Boeing assessing ransomware group's claim of 'sensitive' data theft
Boeing is responding to a Russia-affiliated group's claimed ransomware attack against the multinational aerospace company, raising concerns about a potential compromise of highly sensitive data. LockBit, a prolific ransomware group, claimed responsibility for an attack in a Friday post on its leak site that was shared by threat analysts on X, the site formerly known as Twitter. The group claimed "a tremendous amount of sensitive data was exfiltrated and ready to be published," in the post. READ MORE...
"This vulnerability is now under mass exploitation." Citrix Bleed bug bites hard
A vulnerability that allows attackers to bypass multifactor authentication and access enterprise networks using hardware sold by Citrix is under mass exploitation by ransomware hackers despite a patch being available for three weeks. Citrix Bleed, the common name for the vulnerability, carries a severity rating of 9.4 out of a possible 10, a relatively high designation for a mere information-disclosure bug. READ MORE...
Five Guys discloses hack of 2 employees' emails
Five Guys disclosed a security breach where hackers gained access to the email accounts of two employees, according to consumer disclosure letters filed Friday with the attorneys general of California and Maine. The breaches, discovered on June 7, were the result of business email compromise, Sam Chamberlain, COO of Five Guys, said in the filing with the Office of the Maine Attorney General. READ MORE...
Toronto Public Library services down following weekend cyberattack
The Toronto Public Library (TPL) is warning that many of its online services are offline after suffering a cyberattack over the weekend, on Saturday, October 28. TPL is Canada's largest public library system, giving people access to 12 million books through 100 branch libraries across Toronto. It has 1,200,000 registered members and operates on a budget that surpasses $200M. READ MORE...
LastPass breach linked to theft of $4.4 million in crypto
Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents. The news comes from ZachXBT and MetaMask developer Taylor Monahan, who have been tracking these crypto thefts. "We regularly have people reach out via DM who have had their crypto assets stolen. We also approach victims we discover on-chain," ZachXBT told BleepingComputer. READ MORE...
Cryptojackers steal AWS credentials from GitHub in 5 minutes
Security researchers have uncovered a multi-year cryptojacking campaign they claim autonomously clones GitHub repositories and steals their exposed AWS credentials. Given the name "EleKtra-Leak" by researchers at Palo Alto Networks's Unit 42, the criminals behind the campaign are credited with regularly stealing AWS credentials within five minutes of them being exposed in GitHub repositories. READ MORE...
Stop what you're doing and patch this critical Confluence flaw, warns Atlassian
Atlassian has told customers they "must take immediate action" to address a newly discovered flaw in its Confluence collaboration tool. An advisory issued on October 31st warns of CVE-2023-22518, described as an "improper authorization vulnerability in Confluence Data Center and Server", the on-prem versions of Atlassian's products. All versions of Confluence are susceptible to the bug, which Atlassian rates at 9.1/10 severity on the ten-point Common Vulnerability Scoring System. READ MORE...
New Index Finds AI Models Are Murky, Not Transparent At All
The new executive order on artificial intelligence (AI) signed by US President Joe Biden outlines how the industry needs to ensure AI is trustworthy and helpful. The order follows high-profile discussions in July and September between AI companies and the White House that resulted in promises about how AI companies will be more transparent about the technology's capabilities and limitations. READ MORE...
- ...in 1803, Congress ratifies the purchase of the entire Louisiana area in North America, adding territory to the U.S. which will eventually become 13 more states.
- ...in 1914, the University of Cincinnati adopts its mascot, the Bearcat, inspired by a nickname given to star UC fullback Leonard Baehr.
- ...in 1941, After 14 years of work, the Mount Rushmore National Memorial is completed.
- ...in 1998, Iraq announces it will no longer cooperate with United Nations weapons inspectors.
