Tea, the woman-only dating advice app where users can anonymously rate and review men, has made quite a name for itself in recent weeks. Firstly it stirred controversy with its unpleasant take on digital vigilantism, providing a platform through which anyone could damage the reputation of a man with unverified claims, and no apparent method for them to have any comeback. And then, as we recently reported, Tea proved itself to be riddled with security problems. READ MORE...
French telecommunications company Bouygues Telecom was recently targeted in a cyberattack that resulted in the personal information of millions of customers getting compromised. Bouygues is one of France's largest telecom companies. According to its website, it has nearly 27 million mobile service customers. The company discovered the cyberattack on August 4 and an investigation showed that the hackers gained access to information associated with some customers' accounts. READ MORE...
?An unknown threat actor has stolen the sensitive personal, financial, and health information of nearly 870,000 Columbia University current and former students and employees after breaching the university's network in May. Established in 1767 as King's College, Columbia University is a private Ivy League research university with a budget of $6.6 billion in 2024, over 20,000 employees, including 4,700 academic staff, and over 35,000 enrolled students across 19 schools and special programs. READ MORE...
A Chinese threat actor has been performing both intelligence-oriented and financially motivated attacks against a wide variety of primarily Chinese-speaking organizations. Compared to most, Silver Fox has a wide span of tactics, techniques, and procedures (TTPs) at its disposal. It might gain initial access to victims by impersonating major organizations in phishing emails with malicious attachments. READ MORE...
July turned into a surprisingly busy month. It started slowly with a fairly 'calm' Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed across all the Microsoft releases, there was only one publicly disclosed CVE, so the risk was low. But a short time later, two CVEs in SharePoint were reported exploited, and the month started to heat up with hotfixes near the end of the month. READ MORE...
A new Endpoint Detection and Response (EDR) killer that is considered to be the evolution of 'EDRKillShifter,' developed by RansomHub, has been observed in attacks by eight different ransomware gangs. Such tools help ransomware operators turn off security products on breached systems so they can deploy payloads, escalate privileges, attempt lateral movement, and ultimately encrypt devices on the network without being detected. READ MORE...
The Russian cybercrime group behind BlackSuit and Royal ransomware was more prolific and successful at extorting payments from its victims than previously known, according to an update Thursday from an investigative unit inside the Department of Homeland Security. "Since 2022, the Royal and BlackSuit ransomware groups have compromised over 450 known victims in the United States," said a report from Homeland Security Investigations. READ MORE...
One of the big worries during the generative AI boom is where exactly data is traveling when users enter queries or commands into the system. According to new research, those worries may also extend to one of the world's most popular consumer technology companies. Apple's artificial intelligence ecosystem, known as Apple Intelligence, routinely transmits sensitive user data to company servers beyond what its privacy policies indicate, according to Israeli cybersecurity firm Lumia Security. READ MORE...