Attackers are abusing Microsoft Teams to send phishing messages, according to researchers at AT&T Cybersecurity. “While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector,” the researchers write. “Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one or
All Articles (1931)
Sort by
- December 2022: Rifle fire damages two electrical substations in Moore County, North Carolina, cutting power to more than 40,000 customers. Neither the attackers or their motives have been identified.
- February 2023: A man and a woman, one an avowed neo-Nazi, are charged with conspiracy to take down Baltimore’s power grid through attacks on electrical substations, to cause chaos in that Maryland city.
- April 2023: Scandinavian authorities warn that Russia is using “ghost ships” disguised as fishi
Following fears that Ford’s electric vehicle supply chain may represent a national security issue, concerned legislators are doubling down by outlining the path battery components are required to take vehicles to get here. Last week, US Rep. Mike Gallagher (R-WI) and Cathy McMorris Rodgers (R-WA) accused Ford of having plans that required contracting technology and software firms with close ties to both the Chinese and North Korean governments. Rep. Gallagher heads up the House Select Committe
Russian citizens could not access the majority of websites on the country’s .ru domain for several hours on 30 January, including the Yandex search engine, the VKontakte social media platform, the major state-owned bank Sberbank and various news outlets.
The outage was reportedly caused by a technical problem with the .ru domain’s global Domain Name System Security Extensions, or DNSSEC. It appeared to be unintentional, unlike other recent blackouts of Russian internet services, which observers
The Digital Container Shipping Association (DCSA) is reporting that as container shipping is undergoing its digital trade transition, digital identity is a pivotal element. A digital identity functions as an online representation for individuals, organizations or devices, uniquely identifying and authenticating them in the digital realm.
The verification of digital identity, as this crucial online representation, is a vital business process. Its significance extends beyond mitigating risks such
The US FBI and US Department of Justice (DOJ) have used a court order to address vulnerabilities in thousands of internet-connected devices that are at the center of a Chinese hacking campaign. The campaign is targeting sensitive US critical infrastructure, two US officials and a third source familiar with the matter reported to media.
The move is part of a broader, government-wide effort to blunt the impact of a persistent Chinese hacking effort that US officials fear could hinder any US milit
French multinational Schneider Electric is reporting that its Sustainability Business division suffered from a ransomware attack earlier this month. The company confirmed the incident in a statement this week that the attack affected its Resource Advisory product, a data visualization tool for sustainability information, as well as other “division specific systems.”
Schneider Electric said that data was accessed by the hackers.[1] Bleeping Computer, which first reported the incident, said the
In the realm of cyber security, the objective is to shield systems, networks, and software applications from digital assaults. These digital threats typically have the intentions of either evaluating, altering, or compromising confidential data, extracting money from users, or disrupting regular business operations. The task of establishing robust cyber security defenses presents a formidable challenge in the contemporary landscape, chiefly due to the proliferation of devices surpassing the huma
A Chinese cyber espionage group targeting organizations and individuals in China and Japan has remained under the radar for roughly five years, cybersecurity firm ESET https://www.eset.com reports. Researchers have tracked it as Blackwood and active since at least 2018, the Advanced Persistent Threat (APT) actor has been using Adversary-in-the-Middle (AitM) attacks to deploy a sophisticated implant via the update mechanisms of legitimate software such as Sogou Pinyin, Tencent QQ, and WPS Office
Albabat, also known as White Bat, is a financially motivated ransomware variant written in Rust that identifies and encrypts files important to the user and demands a ransom to release them. It first appeared in November 2023 with the variant Version 0.1.0. Version 0.3.0 was released in late December, followed by version 0.3.3 in mid-January 2024.
Link to full report: IR-24-029-001_WhiteBat.pdf
Researchers from Microsoft reported on 25 January 2024 that the Russian state-sponsored threat actors responsible for a cyberattack on its systems in late November 2023 have been targeting other organizations and that it's currently beginning to notify them. The development comes a day after Hewlett Packard Enterprise (HPE) revealed that it had been the victim of an attack perpetrated by a hacking crew tracked as APT29, which is also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzar
“Vote early and often.” In his book Capone, author John Kobler attributes the phrase to the gangster Al Capone. In the United States, Republicans accused their opponents of inviting such corruption with their support of the National Voter Registration Act of 1993, the "Motor Voter Law."
See: https://redskyalliance.org/xindustry/election-day-concerns
Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), stated in an interview on 19 January 2024 that "the Ame
Despite improving preparedness, US small businesses are still highly vulnerable to cyber incidents. A recent report by Hiscox USA indicates that while the small business segment paid less to respond to a cyber incident this past year, it was offset by increased attacks and breaches.
In its annual cyber readiness report, Hiscox revealed the median cost of cyber-attacks decreased for small businesses in the US from $10,000 in 2022 to $8,300 in 2023. At the same time, the median number of attacks
The sandwich chain Subway www.subway.com has launched an investigation after the infamous LockBit ransomware group claimed over last weekend that it hacked into the company’s systems and stole vast amounts of information. “The biggest sandwich chain is pretending that nothing happened,” the LockBit gang said in a message posted on its website. “We exfiltrated their SUBS internal system which includes hundreds of gigabytes of data and all financial expects of the franchise, including empl
The US Securities and Exchange Commission on 22 January 2024 revealed that hackers used SIM swapping to take over its X (formerly Twitter) account. The hack occurred on 09 January 2024, when a post sent from the agency’s @SECGov account on the social platform announced that a long-awaited bitcoin exchange-traded fund (ETF) was approved. The post caused the price of bitcoin to spike more than $1,000. Shortly after the post, the SEC Chairman announced on his personal account that the SEC’s acc
The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims unwilling to agree to their demands. As part of their multi-extortion strategy, this group will provide victims with multiple options when their data is posted on their leak site, such as time extension, data deletion, or downloading all the data. These options have a price tag depending
Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair.
Google says keeping users safe is a top priority, and that the company has a team of thousands working around the clock to cr
The Fidelity National Financial (FNF) cyber-attack leaked the personal data of 1.3 million customers, the company has disclosed in a new filing with the Securities and Exchange Commission. FNF is one of the largest title insurance and transaction services providers in the United States, with a market capitalization of $13.3 billion, an annual revenue of over $10 billion, and a workforce of about 23,000 people.[1]
The November 2023 cyber-attack disrupted the company’s operations for nearly a wee
A recent article raised the question of whether North Korea was the perpetrator of the cyber-attacks against Sony Pictures in December 2014. Despite the difficulties typically associated with such activities, the US Federal Bureau of Investigation (FBI) quickly attributed (25 days) the attacks to North Korea, even though an enigmatic group calling itself “Guardians of Peace” took responsibility. Nevertheless, once the FBI official blamed North Korea, no one in the government appeared to questi
Several US federal agencies published a guide of cybersecurity best practices for the water and sanitation sector following criticism from a US government watchdog about the government’s work with the industry. This past week, the US Environmental Protection Agency (EPA) partnered with the FBI and Cybersecurity and Infrastructure Security Agency (CISA) to release a manual providing the water industry with more information on cyber incident response as well as the roles, resources and responsibi
