Akshay JoshiHead of Industry and Partnerships, Centre for Cybersecurity, World Economic Forum 1. US warns of huge cyber-espionage campaign targeting critical infrastructure One of the largest known cyber-espionage campaigns has hit companies running critical US infrastructure, according to Western intelligence agencies and Microsoft. Microsoft analysts say the group, which it is calling Volt Typhoon, appears […]
AT&T alerts 9 million customers of data breach after vendor hack
By Sergiu Gatlan | March 9. 2023 “AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January. “Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan,” AT&T told BleepingComputer. “The […]
TikTok car theft challenge: Hyundai, Kia fix flaw
Posted: February 17, 2023 by Jovi Umawing “Car manufacturer Hyundai, and its subsidiary Kia, began rolling out a free software update on February 14, 2023, to address a flaw in their anti-theft software, which was highlighted in a social media challenge. The release of the update came nine months after an uptick in car theft of the affected models in the […]
FBI is investigating a cybersecurity incident on its network
“The U.S. Federal Bureau of Investigation (FBI) is reportedly investigating malicious cyber activity on the agency’s network. The federal law enforcement agency says it already contained the “isolated incident” and is working to uncover its scope and overall impact. “The FBI is aware of the incident and is working to gain additional information,” the U.S. […]
Security News This Week: Hackers Ran Amok Inside GoDaddy for Nearly 3 Years
Plus: The FBI got (at least a little bit) hacked, an election-disruption firm gets exposed, Russia mulls allowing “patriotic hacking,” and more. “GoDaddy revealed in a statement on Thursday it had discovered that hackers inside its systems had installed malware on its network and stolen parts of its code. The company says it became aware […]
The biggest risks in procrastinating on iPhone and Android software updates
Published by Kaitlin Balasaygun “That screen-blocking software update notification that keeps coming back may be annoying to a phone user, but ignoring it for too long is a mistake. Many consumers opt to not have phones set to automatic update. Once the day begins, these notifications can pop up at inconvenient and distracted times — […]
Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw
By Ravie Lakshmanan “Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google’s Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, […]
Microsoft Warns on Zero-Day Spike as Nation-State Groups Shift Tactics
By Jai Vijayan “The software giant also recorded an increase in attacks on IT services companies as state-backed threat actors have adapted to better enterprise defenses and cast a wider net, Microsoft says. Enterprise security executives that perceive nation-state-backed cyber groups as a distant threat might want to revisit that assumption, and in a hurry. Several […]
U.S. news sites push malware in supply-chain attack
By Sergiu Gatlan “Threat actors are using the compromised infrastructure of an undisclosed media company to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S. “The media company in question is a firm that provides both video content and advertising to major news outlets. [It] […]
Dropbox discloses breach after hacker stole 130 GitHub repositories
“Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. The company discovered the attackers breached the account on October 14 when GitHub notified it of suspicious activity that started one day before the alert was […]