Microsoft issued guidance on securing Azure accounts that may be impacted by a recently addressed Cosmos DB critical vulnerability, giving attackers full admin rights to users' data without authorization. The flaw, dubbed ChaosDB, impacts Microsoft Azure Cosmos DB, a globally distributed NoSQL database service used by a wide assortment of high-profile customers, including Exxon-Mobil, Mercedes Benz, Symantec, Coca-Cola, and Citrix. READ MORE...
The Boston Public Library (BPL) has disclosed today that its network was hit by a cyberattack on Wednesday, leading to a system-wide technical outage. BPL serves almost 4 million visitors per year through its central library and twenty-five neighborhood branches, as well as millions more online. It is the third-largest public library in the United States behind the federal Library of Congress and the New York Public Library, based on the total number of items it holds. READ MORE...
T-Mobile's CEO and an individual who claims to be behind the recent hacking of the mobile carrier's systems have shared some information about how the attack was carried out. In a statement issued on Friday, Mike Sievert, CEO of T-Mobile, said that while the company's investigation into the incident was "substantially complete," he could not share too many technical details due to the criminal investigation conducted by law enforcement. He did, however, share a high-level summary of the attack. READ MORE...
The Federal Bureau of Investigation this week published an alert to provide technical details and indicators of compromise (IOCs) for attacks employing the Hive ransomware. First observed in June 2021, the Hive ransomware operation is affiliate-based, with numerous tactics, techniques, and procedures (TTPs) employed, which makes mitigation challenging, the FBI says. READ MORE...