Malware

20 Jan

T-Mobile suffers 8th data breach in less than 5 years

Data Breaches, Malware, Social Engineering

Telecom player T-Mobile US has suffered a cybersecurity incident that resulted in the exposure of the personal details of 37 million users, the company reported in a filing to the US Securities and Exchange Commission on Thursday.  Customer data such as customer name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features were exposed, the company revealed.  However, T-Mobile in a…

Read More
19 Jan

Ukraine Links Data-Wiping Attack on New Agency to Russian Hackers

Attacks, Malware

It has almost been a year since the invasion of Ukraine, and security researchers have discovered a series of new malware deployed against Ukrainian targets. These attacks have caused more global cooperation in support of Ukraine as well as a better understanding of Russian cyber capabilities and tactics. Russians have been targeting telecommunications, new agencies, and social media platforms to disrupt the flow of information within Ukraine. Although several attacks have been successful, CERT-UA has…

Read More
19 Jan

Mailchimp Suffers Second Data Breach in Last Six Months

Attacks, Malware

After the first breach was suffered, Mailchimp stated they’d be reassessing their security posture and making changes. Now that a second breach has occurred, it’s unclear if they did not take these steps, or their new defenses simply failed. Taking preventative security measures can go a long way and save valuable time, money, and reputation. Cyber attacks are not slowing down anytime soon, so it’s advised that companies that have not taken the next steps…

Read More
19 Jan

PayPal Accounts Breached in Credential Stuffing Attack

Attacks, Malware

Credential stuffing attacks are a technique of using lists of credentials from past data breaches against a new site, with the goal of finding an account that reuses those compromised credentials across multiple sites. From and organizational standpoint, the best action to take against credential stuffing attacks is to educate end users on this form of attack and advise them of the dangers of using an identical password across multiple sites. In many cases, however,…

Read More
19 Jan

Many ICS flaws remain unpatched as attacks against critical infrastructure rise

Data Breaches, Malware, Social Engineering

Patching vulnerabilities in industrial environments has always been challenging due to interoperability concerns, strict uptime requirements, and sometimes the age of devices. According to a recent analysis, a third of vulnerabilities don’t even have patches or remediations available. Out of 926 CVEs — unique vulnerability identifiers — that were included in ICS advisories from the US Cybersecurity and Infrastructure Security Agency (CISA) during the second half of 2022, 35% had no patch or remediation available…

Read More
19 Jan

Chinese hackers targeted Iranian government entities for months: Report

Data Breaches, Malware, Social Engineering

Chinese advanced persistent threat actor, Playful Taurus, targeted several Iranian government entities between July and December 2022, according to a Palo Alto Networks report.  The Chinese threat actor also known as APT15, KeChang, NICKEL, BackdoorDiplomacy, and Vixen Panda, was observed attempting to connect government domains to malware infrastructure previously associated with the APT group, according to the report. “Playful Taurus continues to evolve their tactics and their tooling. Recent upgrades to the Turian backdoor and…

Read More
19 Jan

How CISOs can manage the cybersecurity of high-level executives

Data Breaches, Malware, Social Engineering

High-level executives, including board members and C-level executives, often have access to sensitive information, making them prime targets for bad actors looking to penetrate corporate defenses. Their personal devices, among other points of entry, are glaring attack vectors for cybercriminals looking to get in on the top floor. As CISOs know, cyber incidents all too often include the human element—and executives are all too human. According to the Verizon 2022 Data Breach Investigations Report, 82% of…

Read More
18 Jan

QuSecure launches quantum-computing based security for endpoints

Data Breaches, Malware, Social Engineering

QuSecure, a quantum-computing technology company based in Silicon Valley, today announced the latest version of its security platform, called QuEverywhere — designed to allow organizations to extend quantum-safe security all the way to endpoints like laptops and smartphones, the company said in a statement. QuEverywhere, according to the company, is an app- or browser-based method of applying quantum cryptography to connections or transactions on a given platform. It’s based largely on the company’s proxy server…

Read More
18 Jan

Severe Git RCE Vulnerabilities Receive Patch

Attacks, Malware

The most effective way of mitigating these vulnerabilities is by upgrading to the latest Git release. In the event that upgrading Git is not possible, CVE-2022-41903 can be mitigated by: • Disabling ‘git archive’ in untrusted repositories or avoid running the command on untrusted repos• If ‘git archive’ is exposed via ‘git daemon,’ disable it when working with untrusted repositories by running the ‘git config –global daemon.uploadArch false’ command https://www.bleepingcomputer.com/news/security/git-patches-two-critical-remote-code-execution-security-flaws/

Read More
18 Jan

Avast Releases Free BianLian Ransomware Decryptor

Attacks, Malware

The BianLian ransomware decryptor is available for free and the program is a standalone executable that doesn’t require installation. Users can select the location they wish to decrypt and provide the software with a pair of original/encrypted files. There’s also an option for users with a valid decryption password, but if the victim doesn’t have one, the software can still attempt to figure it out by iterating through all known BianLian passwords. The decryptor also…

Read More