The Chinese hackers responsible for an attack on media giant News Corp last month likely were seeking intelligence to serve China's interests in a cyberespionage incident that shows the persistent vulnerability of corporate networks to email-based attacks, security professionals said. Reports on Monday revealed that a Jan. 20 incident at Rupert Murdoch's media giant involved an attack on journalists' email accounts that gave the intruders access to sensitive data. READ MORE...
An unsecured AWS server, found open to the public Internet, is the root cause of a huge compromise of data of airport employees in Colombia and Peru. This server, according to a report, belongs to Securitas, a Stockholm-based multinational company that provides security services like security guarding, fire and safety, and supply-chain risk management among others. READ MORE...
Data of 6,632 Puma employees was stolen in a December 2021 ransomware attack that hit HR management platform Ultimate Kronos Group (UKG). Identified on December 11, the attack targeted Kronos Private Cloud, a service on which UKG runs application such as Banking Scheduling Solutions, Healthcare Extensions, UKG?TeleStaff, and UKG Workforce Central. Kronos immediately launched an investigation into the attack and last month discovered that Puma was one of the customers impacted by the incident. READ MORE...
A Palestinian-aligned hacking group has targeted Middle Eastern governments, foreign policy think tanks and a state-affiliated airline with a new malware implant as part of "highly targeted intelligence collection campaigns," according to research published Tuesday. The findings, from researchers with cybersecurity firm Proofpoint, unpack the latest activities of an established and well-documented Arabic-speaking hacking group known as MoleRATs. READ MORE...
A Russia-based advanced persistent threat group that has been active for almost a decade has stepped up malicious cyberattack activity in Ukraine recently in another example of how geopolitical tensions routinely spill over into the cyber domain these days. For organizations, the attacks are a reminder of why they need to pay close attention to systems located in the region and take measures to contain damage if they are targeted. READ MORE...
Last month, as North Korea's supreme leader Kim Jong-un oversaw a series of sabre-rattling hypersonic missile tests, cyber attacks disrupted the country's internet infrastructure. The finger of suspicion pointed at nation states in the West, who might have launched the distributed denial-of-service attacks, which reportedly, at their height, took down "all traffic to and from North Korea." READ MORE...
Microsoft announced today that it will make it difficult to enable VBA macros downloaded from the Internet in several Microsoft Office apps starting in early April, effectively killing a popular distribution method for malware. Using VBA macros embedded in malicious Office documents is a very popular method to push a wide range of malware families in phishing attacks, including Emotet, TrickBot, Qbot, and Dridex. READ MORE...
The widespread malware known as Qbot (aka Qakbot or QuakBot) has recently returned to light-speed attacks, and according to analysts, it only takes around 30 minutes to steal sensitive data after the initial infection. According to a new report by DFIR, Qbot was performing these quick data-snatching strikes back in October 2021, and it now appears that the threat actors behind it have returned to similar tactics. READ MORE...