Hackers leveraging stolen Snowflake account credentials have stolen records of calls and texts made by "nearly all" of AT&T's cellular customers from May to October 2022, the company has confirmed. "The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information. It also does not include some typical information you see in your usage details," AT&T said. READ MORE...
A CISA red team exercise performed in early 2023 has revealed significant gaps in the cybersecurity posture of a federal civilian executive branch organization, according to a report from the US government's cybersecurity agency. The SILENTSHIELD assessment, which was meant to simulate a long-term state-sponsored attack, found that the unidentified organization failed to prevent and identify malicious activity, had insufficient network segmentation, lacked proper log collection, etc. READ MORE...
Dallas County is notifying over 200,000 people that the Play ransomware attack, which occurred in October 2023, exposed their personal data to cybercriminals. Dallas County is the second largest county in Texas, with over 2.6 million residents. In October 2023, the Play ransomware gang added Dallas to its extortion portal on the dark web, threatening to leak data it stole during an attack on its systems, including private documents from various departments. READ MORE...
More than 2.3 million people will soon be receiving a letter in the mail carrying bad news: An April 14 data breach of Advance Auto Parts IT systems compromised current and former job applicants and employees' personal information. After an investigation to determine the nature and scope of the breach, the company found that this information could include names, Social Security numbers, driver's licenses, government-issued identification numbers, and dates of birth. READ MORE...
Chinese government-backed cyber espionage gang APT41 has very likely added a loader dubbed DodgeBox and a backdoor named MoonWalk to its malware toolbox, according to cloud security service provider Zscaler's ThreatLabz research team. APT41 - also known as Barium, Wicked Panda, Wicked Spider and Earth Baku - has ties to the Chinese Ministry of State Security. In addition to digital espionage, the crew also conducts financially motivated crimes [PDF] on occasion. READ MORE...
Despite first appearing earlier this year, RansomHub is already considered one of the most prolific ransomware groups in existence. It operates a ransomware-as-a-service (RaaS) operation, meaning that a central core of the group creates and maintains the ransomware code and infrastructure, and rents it out to other cybercriminals who act as affiliates. RansomHub undoubtedly benefited from the disruption caused to the LockBit gang by law enforcement in February 2024. READ MORE...
Akira ransomware actors are now capable of squirreling away data from victims in just over two hours, marking a significant shift in the average time it takes for a cybercriminal to move from initial access to information exfiltration. That's the word from the BlackBerry Threat Research and Intelligence Team, which today released a breakdown of a June Akira ransomware attack on a Latin American airline. READ MORE...
More than 1.5 million email servers are vulnerable to attacks that can deliver executable attachments to user accounts, security researchers said. The servers run versions of the Exim mail transfer agent that are vulnerable to a critical vulnerability that came to light 10 days ago. The vulnerability makes it trivial for threat actors to bypass protections that normally prevent the sending of attachments that install apps or execute code. READ MORE...
At least two ransomware groups have been exploiting a year-old vulnerability in Veeam Backup & Replication to exfiltrate data, security researchers warn. Patched in March 2023, the exploited security defect is tracked as CVE-2023-27532 (CVSS score of (CVSS score of 7.5). Proof-of-concept (PoC) code targeting it was published shortly after, and the first exploitation of unpatched Veeam Backup & Replication instances was seen in April 2023. READ MORE...