X-Industry

The Green Bay Packers American football team notified fans that a threat actor hacked its official online retail store in October 2024 and injected a card skimmer script to steal customers' personal and payment information. The National Football League team says it immediately disabled all checkout and payment capabilities after discovering on 23 October 2024 that the packersproshop.com website was breached.

"On October 23, 2024, we were alerted to malicious code inserted on the Pro Shop website

Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool to steal sensitive data from developer systems. "By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics, and configuration details," the Socket research team said in an analysis.
Hardhat is a development environment for

Google has informed companies that use its advertising products that it will soon allow them to use fingerprinting techniques. This will allow them to track users across multiple devices including Smart TVs and game consoles.

The announcement has huge raised privacy concerns, and the move has been called “irresponsible” by Stephen Almond, the executive director of regulatory risk at the UK Information Commissioner’s Office (ICO). It is also a reversal of Google’s previous position on fingerprint

Taiwanese government networks experienced a daily average of 2.4 million cyber-attacks in 2024, most attributed to Chinese state-backed hackers. This represents double the daily average from 2023, which saw 1.2 million daily attacks targeting government networks, Taiwan’s National Security Bureau said in a new report. “Although many of those attacks have been effectively detected and blocked, the growing numbers of attacks pinpoint the increasingly severe nature of China’s hacking activities,” t

The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. "Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau (PIB) said in a statement released 05 January 2025. "Citizens are empowered with rights to demand data erasure, appoint digital nominees, and access user-friendly mechanisms to manage their data."

The rules,

From the boardroom to the cyber combat zone, the past 12 months will go down as a year that society came under attack from an unprecedented wave of digital threats.  The new battlefield.  Sophisticated ransomware, deepfake phishing scams and state-sponsored cyber-attacks highlighted just how pervasive the danger has become. At the same time, businesses and governments accelerated efforts to develop new defenses– actions which, while vital, sparked debates around privacy and the ethics of cyberse

The Philippines Department of Information and Communications Technology (DICT) earlier this week flagged the growing cyber-attacks against Philippine government websites, including those of the Executive branch and some lawmakers, ahead of the midterm elections.  “We are constantly under attack from different sectors, from hackers, from scammers,” DICT Secretary Ivan John E.  Uy told a news briefing at the presidential palace. “These are persistent threat actors.  We have detected a significant

An Android malware called FireScam tricks people into thinking they are downloading a Telegram Premium application that clandestinely monitors victims' notifications, text messages, and app activity while stealing sensitive information via Firebase services.

Cyfirma researchers spotted the new infostealer with spyware capabilities. They said the malware is distributed through a GitHub.io-hosted phishing website miming RuStore, a popular Russian Federation app store.

The phishing site delivers a

Ransomware gang, Brain Cipher, has begun leaking sensitive data stolen from Rhode Island’s RIBridges social services platform earlier in December 2024.  The integrated system, which managed healthcare, social services, and food assistance programs, served some 650,000 citizens including minors, before being taken offline. Exposed information was confirmed by Governor McKee to contain names, addresses, birthdates, social security numbers, and banking details.  Screenshots also suggest that the st

A superseding criminal complaint filed in the US District of New Jersey was unsealed on 30 December 2024, charging a dual Russian and Israeli national for being a developer of the LockBit ransomware group. In August 2024, Rostislav Panev, 51, a dual Russian and Israeli national, was arrested in Israel under a US provisional arrest request to extradition to the United States. Panev is currently in custody in Israel pending extradition on the charges in the superseding complaint. [1]

See: https://

While you always want to be careful where you click online, a new variation on the classic clickjacking attack should give you pause when a site asks you to double-click on something.  As reported by Cybernews, Amazon security engineer Paulos Yibelo has shed light on a new version of this attack that can be used to disable security settings, delete an account or even take over your existing accounts.  As the name suggests, clickjacking is an attack method where hackers, scammers or other cybercr

If incidents this year are any indication, deepfakes and “harvest now, decrypt later” attacks increased by the growing adoption of quantum computing projects are among the many concerns organizations in the Asia-Pacific (APAC) region must address in 2025. Over the past year, cybercriminals operating in the APAC region have increasingly leveraged AI to launch sophisticated campaigns such as AI-generated phishing emails, adaptive malware, and deepfakes. The attacks have undermined trust in critica

Cloud environments are constantly under attack, with sophisticated threat actors employing various techniques to gain unauthorized access.  One such actor, called EC2 Grouper, has become a notable adversary for security teams.

According to the latest research from Fortinet’s FortiGuard Labs Threat Research team, this group is characterized by its consistent use of AWS tools and a unique security group naming convention in its attacks.  Researchers tracked this actor in several dozen customer env

Krispy Kreme has acknowledged that the December 2024 disruption to its online ordering system resulted from a cyber attack.  Krispy Kreme operates four bakeries known as “Doughnut Factories,” 1,521 retail shops, and over 15,000 delivery locations in the United States.  It also partnered with McDonald’s to avail its crispy doughnuts to the restaurant chain’s customers across the country.  “We’re experiencing certain operational disruptions due to a cybersecurity incident, including with online or

The Iran-linked APT group Charming Kitten has been observed using a C++ variant of the BellaCiao malware, named BellaCPP.  BellaCiao, a .NET-based malware, combines webshell persistence with covert tunneling. The malicious code was first spotted in April 2023 by Bitdefender, its PDB paths reveal valuable insights, including a versioning scheme.  Recently investigators discovered a BellaCiao malware sample on a computer in Asia, along with a related C++ reimplementation of an older BellaCiao vers

Emerging technologies have made CISOs strategic in their company’s growth. CISOs are now expected to be key decision-makers, influencing corporate strategy and guiding their organizations through the complexities of the current age. They are slowly transitioning from technical experts in security architecture, security operations, infrastructure security, and network security to visionaries in strategic cybersecurity and business growth. As they make this transition, it is increasingly vital for

Cyberattacks utilizing generative artificial intelligence (GenAI) technology as a tool are expected to grow next year, a government report reported recently.  In 2025, hacking groups are expected to increasingly use various generative AI models, such as ChatGPT, to create spear phishing emails customized to their attack subjects and fake news materials to be used for political propaganda, according to the annual cybersecurity report issued by the Ministry of Science and ICT.  “It will be difficu

CISA warns US federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. Tracked as CVE-2024-35250, this security flaw is due to an untrusted pointer dereference weakness that allows local attackers to gain SYSTEM privileges in low-complexity attacks that don't require user interaction. While Microsoft did not share more details in a security advisory published in June 2024, the DEVCORE Research Team [1] that found the flaw and report

You know, I really hate saying, “I told you so….but….”  Back in 2013, I witnessed the capabilities of the Pegasus spyware.  I was introduced to the NSO group through an Israeli colleague of mine, where our friendship went back to just after the 9-11 attacks.  Right in front of me, NSO actually took control of a cell phone (though a demo, I hoped).  They then touted the magnitude of what this type of surveillance could provide to law enforcement and governments.  I immediately said, “if that was

Healthcare facilities keep getting attacked.  Earlier this year, hospitals with the Ascension network in Kansas were hit with a ransomware attack that has left a lasting impact.  Now, the company is reaching out to patients who may have had their personal data compromised by the situation.  Ascension shared a new update on Dec. 19 regarding the cyber-attack and will now contact people whose data was impacted. Ascension said the type of data is varied but can include medical, payment, insurance,