Data Breaches

Toyota: Data on More Than 2 Million Vehicles in Japan Were at Risk in Decade-Long Breach

A decade-long data breach in Toyota’s much-touted online service put some information on more than 2 million vehicles at risk, the Japanese automaker said Friday. Spanning from January 2012 to April 2023, the problem with Toyota’s cloud-based Connected service pertains only to vehicles in Japan, said spokesperson Hideaki Homma. The Connected service reminds owners to get maintenance checks and links to streaming entertainment and provides help during emergencies. It can call for help after a…

Read More

Israeli threat group uses fake company acquisitions in CEO fraud schemes

A group of cybercriminals based in Israel has launched more than 350 business email compromise (BEC) campaigns over the past two years, targeting large multinational companies from around the world. The group stands out with some of the techniques it uses, including email display name spoofing and multiple fake personas in the email chains, and through the abnormally large sums of money the attempt to extract from organizations. “Like most other threat actors that focus…

Read More

IOTW: Sysco confirms data breach impacting company, supplier and employee data

Food distribution company Sysco has confirmed that customer, business and employee data was stolen in a cyber attack it suffered earlier this year. The cyber attack is thought to have taken place on January 14, 2023 and was detected by Sysco on March 5. According to BleepingComputer, Sysco said in an internal memo sent on May 3 that data from companies and suppliers located in the US and Canada as well as data from US employees…

Read More

New DownEx malware campaign targets Central Asia

A previously undocumented malware campaign called DownEx has been observed actively targeting government institutions in Central Asia for cyberespionage, according to a report by Bitdefender.  The first instance of the malware was detected in 2022 in a highly targeted attack aimed at exfiltrating data from foreign government institutions in Kazakhstan. Researchers observed another attack in Afghanistan. “The domain and IP addresses involved do not appear in any previously documented incidents, and the malware does not share any code similarities…

Read More

The 6 best password managers for business

What’s a password manager? A password manager is a program that stores passwords and logins for various sites and apps, and generates new strong passwords when a user needs to change an old one or create a new account. Users can sign into a password manager with a single strong password or by using biometrics, and access all their login information. Most password managers allow users to sign in on multiple devices (including Macs, Windows…

Read More

Dell pushes security, devops integration in storage updates

Dell’s storage product lineup is set to receive a wide range of updates, including  devops integrations with the Ansible and Terraform tools, compliance with the latest US government security standards, zero trust readiness and more. PowerStore, Dell’s flash-based storage array line, is receiving the lion’s share of the security updates, according to a Dell announcement on Wednesday. Dell said that PowerStore now boasts STIG hardening, meaning that it is compliant with the federal government’s stanadards…

Read More

Microsoft fixes bypass for critical Outlook zero-click flaw patch

Microsoft fixed a new vulnerability this week that could be used to bypass defenses the company put in place in March for a critical vulnerability in Outlook that Russian cyberspies exploited in the wild. That vulnerability allowed attackers to steal NTLM hashes by simply sending specifically crafted emails to Outlook users. The exploit requires no user interaction. The new vulnerability, patched Tuesday and tracked as CVE-2023-29324, is in the Windows MSHTML Platform and can be…

Read More

IBM unveils end-to-end, quantum-safe tools to secure business, government data

Technology giant IBM has debuted a new set of tools and capabilities designed as an end-to-end, quantum-safe solution to secure organizations and governmental agencies as they head toward the post-quantum computing era. Announced at its annual Think conference in Orlando, Florida, Quantum Safe technology combines expertise across cryptography and critical infrastructure to address the potential future security risks that quantum computing poses, according to the company. IBM also unveiled the Quantum Safe Roadmap to guide…

Read More

International security agencies warn of Russian “Snake” malware threat

Security agencies from five countries have issued a joint advisory revealing technical details about a sophisticated espionage tool used by Russian cyber actors against their targets. “Snake malware” and its variants have been a core component in Russian espionage operations carried out by Center 16 of Russia’s Federal Security Service (FSB) for nearly two decades, according to the security notice. Identified in infrastructure in over 50 countries across North America, South America, Europe, Africa, Asia,…

Read More

Evil digital twins and other risks: the use of twins opens up a host of new security concerns

The use of digital twins — virtual representations of actual or envisioned real-world objects — is growing. Their uses are multifold and can be incredibly helpful, providing real-time models of physical assets or even people or biological systems that can help identify problems as or even before they occur. Grand View Research has predicted that the global digital twin market, valued at $11.1 billion in 2022, will grow at a 37.5% compound annual growth rate…

Read More