The DNA testing company 23andMe was served with a class action lawsuit in California after cyber thieves gained access to personal data for at least a million clients. The lawsuit claims the popular DNA company “intentionally, willfully, recklessly, or negligently” failed to implement adequate safety measures to protect its customers whose birth year, location and ancestry trees were exposed during the attack. “On no later than 6 October 2023, unauthorized third-party cybercriminals gained acce
All Articles (2242)
Sort by
An Israeli-linked hacker group claims to have carried out a major cyber-attack on Iranian petrol stations, knocking 70% of them offline on 18 December. Predatory Sparrow, or “Gonjeshke Darande” in Persian, said it launched the “controlled” attack in response to “aggression” by the Islamic Republic and its proxies in the region. “This cyber attack was carried out in a controlled manner to avoid potential damage to emergency services,” the group said.
Addressing Iran’s Ayatollah Ali Khamenei, th
Cisco's Talos security researchers report that the North Korea-linked hacking group Lazarus has been observed deploying Dlang malware in attacks against organizations in the manufacturing, agriculture, and physical security sectors. Released in 2001, Dlang, or simply D, is a multi-paradigm system programming language built upon the idea of C++ but drawing inspiration from C#, Eiffel, Java, Python, Ruby, and other high-level languages. Dlang is considered an uncommon programming language for m
At its most basic, the term “auto fill” refers to a feature or set of features that enables users to insert previously entered information into web pages. Depending on the specific application being used, this can be any sort of information like names and address, moving all the way up to information that needs more protection such as credit card numbers and username/password combinations.
On Android devices, it is often the case that an application will display a login form by using what’s cal
Microsoft’s spokesman announced on 13 December 2023 the disruption of Storm-1152, a Cybercrime-as-a-Service (CaaS) ecosystem that created 750 million fraudulent Microsoft accounts supporting phishing, identity theft, and other schemes. The CaaS is believed to have made millions of dollars in illicit revenue by creating fraudulent accounts for other cybercrime groups to use in phishing, spam, ransomware, Distributed Denial-of-service (DDoS), and other types of attacks.
See: https://redskyallian
Tis the season for shopping. While shopping predictions and forecasts for the holiday season vary among experts, the consensus is that organized retail crime (ORC) continues to increase. According to the National Retail Federation’s 2022 Retail Security Survey, 35.9% of retailers reported that ORC offenders were much more violent than in 2021. It can be alarming for staff and customers to witness acts of aggression in stores, including yelling at store staff, shoving staff or customers, making
In the US, the Federal Bureau of Investigation (FBI) has issued guidance regarding the data breach reporting requirements of the US Securities and Exchange Commission (SEC), providing useful information on how disclosures can be delayed. The SEC announced in late July that it had adopted new cybersecurity incident disclosure rules for public companies, requiring them to disclose, through a Form 8-K filing, any material breach within four business days. The rules are set to go into effect on 18
The statistics are sobering: 61% of CISOs (and 53% of CEOs) think that their organization is unprepared to cope with a targeted cyberattack in the next 12 months. With mobile devices now making up a large part—even the majority—of the device estate, mobile security is more important than ever. Those managing security must protect a growing number and diversity of endpoints. Increasingly, those endpoints are mobile or using mobile connectivity. Bring-your-own-device (BYOD) policies, hybrid wo
Ransomware isn’t new, yet organizations still struggle to guard against this threat. According to the Fortinet 2023 Global Ransomware Report, in 12 months, two-thirds of organizations were targeted by ransomware, with half of those falling victim to an attack. As attackers advance their tactics, security and IT leaders must prepare for the inevitability of a ransomware attack. It is no longer a matter of “if” a business will be breached but “when.” Along with business leaders, those in the C
The North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. Investigators are tracking the activity under the name Operation Blacksmith, noting the use of three DLang-based malware families, including a RAT called NineRAT that leverages Telegram for command-and-control (C2), DLRAT, and a downl
This past October, Apache issued a critical advisory addressing CVE-2023-46604, a vulnerability involving the deserialization of untrusted data in Apache. On 2 November, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-46604 to its known exploited list, KEV Catalog, indicating this vulnerability's high risk and impact. Fortiguard Labs also released an outbreak alert and a threat signal report about the active exploitation of CVE-2023-46604, providing more details and
Hacktivist group Killnet rose to prominence in 2022. After the launch of SVO, it openly sided with Russia. It carried out high-profile DDoS attacks against significant targets such as the US Federal Tax Service, the European Union’s banking systems SWIFT, and the American arms company Lockheed IBAN. Martin et al. At the same time, little was known for a long time about the identity of its leader, hacker Killmilk. In the public sphere, he formed the image of a great patriot of the Russian Feder
The reliability and security of the power grid have become increasingly important topics in recent years. With the dependence on electricity growing and new threats emerging, it is crucial to ensure that our lights stay on, especially for critical infrastructure like the military. This article explores the risks the power grid faces and the potential consequences if it were compromised.
Research and Reporting: According to industry experts, the power grid is vulnerable to both physical and cy
The year 2023 has been marked by significant cyber turbulence in the space sector. The aftermath of the 2023 KA-SAT attack has fundamentally altered the world’s collective perception of cyber risk and the corresponding implications for space. In addition, 2023 has heralded a surge in the scope and scale of cyber targeting, a bevy of emerging trends and the introduction of new threat actors operating within the space industry. Without question, from 2022 to 2023, the frequency of cyber campaign
Just three months after the National Credit Union Administration (NCUA) put into place a final rule requiring federally chartered and federally insured credit unions to notify NCUA of a "reportable cyber incident," about 60 credit unions in the United States experienced outages because of a ransomware attack on an IT provider the institutions use, according to a US federal agency. The final NCUA rule went into effect on 01 September 2023, requiring that affected credit unions should notify the
Terrorism, both foreign and domestic, remains a top threat to the Homeland, but other threats are increasingly crowding the threat space. During the next year, we assess that the threat of violence from individuals radicalized in the United States will remain high, but largely unchanged, marked by lone offenders or small group attacks that occur with little warning. Foreign terrorist groups like al-Qa’ida and ISIS are seeking to rebuild overseas, and they maintain worldwide networks of support
Staying Connected - Cruise company Carnival Corporation has agreed a partnership with Neuron, formerly ESpace Networks, to implement Neuron’s vendor-neutral connectivity management platform to optimize internet access on its ships. The move is part of Carnival Corporation’s wider connectivity optimization strategy, which is focused on providing the best available connection at sea. The Neuron 360 platform provides an end-to-end view of connectivity operations and real-time data to proactively
Cybersecurity threats to the global supply chain have been well-documented in recent years, and sea-faring trade is no exception. Shipping ports are being targeted by modern day digital pirates seeking to disrupt supply chains with targeted, sophisticated cyberattacks.
Long gone are the days when a commercial ship crew considered a rudimentary GPS system to be the sole state-of-the-art technology onboard. Today, the maritime industry depends on smart AI systems and IoT devices that go beyond s
Researchers have tracked more activity by an influence campaign linked to Russia that spreads disinformation and propaganda in the US, Germany and Ukraine through a vast network of social media accounts and fake websites.
The campaign, attributed to the Russia-linked influence operation network called Doppelgänger, has been active since at least May 2022. The US tech company Meta previously referred to Doppelgänger as the “largest” and “most aggressively persistent” malign network sponsored by
A gang of hackers who targeted the private King Edward VII’s Hospital are threatening to reveal the health data from the Royal Family unless they are paid £300,000 in Bitcoin. The hospital notably treated Kate, the Princess of Wales and the hackers have claimed they have ‘X-rays, letters from consultants, registration forms, handwritten clinical notes, and pathology forms.’[1]
The gang is referred to as ‘Rhysida,’ which is a venomous tropical centipede, and previously targeted the British Libra
