Energy giants Schneider Electric and Siemens Energy have confirmed being targeted by a ransomware group in the recent campaign exploiting a vulnerability in Progress Software's MOVEit managed file transfer (MFT) software. The Cl0p ransomware group claims to have exploited a MOVEit zero-day vulnerability to access the files of hundreds of organizations that had been using the MFT product. READ MORE...
The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. To date, the hacking spree appears to have breached 122 organizations and obtained the data of roughly 15 million people, based on posts the crime group has published or victim disclosures. READ MORE...
A digital rights and privacy organization has filed a complaint against software company TeleSign for gathering and selling information on millions of mobile phone users. The organization that filed the complaint is nyob. nyob is an Austrian based digital right organization that focusses on commercial privacy issues on a European level. After the General Data Protection Regulation (GDPR) came into force on May 25, 2018, commercial privacy violations can now be enforced on a European level. READ MORE...
The personal and specialized information of almost 9,000 pilot and cadet applicants for American Airlines and Southwest Airlines was exposed by a cyberattack on a pilot recruitment system used by both airlines in late April. The systems of Pilot Credentials, a Texas-based company that manages pilot recruitment portals for multiple airlines, was breached by an unauthorized actor on or around April 30, according to data breach notifications the airlines filed in Maine. READ MORE...
Radeal, the Polish developer of Android stalkerware 'LetMeSpy', is informing users that their personal information and collected data was stolen as a result of a cyberattack. A free application, LetMeSpy, just as its name suggests, collects information from the phones it has been installed on, including call logs, text messages, and device location. The phone monitoring application is marketed as offering parental control and employee monitoring capabilities. READ MORE...
Philippine police backed by commandos staged a massive raid on Tuesday and said they rescued more than 2,700 workers from China, the Philippines, Vietnam, Indonesia and more than a dozen other countries who were allegedly swindled into working for fraudulent online gaming sites and other cybercrime groups. The number of human trafficking victims rescued from seven buildings in Las Pinas city in metropolitan Manila and the scale of the nighttime police raid were the largest so far this year. READ MORE...
Seven months after ChatGPT burst into our lives, it seems the lustre of the chatbot-that's-going-to-change-everything is starting to fade. A new survey by Malwarebytes exposes deep reservations about ChatGPT, with optimism in startlingly short supply. Of the respondents familiar with ChatGPT: 81% were concerned about possible security and safety risks, 63% don't trust the information it produces, and 51% would like to see work on it paused so regulations can catch up. READ MORE...
Endpoint detection and response (EDR) systems have become increasingly efficient at detecting typical process injection attempts that invoke a combination of application programming interfaces to insert code into the memory space of a running process. So researchers at Israeli-based Security Joes set out to find another way to due process injection without relying on EDR-monitored APIs. The result is Mockingjay, a novel method for process injection that leverages dynamic link libraries (DLLs). READ MORE...
When Progress Corp, the Massachusetts-based maker of business software, revealed its file transfer system had been compromised this month, the issue quickly gathered global significance. A Russian-speaking gang dubbed Cl0p had used the vulnerability to steal sensitive information from hundreds of companies including British Airways, Shell and PwC. It had been expected that the hackers would then attempt to extort affected organizations, threatening to release their data unless a ransom was paid. READ MORE...