Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack
Energy giants Schneider Electric and Siemens Energy have confirmed being targeted by a ransomware group in the recent campaign exploiting a vulnerability in Progress Software's MOVEit managed file transfer (MFT) software. The Cl0p ransomware group claims to have exploited a MOVEit zero-day vulnerability to access the files of hundreds of organizations that had been using the MFT product. READ MORE...
Casualties keep growing in this month's mass exploitation of MOVEit 0-day
The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. To date, the hacking spree appears to have breached 122 organizations and obtained the data of roughly 15 million people, based on posts the crime group has published or victim disclosures. READ MORE...
Software company accused of illegally profiling millions of mobile phone users
A digital rights and privacy organization has filed a complaint against software company TeleSign for gathering and selling information on millions of mobile phone users. The organization that filed the complaint is nyob. nyob is an Austrian based digital right organization that focusses on commercial privacy issues on a European level. After the General Data Protection Regulation (GDPR) came into force on May 25, 2018, commercial privacy violations can now be enforced on a European level. READ MORE...
Cyberattack exposes data on nearly 9K American and Southwest Airlines pilot applicants
The personal and specialized information of almost 9,000 pilot and cadet applicants for American Airlines and Southwest Airlines was exposed by a cyberattack on a pilot recruitment system used by both airlines in late April. The systems of Pilot Credentials, a Texas-based company that manages pilot recruitment portals for multiple airlines, was breached by an unauthorized actor on or around April 30, according to data breach notifications the airlines filed in Maine. READ MORE...
Sensitive Information Stolen in LetMeSpy Stalkerware Hack
Radeal, the Polish developer of Android stalkerware 'LetMeSpy', is informing users that their personal information and collected data was stolen as a result of a cyberattack. A free application, LetMeSpy, just as its name suggests, collects information from the phones it has been installed on, including call logs, text messages, and device location. The phone monitoring application is marketed as offering parental control and employee monitoring capabilities. READ MORE...
2,700 People Tricked Into Working for Cybercrime Syndicates Rescued in Philippines
Philippine police backed by commandos staged a massive raid on Tuesday and said they rescued more than 2,700 workers from China, the Philippines, Vietnam, Indonesia and more than a dozen other countries who were allegedly swindled into working for fraudulent online gaming sites and other cybercrime groups. The number of human trafficking victims rescued from seven buildings in Las Pinas city in metropolitan Manila and the scale of the nighttime police raid were the largest so far this year. READ MORE...
81% concerned about ChatGPT security and safety risks, Malwarebytes survey shows
Seven months after ChatGPT burst into our lives, it seems the lustre of the chatbot-that's-going-to-change-everything is starting to fade. A new survey by Malwarebytes exposes deep reservations about ChatGPT, with optimism in startlingly short supply. Of the respondents familiar with ChatGPT: 81% were concerned about possible security and safety risks, 63% don't trust the information it produces, and 51% would like to see work on it paused so regulations can catch up. READ MORE...
Mockingjay Slips By EDR Tools With Process Injection Technique
Endpoint detection and response (EDR) systems have become increasingly efficient at detecting typical process injection attempts that invoke a combination of application programming interfaces to insert code into the memory space of a running process. So researchers at Israeli-based Security Joes set out to find another way to due process injection without relying on EDR-monitored APIs. The result is Mockingjay, a novel method for process injection that leverages dynamic link libraries (DLLs). READ MORE...
Fears grow of deepfake ID scams following Progress hack
When Progress Corp, the Massachusetts-based maker of business software, revealed its file transfer system had been compromised this month, the issue quickly gathered global significance. A Russian-speaking gang dubbed Cl0p had used the vulnerability to steal sensitive information from hundreds of companies including British Airways, Shell and PwC. It had been expected that the hackers would then attempt to extort affected organizations, threatening to release their data unless a ransom was paid. READ MORE...
- ...in 1846, Belgian inventor and musician Adolphe Sax patents the saxophone.
- ...in 1914, Archduke Franz Ferdinand of Austria and his wife Sophie are assassinated by Yugoslavian nationalist Gavrilo Princip, sparking the events leading to World War I.
- ...in 1926, film director and comedy legend Mel Brooks ("Blazing Saddles", "Young Frankenstein") is born in Brooklyn, New York.
- ...in 1946, comedian and original 'Saturday Night Live" cast member Gilda Radner is born in Detroit, MI.
