Versions of the Chinese shopping app up to the most recent release were found to have malware present. The malicious code is an attack chain that specifically targets Samsung mobile devices, first discovered in early 2021.
FBI IC3 annual report shows overall cyber crime complaint numbers are down (for the first time in a long time). However, total loss amounts are way up and online crime efficiency appears to be improving.
A breach of a third party vendor appears to have provided the LockBit ransomware gang with 3,000 sensitive SpaceX engineering schematics, which the criminals are threatening to take to auction if the company does not pay up.
ALPHV ransomware gang is claiming that it is sitting on data from Amazon’s Ring network of personal security cameras. Amazon has confirmed that a third party vendor has been hit with the BlackCat ransomware.
The TSA order to the aviation sector is part of this general blitz of new cybersecurity requirements among critical infrastructure companies, but also comes as the industry is seeing increasing number of attacks.
A health data breach at a Washington DC medical insurance marketplace has caused a great deal of concern as it appears that members of Congress were among the compromised parties, who appear to number about 170,000 in total.
The new EPA cybersecurity requirements are extensive. Some public water systems will undoubtedly have a lot of work on their hands, as some of the smaller ones across the country have never had any kind of cyber defense program prior to this.
In addition to potentially holding publishers liable for security vulnerabilities, Biden’s National Cybersecurity Strategy calls for more aggressive pursuit of foreign cyber threats. Critical infrastructure companies are also likely to face tougher standards and regulations.
Media conglomerate News Corp has reported that a security breach first discovered in early 2022 stretches back to February 2020 and impacted a broad array of the company’s subsidiaries. Attackers believed to be a state-backed Chinese cyber espionage team.
Previously reported theft of LastPass customer password vaults has been traced back to a DevOps engineer with special access to backups. Hackers reportedly exploited a vulnerability in his home computer to obtain their credentials.