpenAI or get the company into legal trouble when its bot occasionally makes up potentially harmful facts about people. Recently, that reality made the news when people discovered that the name "David Mayer" breaks ChatGPT. READ MORE...