Daily Cyber Brief
Russian hacktivists use new Somnia ransomware, World Cup apps pose security and privacy issues, GitHub introduces vulnerability reporting, and the U.S. government has seized 18 malicious domains...
Cybersecurity
Russian hacktivists have infected multiple organizations in Ukraine with a new ransomware strain called 'Somnia,' encrypting their systems and causing operational problems. The Computer Emergency Response Team of Ukraine (CERT-UA) has confirmed the outbreak…
With mandated spyware downloads to tens of thousands of surveillance cameras equipped with facial-recognition technology, the World Cup in Qatar next month is looking more like a data security and privacy nightmare than a celebration of the beautiful game. Football fans…
Microsoft-owned code hosting platform GitHub has announced the introduction of a direct channel for security researchers to report vulnerabilities in public repositories that allow it. The new private vulnerability reporting capability enables repository maintainers to allow…
When the malware group Lapsus$ needed to gain access to systems compromised in recent breaches, it not only searched for passwords but also for the session tokens — that is, cookies — used to authenticate a device or browser as legitimate. Their tactics for initial access…
The FBI and U.S. Postal Inspection Service have seized eighteen web domains used to recruit money mules for work-from-home and reshipping scams. The seized websites claimed to offer jobs for a legitimate company as "quality control inspectors," being requested to ship items…
An active extortion scam is targeting website owners and admins worldwide, claiming to have hacked their servers and demanding $2,500 not to leak data. The attackers (self-dubbed Team Montesano) are sending emails with “Your website, databases and emails has been hacked”…
Grocery stores and pharmacies belonging to Canadian food retail giant Sobeys have been experiencing IT systems issues since last weekend. Sobeys is one of two national grocery retailers in Canada, with 134,000 employees servicing a network of 1,500 stores in all ten…
Cybersecurity researcher David Schütz accidentally found a way to bypass the lock screen on his fully patched Google Pixel 6 and Pixel 5 smartphones, enabling anyone with physical access to the device to unlock it. Exploiting the vulnerability to bypass the lock screen on…
A vulnerability in a series of popular digital door-entry systems offered by Aiphone can enable hackers to breach the entry systems — simply by utilizing a mobile device and a near-field communication, or NFC, tag. The devices in question are…
The Australian Federal Police (AFP) has identified the perpetrators of the hack and attempted extortion of health insurance company Medibank, its commissioner told journalists on Friday. Giving a short press conference without taking questions, AFP Commissioner Reece Kershaw…