Data for over 2.5 million individuals with student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial was exposed after hackers breached the systems of technology services provider Nelnet Servicing. Technology services from Nelnet Servicing, including a web portal, are used by OSLA and EdFinancial to give online access students taking out a loan access to their loan accounts. READ MORE...
Twilio keeps discovering more victims as it continues to investigate the downstream impacts of a sophisticated phishing attack earlier this month. The company, in a Wednesday update, said it identified 163 customers whose data was compromised. Twilio previously said the attack impacted 125 customers. Twilio said it made multiple internal security improvements following the attack. READ MORE...
Baker & Taylor, which describes itself as the world's largest distributor of books to libraries worldwide, today confirmed it's still working on restoring systems after being hit by ransomware more than a week ago. As Baker & Taylor said on August 23, its servers were down after an outage that impacted the company's phone systems, offices, and service centers. READ MORE...
A Chinese-based cyberespionage group targeted Australian officials with reconnaissance malware to siphon off details about the victims hackers could use to execute more targeted strikes, researchers with cybersecurity firm Proofpoint and the PwC Threat Intelligence team said in joint research published Tuesday. The cyberespionage campaign that focused on government, energy and manufacturing personnel in the Asia-Pacific region deployed phishing emails directing targets to a fake news outlet. READ MORE...
The FBI is warning of an increase in attacks targeting decentralized finance (DeFi) platforms to steal cryptocurrency. According to the agency, miscreants are taking advantage of the increased interest in cryptocurrency and the complex functionality and the open source nature of DeFi platforms to perform nefarious activities. Cybercriminals are exploiting security flaws in the smart contracts governing DeFi platforms to steal virtual currency and cause investors to lose money, the FBI says. READ MORE...
Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches. The cryptomining Trojan, known as Nitrokod, is typically disguised as a clean Windows app and works as the user expects for days or weeks before its hidden Monero-crafting code is executed. READ MORE...
As you no doubt already know, because the story has been all over the news and social media recently, the widely-known and widely-used password manager LastPass last week reported a security breach. The breach itself actually happened two weeks before that, the company said, and involved attackers getting into the system where LastPass keeps the source code of its software. From there, LastPass reported, the attackers "took portions of source code and some proprietary LastPass technical information." READ MORE...