Epik has now confirmed that an "unauthorized intrusion" did in fact occur into its systems. The announcement follows last week's incident of hacktivist collective Anonymous leaking 180 GB of data stolen from online service provider Epik. To mock the company's initial response to the data breach claims, Anonymous had altered Epik's official knowledge base, as reported by Ars. READ MORE...
The Alaska health department has shared more information about the cyberattack detected earlier this year, and the organization says the attack was conducted by state-sponsored hackers. The first signs of a possible cyber breach were detected on May 2 by a "security monitoring firm" that reported its findings to the State Security Office, which in turn notified the Alaska Department of Health and Social Services (DHSS) on May 5. READ MORE...
In collaboration with Europol and Eurojust, European law enforcement dismantled an extensive network of cybercriminals linked to the Italian Mafia that was able to defraud their victims of roughly $11.7 million last year alone. "The Spanish National Police, supported by the Italian National Police, Europol and Eurojust, dismantled an organised crime group linked to the Italian Mafia involved in online fraud, money laundering, drug trafficking and property crime," the Europol said today. READ MORE...
The Republican Governors Association (RGA) revealed in data breach notification letters sent last week that its servers were breached during an extensive Microsoft Exchange hacking campaign that hit organizations worldwide in March 2021. Following an investigation started after March 10, "RGA determined that the threat actors accessed a small portion of RGA's email environment between February 2021 and March 2021, and that personal information may have been accessible to the threat actor(s) as a result." READ MORE...
Using Microsoft's Windows Subsystem for Linux (WSL), attackers have leveraged Linux binaries to load payloads into Windows processes, according to researchers with Black Lotus Labs, the threat intelligence unit of tech company Lumen. As part of the observed attacks, Linux ELF (Executable and Linkable Format) binaries were employed to inject payloads into running processes using Windows API calls. The ELF binaries were written in Python and converted for the Debian platform using PyInstaller. READ MORE...
Millions of consumers may have exposed their personal and payment information after researchers discovered API security vulnerabilities affecting multiple apps. CloudSEK said that of the 13,000 apps uploaded to its BeVigil "security search engine" for mobile applications, around 250 use the Razorpay API to facilitate financial transactions. Unfortunately, it found that approximately 5% of these exposed their payment integration key ID and key secret. READ MORE...
Chipmaker AMD has patched a driver vulnerability that could allow an attacker to obtain sensitive information from the targeted system. The flaw, tracked as ??CVE-2021-26333 and classified by AMD as medium severity, affects the company's Platform Security Processor (PSP) chipset driver, which is used by several graphics cards and processors. AMD has advised users to update the PSP driver to version 5.17.0.0 through Windows Update or update the Chipset Driver to version 3.08.17.735. READ MORE...