Blog

Meta Employees, Contractors Engaged in Account Hijacking Schemes Using Internal Account Recovery Privileges

Leaked internal document reported that some Meta employees and third party security contractor abused access to an internal account recovery tool for cash, in some cases even engaging in account hijacking plots.
How Far Will Australia’s New “Hack Back” Cyber Task Force Go?

Australia’s string of major data breaches have prompted quick and dramatic action by the government to shore up the nation’s cybersecurity. The most recent is the announcement of a new cyber task force that will spend all of its time pursuing these criminal hackers, whether domestic or foreign.
AirAsia Ransomware Attack Causes Leak of 5 Million Records of Personal Data

Personal data of about five million employees and passengers has been stolen in a ransomware attack. Attackers said that the internal network was in such a poor state that they were ceasing any further attacks against AirAsia due to some combination of sympathy and frustration.
Fears of Online Activity Tracking as Hidden Russian Software Found in Thousands of Apps From US Government Agencies and Major Companies

A Russian software company that appears to have gone out of its way to hide its origins has raised alarms of online activity tracking in the US Army and several other government agencies, as its code is present in thousands of apps.
Over $100 Million in Ransom Payments Recorded by Hive Ransomware, FBI and CISA Urge Organizations To Take Protective Measures

Hive ransomware has racked up over $100 million in ransom payments and over 1,300 organizations have been impacted as the group becomes one of the biggest criminal service providers of the moment. The group likes to prey on poorly secured VPNs and unpatched Microsoft Exchange vulnerabilities.
80% Of Companies Have Filed at Least One Cyber Insurance Claim; Need for Security Controls Expands as Market Tightens

Report shows a full four out of five companies have filed at least one cyber insurance claim; half have filed more than one. Insurers’ next move appears to be more stringent and thorough security controls as a standard term of obtaining a policy.
UK Government Begins Vulnerability Scanning of All of the Country’s Internet Devices

While the vulnerability scanning program appears to primarily be a public service, the UK government is looking to fortify national security and improve its own cyber readiness using data that it gathers from regularly scanning internet devices.
Years-Long Spear Phishing Campaign Plagues Smaller Countries as French-Speaking APT Group Pilfers $11 Million

APT group “OPERA1ER” is active in Africa, Asia and Latin America and conducted sophisticated spear phishing since 2018 and usually notches anywhere from either a few to a dozen successful attacks each year.
Medibank Accepts the Consequences of Health Data Being Leaked as It Refuses Ransom Payments

Attackers started leaking health data of selected public figures and politicians as well as people who may have had compromising conditions or treatments as Medibank has publicly committed to not making ransom payments.
ICS Cybersecurity Improving, but Legacy Systems & Staffing Continue To Be Major Impediments

Hackers are continuing to show a very strong interest in industrial control systems, but organizations also tend to be much more prepared. However, 35% are still not able to tell if they have been compromised and 17% still aren’t monitoring ICS cybersecurity.

Blog

Got a Question?