Blog
Mandiant: Zero-Days up to 70% of Exploited Vulnerabilities
2023 saw Mandiant log 138 total incidents of exploited vulnerabilities for its report, of which 70% were zero-days. That is up substantially from 61% and 62% in the two prior years.
First Use of Quantum Computers to Crack Encryption Should Prompt Review, Not Panic
What this development warns of is the possibility of weaker quantum computers being used to crack encryption ahead of schedule, by focusing on specific standards and coming up with innovative approaches tailored to them.
31 Million Record Data Breach at Internet Archive Followed by Hacktivist DDoS Attacks
Service at the Internet Archive remains spotty after about two weeks of off-and-on attacks, beginning with a major data breach in late September that exposed 31 million user credentials.
European Government Air-Gapped Systems Successfully Hacked by Malware Attacks
The basic setup of the GoldenJackal malware attack is simple, but clever: compromise a USB drive known to be regularly connected to air-gapped systems, and let it harvest files for you. When it is returned to an internet-connected device, the stolen files are forwarded along their way.
Increase in Data and Privacy Breaches Creating a Spike in Large Cyber Claims
There is a particular spike in cyber claims from “hyperlitigation” that results when a managed services provider or some other upstream source is breached, causing follow-on client data and privacy breaches and a cascade of lawsuits.
Verizon, AT&T Among US Telecoms and ISPs Breached by Chinese Hackers
The group seemed to have a specific priority goal for the US telecoms: accessing a federal wiretap system used for legally ordered surveillance of criminal suspects, a type of intel that Chinese hackers have targeted before.
New CRI Guidance Discourages Ransomware Payments, Focuses on Alternative Options
The new CRI guidance does not call for a shutdown of ransomware payments, but does encourage victims to get in touch with law enforcement as soon as possible even if they intend to make a payment.
T-Mobile’s Recent Data Breaches Accounted for With $31.5 Million FCC Settlement
T-Mobile has been struggling with a chain of data breaches that dates back to 2018, but the present FCC settlement only addresses those that took place from 2021 to 2023. As it happens, those were also the largest and most serious incidents.
No Rest for US Cyber Defense as Chinese Hackers Are Caught Targeting ISPs in Another Scheme
US officials are concerned about the possibility of Chinese hackers shutting off the electricity, water and internet taps should a war in Taiwan break out. But ISPs are most likely being targeted right now as they provide the ability to track employees and personnel.
Cyber Attack Cripples World’s Second-Largest Money Transfer Service
Nearly a week after first announcing a “network outage” that shut all of its money transfer services down, MoneyGram is still working to restore its core operations. The company has since confirmed that the outage has actually been caused by a cyber attack.