Blog
-
8.8 Million Exposed Since 2021 in Zacks Investment Research Firm Hack, in Addition to 820,000 Records Stolen in Late 2022 Data Breach
Bad news continues to pile up for investment research firm Zacks as new reporting from the Have I Been Pwned website indicates the company was unaware of a massive data breach that began in 2021 and compromised over 8.8 million customer records.
-
Ransomware and BEC Remain Strong, Social Engineering a Growing Threat in 2023 Verizon DBIR
The Verizon DBIR for 2023 is out, and it shows an increase in social engineering as an entry point for threat actors. Attackers would prefer to do as little hacking as possible, and the availability of stolen credentials is making that a realistic business plan.
-
Tables Turned on Cyber Criminals as Database Leak Exposes Hacking Forum Clientele
The RaidForums database leak looks to have taken place in late September 2020, long before international law enforcement moved in on the hacking forum. Someone appears to have been sitting on this information for some time.
-
Cl0p Cyber Attack on Payroll Provider Zellis Nets Some Very Big Downstream Fish
The biggest single target in this recent spree of cyber attacks is UK payroll provider Zellis, and the list of downstream companies that have been compromised is composed of some impressive names: British Airways, the BBC, Jaguar Land Rover, and Aer Lingus among others.
-
Data Breach of Dental Care Provider Attributed to LockBit Ransomware, Sensitive Information for Millions of Patients Dumped
Data breach involving the Lockbit ransomware gang and a major provider of US government-subsidized medical care has resolved in about the worst way possible, with the sensitive personal information of nearly nine million patients dumped to the public.
-
Module Used for Mini-Games in Android Apps Contained Spyware, Potentially Infected Hundreds of Millions of End Users
An SDK module used to implement small casino-style mini-games in Android apps is infected with spyware, and is found in at least 101 Android apps available through the Play Store. Based on raw download and install numbers, up to 421 million could be impacted.
-
US Critical Infrastructure Is a Playground for Chinese Hackers, According to Microsoft Threat Intelligence
Report finds that Chinese hackers have been roaming through the networks of private US critical infrastructure companies for years now, often keeping their presence a secret for extended periods via the use of “living off the land” techniques.
-
KeePass Master Passwords at Risk From New Security Exploit
Security exploit on the password manager allows anyone with privileged access to the system and any kind of memory dumps to locate strings that each contain one unprotected plaintext character from the master password.
-
Cyber Risk of New Google Top-Level Domains Debated as Phishing Sites Are Already Appearing
It remains to be seen exactly how serious of a cyber risk these new top-level domains will be, but some system administrators are already blocking them out entirely as phishing sites emerge.
-
Cyber Attack Derails Operations at Philadelphia’s Largest Newspaper
Cyber attack on the Philadelphia Inquirer kept a Sunday edition from going to print and lingering issues with newspaper operations continues to keep employees out of the paper’s offices.