Blog
-
Endemic Log4j Vulnerability To Remain a Problem for the Next Decade, According to Cyber Safety Review Board
The notorious Log4j vulnerability is “endemic” and will not be fully remedied by the open source community or the organizations it plagues, according to a new report from the Cyber Safety Review Board.
-
At Least Four Nations Have Mobilized State-Sponsored Hackers in Cyber Espionage Campaigns Against Journalists
Researchers has observed journalists being targeted by state-sponsored hackers from China, North Korea, Turkey and Iran. Cyber espionage campaigns focused on looking for identities of anonymous sources and any “off-the-record” information.
-
Social Media for Disneyland Hit by Account Takeover, Used for Demeaning Messages
Social media accounts belonging to Disneyland were compromised by an unknown party and used to post crude and offensive messages during a brief account takeover.
-
North Korean Hackers May Have Used Fake Job Offer To Pull Off Axie Infinity Crypto Theft
Platforms like LinkedIn sometimes make it difficult to filter fake job offers out from legitimate communications. This may have been exploited in the Axie Infinity crypto theft incident.
-
Social Engineering Responsible for Another Data Breach at a Marriott Location, 20GB of Data Stolen
A social engineering attack apparently ensnared a member of the BWI Airport Marriott staff, with the ensuing data breach leaking 20GB of data including credit card information.
-
Hacker Claims Theft of Personal Data of 1 Billion China Citizens From National Police Department, but Samples May Be From Smaller Prior Data Leaks
Hacker raised major alarms by offering the personal data of 1 billion China citizens for sale, but it may originate from prior known data leaks that comprise a much smaller total of records.
-
Series of DDoS Cyber Attacks on Lithuania Appear To Have Come From a Private Group of Russian Hackers
Russian hackers has taken responsibility for a hacking campaign in Lithuania that has seen primarily government services hit by distributed denial of service (DDoS) cyber attacks.
-
Ransomware-as-a-Service Group LockBit Offers Bug Bounty Program for Both Internal and External Vulnerabilities
While this latest gambit from ransomware-as-a-service gang LockBit is likely more of a publicity stunt than a genuine attempt at a bug bounty program, it reflects the comfort level that online criminals have settled into.
-
Crypto Hack of Blockchain Bridge Sees Criminals Exploit a Vulnerability for a Huge Payday
Blockchain bridges, and DeFi in general, struggle with the lack of the kind of “security first” perspective that is necessary in the modern threat landscape. The Horizon crypto hack joins the likes of the breaches of Axie Infinity and Wormhole.
-
Conti Group Dominated Pandemic-Era Ransomware Attacks With Professional Organization Structure
Everything that has been documented about Conti paints a picture of dedicated professionals that made an incredibly lucrative industry out of ransomware attacks. Highly prolific group conducted at least 850 successful attacks since 2020.