Blog
CISA’s Top Exploited Vulnerabilities List Stresses Importance of Timely Patching
Very few people probably need a reminder at this point, but CISA’s annual list of the most frequently exploited vulnerabilities reinforces the importance of timely patching when zero-days are announced.
Hacker Spree of Fake Invoices Stems From Permissive DocuSign APIs
Hackers are using the DocuSign APIs to forge authentic-looking fake invoices for payment backed by the trusted “docusign.net” domain. The term “hacking” is used loosely here as it is something that any paying customer with Envelopes API access could do.
Hackers Demonstrates Gathering Stolen Credentials Is as Easy as Scanning for Git Config Files
Recent campaign called “EmeraldWhale” snapped up over 15,000 stolen credentials simply by mass scanning for errant web configurations exposing Git config files to the public.
Trump and Vance’s Phone Data Targeted by Chinese Hackers That Broke Into Telcos
Thus far officials are being tight-lipped about the campaign of the Chinese hackers and any phone data they might have accessed, which points to something potentially being stolen. As to what is anyone’s guess.
Delta Has a Slim Path to Victory in CrowdStrike Lawsuit Over IT Outage and Flight Disruptions
Delta has been threatening to sue CrowdStrike over the July flight disruptions that caused mass chaos for travelers, and both parties have now filed papers against each other. CrowdStrike pins the extended IT outage primarily on Delta’s “antiquated” systems.
Data Breach Information Used to Bilk Canada Revenue Agency for Over $100 Million in Fake Tax Refunds
Canada Revenue Agency (CRA) has admitted that it has been undercounting fake tax refunds it has paid out for at least several years now, and what appeared to be tens of incidents per year has actually been tens of thousands.
AI and National Security a Top Focus in the Final Days of the Biden Administration
Some of the national security memo is an exhortation to Congress to authorize funding for projects seen as vital to keeping up with China in these areas. But federal agencies can be expected to immediately pick up the pace in integrating AI and recruiting talent, and both protections and new risk guidelines will be coming soon.
SolarWinds Hack Continues to Cost Companies as SEC Tracks Down Insufficient Cybersecurity Disclosures
“Overly broad language” and concealment of file access in SolarWinds hack cybersecurity disclosures can lead to fines in the millions of dollars, as an SEC investigation has recently demonstrated.
Infamous Brazilian Hacker’s Campaign of Data Breaches Ends in Arrest
A Brazilian hacker who has been a general menace for at least several years now, and involved with the massive National Public Data breach among others, is in the custody of the country’s federal police after a somewhat unusual series of events.
Data Breach of Pokémon Developer Includes Some of Nintendo’s Future Plans
Word began spreading of Pokémon developer Game Freak’s secrets being spread on 4Chan in early October. Tidbits found in the data breach include plans for a new animated cartoon with Netflix, and the company’s aim to make two sequels to its 2019 Detective Pikachu film.