Suncor, one of the largest energy companies in North America, has suffered a cyber attack that left Canadian motorists unable to make gas station purchases with payment cards, and even disabled car washes. In a curt press release on Sunday, Suncor revealed that it had "experienced a cyber security incident," but gave little other information. But the impact was clear to anyone who tried to buy something at a one of the over 1,800 Petro-Canada gas stations (owned by Suncor) across Canada. READ MORE...
The US Patent and Trademark Office (USPTO) informed more than 60,000 trademark application filers that it mistakenly left their physical addresses exposed to the public Internet for three years. A leaky API was the culprit, according to reports, and left data sets exposed, including addresses collected from applicants, which are mandatory when they file for a trademark with the USPTO. READ MORE...
The pro-Russia crowdsourced DDoS (distributed denial of service) project, 'DDoSia,' has seen a massive 2,400% growth in less than a year, with over ten thousand people helping conduct attacks on Western organizations. The project was launched by a pro-Russian hacktivist group known as "NoName057(16)" last summer, quickly reaching 400 active members and 13,000 users on its Telegram channel. READ MORE...
Unidentified hackers claimed to have targeted Dozor, a satellite telecommunications provider that services power lines, oil fields, Russian military units and the Federal Security Service (FSB), among others, according to a message posted to Telegram late Wednesday night. The hackers also claimed to have defaced four seemingly unconnected Russian websites with messaging supportive of the Wagner private military company. READ MORE...
Generative artificial intelligence tools such as ChatGPT could be aiding the proliferation of more convincing email scams aimed at stealing money from businesses, according to cybersecurity firm Fortra. In the first quarter of 2023, threats in corporate inboxes hit new highs with a quarter of all reported emails classified as malicious or untrustworthy, Fortra said in a recent report. READ MORE...
Security analysts have discovered a previously undocumented remote access trojan (RAT) named 'EarlyRAT,' used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group. Andariel (aka Stonefly) is believed to be part of the Lazarus hacking group known for employing the DTrack modular backdoor to collect information from compromised systems, such as browsing history, typed data (keylogging), screenshots, running processes, and more. READ MORE...
An incident earlier this year in which a cybercriminal attempted to extort $1 million from an Arizona-based woman whose daughter he claimed to have kidnapped is an early example of what security experts say is the growing danger from voice cloning enabled by artificial intelligence. The incident is one in a rapidly growing number of instances where cybercriminals have exploited AI-enabled tools to try and scam people. READ MORE...
At the dawn of the atomic age, the nuclear scientists who invented the atomic bomb realized that the weapons of mass destruction they had created desperately needed to be controlled. Physicists such as Niels Bohr and J. Robert Oppenheimer believed that as knowledge of nuclear science spread so, too, would bombs. That realization marked the beginning of the post-war arms control era. READ MORE...
The most dangerous type of software bug is the out-of-bounds write, according to MITRE this week. This type of flaw is responsible for 70 CVE-tagged holes in the US government's list of known vulnerabilities that are under active attack and need to be patched, we note. Out-of-bounds write, sometimes labeled CWE-787, also took the top spot in 2022, showing a distinct lack of improvement. READ MORE...
Proof-of-concept (PoC) code targeting a high-severity authentication bypass vulnerability in the Arcserve Unified Data Protection (UDP) backup software was published one day after patches were released earlier this week. Tracked as CVE-2023-26258, the security defect was identified in the web management interface of Arcserve UDP. Successful exploitation of the bug could allow an attacker to access the administrative interface. READ MORE...