The Port of Seattle, which operates the Seattle-Tacoma International Airport (SEA Airport), has confirmed that ransomware was used in an August cyberattack that caused days-long outages. The incident was disclosed on August 24, when the Port announced on X (formerly Twitter) that various services were down after critical systems were isolated in response to a cyberattack. READ MORE...
Genetic testing company 23andMe will pay $30 million to settle a class action lawsuit over a 2023 data breach which ended in some customers having information like names, birth years, and ancestry information exposed. In October 2023, we reported on how information belonging to as many as seven million 23andMe customers turned up for sale on criminal forums following a credential stuffing attack against 23andMe. READ MORE...
D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials. The impacted models are popular in the consumer networking market, especially among users looking for high-end WiFi 6 routers (DIR-X) and mesh networking systems (COVR). The bulletin lists five vulnerabilities, three of which are rated critical. READ MORE...
This past weekend, the National Football League kicked off its 2024 season, and while the sport itself has remained the same, mainly - hello, new kicking rules - the technological operations around games and players is constantly evolving, and face increasing cyber threats. While all companies have a mix of digital and physical assets, sports teams have a unique cocktail of critical assets, especially as data has become increasingly the lifeblood of sports franchises in the NFL. READ MORE...
Hackers are making available the information of US voters in an attempt to undermine confidence in the security of election infrastructure, but the claims made by these hackers are false, according to the FBI and CISA. In a joint public service announcement published last week, the agencies pointed out that most US voter information can be purchased or legitimately acquired, but threat actors continue to make statements suggesting evidence of election infrastructure compromise. READ MORE...
A recently fixed "Windows MSHTML spoofing vulnerability" tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group. When first disclosed as part of the September 2024 Patch Tuesday, Microsoft had not marked the vulnerability as previously exploited. However, on Friday, Microsoft updated the CVE-2024-43461 advisory to indicate it had been exploited in attacks before it was fixed. READ MORE...