Tag: data leak
Pittsburgh-area Water Authority Hit by Cyber Attack – November 28th
The Municipal Water Authority of Aliquippa reported a cyberattack that shut down their water pressure technology, to the U.S. Department of Homeland Security this past weekend. According to the U.S. Department of Homeland Security, the unassuming cyberattack may come with serious international implications, with the attack suspected to come from an anti-Israeli Iranian threat actor group labeled as "Cyber Av3ngers". This nation-state cyberattack is not the first to disrupt critical water infrastructure.
The EU’s Proposed Cybersecurity Certification Scheme – November 24th
The European Union's Cybersecurity Agency (ENISA) is studying the possibility of broadening the proposed cybersecurity labeling rules that may affect big tech operating in Europe. The proposed EU certification scheme (EUCS) vouches for further cybersecurity measures of cloud services, ensuring companies in the bloc select an EU-based certified cybersecurity vendor for their business.
Samsung Customers in the UK Exposed by Data Breach – November 17th
Samsung notified its customers in the UK that a recent data breach potentially exposed customer data, stemming from a third-party business application vulnerability. Samsung UK further stated that the data affected only covers customers that purchased Samsung items in the UK online store, and ensured customers that the breach does not include passwords or financial data.
CISA Signs Cybersecurity MoU with the Republic of Korea – November 10th
The Cybersecurity and Infrastructure Security Agency (CISA) announced a signed Memorandum of Understanding (MoU) with the Republic of Korea's National Intelligence Service (NIS) to establish collaboration efforts under the bilateral Cyber Framework between the US and the Republic of Korea signed in April. The framework between the Republic of Korea and the US includes sharing technical and operational cyber threat information and best practices in cyber crisis management.
FBI targets casino cybercrime
The attacks first identified by the FBI frequently targeted small and tribal casinos, encrypting servers and the personally identifying information (PII) of employees and patrons. As of June 2023, the FBI also reports that the Silent Ransom Group (SRG), also called Luna Moth, conducted callback phishing data theft and extortion attacks by sending victims a phone number in a phishing attempt, usually relating to pending charges on the victim’s account. When the victims called the provided phone number, cybercriminals directed them to a legitimate system management tool via a link provided in a follow-up email.
Beware the poisoned search
Conducting an innocent online search for any business-related document, such as a legal contract, has become as potentially risky as opening a link in an unsolicited email. Ransomware gangs, usually outside US, UK, and EU jurisdiction, are now luring business users of popular search engines to compromised websites designed to look like professional forums, creating a back door into the searcher’s entire organization.
Three-quarters of SMBs hit by serious cyber-attacks
Roughly three-quarters of small-to-medium-sized businesses (SMBs) have experienced a cyber-attack, a breach, or both in the last year. According to non-profit organization the Identity Theft Resource Center (ITRC)’s third annual ITRC Business Impact Report, 73 percent of owners or leaders of SMB’s reported being attacked or breached in the past 12 months, following a slight dip in the previous year.
Ransomware gangs start to fight dirty
According to cybersecurity company SecureWorks’ annual State of the Threat Report, over the last 12 months, attackers have shortened the time between the initial penetration of the corporate network to the ransomware demand itself from 4.5 days to less than one day. This period, known in the cybersecurity industry as ‘dwell time’, offers well-equipped cybercriminals a leisurely opportunity to drain the company of funds and its most sensitive secrets. In 10 percent of cases, ransomware was even deployed within five hours of initial access.
Millions of individuals’ DNA selling for a dollar a piece
At least seven million customers of San Francisco-based DNA company, 23andMe, are now seeing their confidential and highly personal genetic data up for sale on the internet. The hackers are also offering the millions of victims’ personal email addresses for good measure and to best assist potential blackmailers and fraudsters.
Beware of Death by a Billion Bots
US corporations lose an average of 4.3 percent of their online revenues to malicious ‘bots,’ malware designed to resemble human communications. Malware attacks of this nature accounts for an average annual loss of $86.5 million a year for corporations with average annual online revenues of $1.9 billion, according to a new report from cybersecurity firm Netacea, “Death by a Billion Bots: The Accumulating Business Cost of Malicious Automation”.
DarkGate again threatens online computer systems – September 15th
A new phishing attack campaign using DarkGate Loader malware has been identified, with Microsoft Teams users being urged to exercise caution. This malware is specifically a 'loader malware' meaning that it is able to download and execute other malware programs on the infected device. The additional malware then downloads in the infected device's memory structure, making it hard to detect since it isn't in the device's file system.
Experts warn of new ‘polyglot’ malware – September 4th
In this roundup; experts warn of new 'polyglot' malware, AI neutralizes trillions of IT events, and Northern Ireland data breach suspects have been arrested.