Air Canada, the flag carrier and the largest airline of Canada, disclosed a cyber security incident this week in which hackers "briefly" obtained limited access to its internal systems. According to the airline, the incident resulted in the theft of a limited amount of personal information of some of its employees and "certain records." Customer data was not affected. READ MORE...
T-Mobile US has had another bad week on the infosec front - this time stemming from a system glitch that exposed customer account data, followed by allegations of another breach the carrier denied. According to customers who complained of the issue on Reddit and X, the T-Mobile app was displaying other customers' data instead of their own - including the strangers' purchase history, credit card information, and address. READ MORE...
A leading Egyptian opposition politician was targeted with spyware after announcing a presidential bid, security researchers reported Friday. They said Egyptian authorities were likely behind the attempted hack. Discovery of the attempt last week by researchers at Citizen Lab and Google's Threat Analysis Group prompted Apple to rush out operating system updates for iPhones, iPads, Mac computers and Apple Watches to patch the associated vulnerabilities. READ MORE...
Over the past two years, a string of prominent cybersecurity breaches all have one thing in common: the involvement of a small online community of primarily young people dedicated to carrying out brash incursions. A team of researchers who have studied these online communities described to CyberScoop how an online community calling itself "the Com" has carved out a key role for itself in the broader online criminal ecosystem. READ MORE...
Apple has released security updates for several products to address a handful of zero-day vulnerabilities that may already have been used by criminals. The updates may already have reached you in your regular update routines, but it doesn't hurt to check if your device is at the latest update level. If a Safari update is available for your device, you can get it by updating your iPhone or iPad or updating your Mac. READ MORE...
A novel and sophisticated backdoor malware named 'Deadglyph' was seen used in a cyberespionage attack against a government agency in the Middle East. The Deadglyph malware is attributed to the Stealth Falcon APT (aka Project Raven or FruityArmor), a state-sponsored hacking group from the United Arab Emirates (UAE). The hacking group has been known for targeting activists, journalists, and dissidents for almost a decade. READ MORE...
The Cybersecurity and Infrastructure Security Agency is urging the software industry to embrace the use of memory safe programming languages as part of a wider effort to eliminate security vulnerabilities in code. CISA called for the changes alongside a push to embrace secure-by-design practices during the software development stage and to increase the security of open source software. READ MORE...
The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass. READ MORE...