The German Federal Financial Supervisory Authority (BaFin) announced today that an ongoing distributed denial-of-service (DDoS) attack has been impacting its website since Friday. BaFin is Germany's financial regulatory authority, part of the Federal Ministry of Finance, responsible for supervising 2,700 banks, 800 financial, and 700 insurance service providers. The regulator is known for its law enforcement role in Germany and internationally. READ MORE...
Freecycle, an online community that encourages sharing unwanted items with eachother than chucking them in the bin or taking them to landfill, has told users to change their passwords after it suffered a data breach. An announcement on the Freecycle website was the first I knew about the security breach, as - at the time of writing - despite being a member of the site I still haven't received any other notification from the community. READ MORE...
An unknown hacker gained administrative control of Sourcegraph, an AI-driven service used by developers at Uber, Reddit, Dropbox, and other companies, and used it to provide free access to resources that normally would have required payment. In the process, the hacker(s) may have accessed personal information belonging to Sourcegraph users, Diego Comas, Sourcegraph's head of security, said in a post on Wednesday. READ MORE...
An attack by the notorious LockBit ransomware gang stole 10 GB of data from a company that provides high-security fencing for military bases. Zaun says that on 5-6 August a "sophisticated cyber attack" saw hackers exploit an obsolete Windows 7 PC to gain access to the company's servers, and exfiltrate data which has since been published on the dark web. According to the firm, classified documents are not believed to have been included in the haul. READ MORE...
Not long ago I wrote about a recent campaign to hold LinkedIn users' accounts to ransom. Shortly after I published the article, a co-worker, Peace, reached out to me told me they'd been a target of the campaign. His story begins with an SMS text from LinkedIn telling him to reset his password. He found this confusing: It arrived in the middle of the night, and he hadn't asked for a password reset. Since he doesn't use the LinkedIn app on his mobile he checked his account on his laptop. READ MORE...
Domain names ending in ".US" - the top-level domain for the United States - are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States. READ MORE...
Threat actors have started uploading malicious packages to PyPI, NPM, and RubyGems repositories in a new campaign aimed at stealing user information, software supply chain security firm Phylum reports. The first malicious packages were uploaded to PyPI and NPM repositories over the weekend, specifically targeting macOS users. The PyPI package that Phylum initially observed was designed to harvest information about the victim's machine and exfiltrate it to an attacker-controlled server. READ MORE...