Cybersecurity
Okta says Lapsus$ breach lasted 25 minutes, impacted two customers
Okta said Tuesday that a forensic investigation that it commissioned found that the hacker group Lapsus$ accessed two active customer tenants during the January breach of a third-party support firm. The threat actor “actively controlled” a workstation belonging to one…
Is Bashar al-Assad’s Army of Hackers Gone for Good?
In April 2013, pro-Assad online activists from Syria hacked into the Twitter account of the Associated Press and tweeted about a fake explosion at the White House that supposedly injured President Barack Obama, leading the U.S. stock market to temporarily dip by $136…
Conti’s Ransomware Toll on the Healthcare Industry
Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that…
Blockchain companies are being targeted by North Korean hackers, US agencies warn
The Cybersecurity and Infrastructure Security Agency (CISA), the Department of Treasury, and the FBI issued a joint advisory Monday evening describing a North Korean state-sponsored hacking campaign that has been associated with cryptocurrency heists since at…
New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices…
CISA warns of attackers now exploiting Windows Print Spooler bug
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new security flaws to its list of actively exploited bugs, including a local privilege escalation bug in the Windows Print Spooler. This high severity vulnerability (tracked as CVE-2022-22718)…
Zero-day exploits found and disclosed hit a record high in 2021, Google Project Zero says
Researchers at Google’s Project Zero said they tracked 58 cases of zero-day exploits “in the wild” in 2021 — the most ever detected and disclosed in a single year since the group began its work in mid-2014. The 2021 total is more than double the previous maximum, 28, tracked…
Funky Pigeon Suspends Orders Following Cyber-Attack
Gift card retailer Funky Pigeon has experienced a cyber-attack, leading the firm to temporarily suspend orders. Funky Pigeon, which is owned by WHSmith, revealed it had taken its systems offline as a precaution, preventing it from fulfilling customer orders…
Emotet botnet switches to 64-bit modules, increases activity
The Emotet malware is having a burst in distribution and is likely to soon switch to new payloads that are currently detected by fewer antivirus engines. Security researcher monitoring the botnet are observing that emails carrying malicious payloads last month have…
QNAP urges customers to disable UPnP port forwarding on routers
Taiwanese hardware vendor QNAP urged customers on Monday to disable Universal Plug and Play (UPnP) port forwarding on their routers to prevent exposing their network-attached storage (NAS) devices to attacks from the Internet. UPnP is a set of insecure network…
Create your profile
Only paid subscribers can comment on this post
Check your email
For your security, we need to re-authenticate you.
Click the link we sent to , or click here to sign in.