Daily Cyber Brief

CISA orders federal civilian agencies to report vulnerabilities, TD Bank discloses data breach, and Russian retail chain DNS confirms hack...

Cybersecurity

Albania denies police system was attacked by Iranian hackers

Albanian authorities on Monday denied the country's police system was hacked after local media reported that data on people being investigated for crimes was released from an Iranian hacking group. Albanian media reported a leaked file with a list of suspected people, from…

CISA directive orders federal civilian agencies to regularly report software vulnerabilities

The Cybersecurity and Infrastructure Security Agency announced a Binding Operational Directive on Monday ordering federal civilian agencies to enhance efforts to detect vulnerabilities in their networks, a move that CISA Director Jen Easterly hopes the private…

Ferrari says internal documents online, but no evidence of cyber attack

Ferrari said on Monday some internal documents had been posted online and the luxury sports carmaker was working to identify how this had happened. It will implement all the appropriate actions as needed, it said in an emailed statement…

TD Bank discloses data breach after employee leaks customer info

TD Bank has disclosed a data breach affecting an undisclosed number of customers whose personal information was stolen by a former employee and used to conduct financial fraud. TD Bank is one of the largest banks in the United States by deposits, operating 1,220…

Bumblebee Malware Loader's Payloads Significantly Vary by Victim System

A new analysis of Bumblebee, a particularly pernicious malware loader that first surfaced this March, shows that its payload for systems that are part of an enterprise network is very different from its payload for standalone systems. On systems that appear to be part of a…

Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub

Scammers are impersonating security researchers to sell fake proof-of-concept ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities. Last week, Vietnamese cybersecurity firm GTSC disclosed that some of their customers had been…

Phishing Campaigns Target KFC, McDonald's in Saudi Arabia, UAE, Singapore

KFC and McDonald's customers were targeted via phishing campaigns across Saudi Arabia, UAE and Singapore, with payment details of some of them successfully stolen by attackers. Spotted by security researchers at CloudSEK, the first of these campaigns worked via a…

Russian retail chain 'DNS' confirms hack after data leaked online

Russian retail chain 'DNS' (Digital Network System) disclosed yesterday that they suffered a data breach that exposed the personal information of customers and employees. DNS is Russia's second-largest computer and home appliance store chain, with 2,000 branches and…

Transit Swap Exploiter Returns Large Chunk of $28.9M Hack

Transit Swap, a cross-chain decentralized exchange (DEX), has received 70% of stolen funds back from a hacker that exploited a smart contract vulnerability. In a blog post published on Monday, Transit Swap said that $18.9 million has been returned after a slew of security firms…

Microsoft Exchange server zero-day mitigation can be bypassed

Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough. Threat actors are already chaining both of these…

Daily Cyber Brief

CISA orders federal civilian agencies to report vulnerabilities, TD Bank discloses data breach, and Russian retail chain DNS confirms hack...

Cybersecurity

Join the conversation

Overt Operator