VirusTotal apologized on Friday for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file containing their info to the platform last month. The data leak impacted only Premium account customers, with the uploaded file containing their names and corporate email addresses. Emiliano Martines, the online malware scanning service's head of product management, also assured impacted customers that the incident was not the result of a cyber-attack. READ MORE...
Researchers have attributed the recent JumpCloud breach to a branch of North Korea's Lazarus Group. Early indications suggest that the group was financially motivated, primarily targeting cryptocurrency and blockchain companies. JumpCloud is an enterprise directory-as-a-service provider serving over 180,000 customers, according to its website, including Monday[.]com, GoFundMe, and others. READ MORE...
A Rust-based file-encrypting ransomware was found this week to be impersonating the cybersecurity firm Sophos as part of its operation. Dubbed 'SophosEncrypt', the malware is being offered under the ransomware-as-a-service (RaaS) business model, and appears to have already been used in malicious attacks. After several security researchers warned of the new RaaS, Sophos said it was aware of the brand impersonation and that it was investigating the threat. READ MORE...
Kevin Mitnick, probably the world's most-famous computer hacker - and subsequently writer, public speaker, and security consultant - has succumbed to pancreatic cancer. He was 59. Tributes have poured in from around the world following the announcement of his death this week. "We've lost a true pioneer of the digital world, Kevin Mitnick," said Chris Wysopal, a former member of the L0pht team and today an infosec CTO. READ MORE...
New AI tools offer easier and faster ways for people to get their jobs done - including cybercriminals. AI makes launching automated attacks more efficient and accessible. You've likely heard of several ways threat actors are using ChatGPT and other AI tools for nefarious purposes. For example, it's been proved that generative AI can write successful phishing emails, identify targets for ransomware, and conduct social engineering. READ MORE...
Three vulnerabilities in Apache OpenMeetings potentially expose organizations to remote code execution attacks, cybersecurity firm Sonar warns. A web conferencing application, OpenMeetings is used for online meetings, collaboration, and presentations, either as standalone software or as a plugin for Confluence, Jira, and other applications. On Thursday, Sonar published information on three OpenMeetings bugs that could allow malicious attackers to take over an administrator account. READ MORE...