News

Enterprise communications firm Twilio has concluded its investigation into the recent data breach and revealed on Thursday that its employees were targeted in smishing and vishing attacks on two separate occasions. On August 7, Twilio revealed that it had detected unauthorized access to information related to customer accounts a few days earlier. A probe revealed that the breach was a result of an SMS phishing (smishing) attack targeting the company’s employees. At around the same…

Read More

The DHS on Thursday announced Cybersecurity Performance Goals (CPGs) to help organizations — particularly in critical infrastructure sectors — prioritize cybersecurity investments and address critical risks. The CPGs were developed by the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) in collaboration with NIST based on feedback from partners in public and private sectors. They are a result of the White House’s efforts to improve the US’s cybersecurity, and the DHS says the goals are unique…

Read More

The New York Post said Thursday it had been “hacked” by an employee after the tabloid newspaper’s Twitter account posted a series of antagonistic messages, including a call for the assassination of US President Joe Biden. The rogue tweets were removed late Thursday morning.  “The New York Post has been hacked. We are currently investigating the cause,” a message on the tabloid’s account said. “The New York Post’s investigation indicates that the unauthorized conduct was…

Read More

VMware this week announced patches for a critical remote code execution vulnerability in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V). Tracked as CVE-2021-39144 (CVSS score of 9.8), the security defect exists in XStream, an open source library to serialize objects to XML and back. The bug impacts all XStream iterations until and including version 1.4.17. Only out-of-the-box versions are affected, but not those where XStream’s security framework was set up with a…

Read More

A Ukrainian man has been charged with computer fraud for allegedly infecting millions of computers with malware in a cybercrime operation known as “Raccoon Infostealer,” the US Justice Department said Tuesday. Mark Sokolovsky, 26, is being held in the Netherlands and the United States is seeking his extradition, the department said in a statement. It said Raccoon Infostealer malware was leased to cybercriminals for $200 a month, payable in cryptocurrency. The malware was then installed…

Read More

Apple on Monday shipped a major iOS update with fixes at least 20 documented security defects, including a kernel flaw that’s already being actively exploited in the wild. The Cupertino device maker confirmed the active exploitation of CVE-2022-42827, warning in a barebones advisory that the flaw exposes iPhones and iPads to arbitrary code execution attacks. “An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this…

Read More

Iran’s Atomic Energy Organisation said Sunday an email server of its subsidiary was hacked in a “foreign” attack aimed at drawing “attention” amid protests over the death of Mahsa Amini. The Islamic republic has been gripped by weeks-long demonstrations sparked by the death of 22-year-old Amini on September 16 after her arrest for allegedly violating the country’s strict dress code for women. The street violence has led to dozens of deaths, mostly among protesters but…

Read More

The Federal Bureau of Investigation on Thursday issued an alert to warn that Iranian cyber group Emennet Pasargad is targeting organizations to steal their data and leak it online. Previously known as Eeleyanet Gostar and Net Peygard Samavat, Emennet Pasargad is an organization that often changes its name to avoid US sanctions, and which is known for providing cybersecurity services to government entities in Iran. In November 2020, the US warned that Iranian hackers exploited…

Read More

Non-profit healthcare provider Advocate Aurora Health is informing 3 million individuals that a malformed tracking pixel has inadvertently exposed protected health information (PHI) to Facebook or Google. Headquartered in Milwaukee, Wisconsin, and Downers Grove, Illinois, Advocate Aurora Health operates 26 hospitals and over 500 sites of care, and has more than 75,000 employees. In a data breach notification on its website, the healthcare system is informing patients that an incorrectly configured tracking pixel – placed…

Read More

Google today introduced Graph for Understanding Artifact Composition (GUAC), an open source tool for centralizing build, security, and dependency metadata. Developed in collaboration with Kusari, Purdue University, and Citi, the new project is meant to help organizations better understand software supply chains. GUAC aggregates metadata from different sources, including supply chain levels for software artifacts (SLSA) provenance, software bills of materials (SBOM), and vulnerabilities, to provide a more comprehensive view over them. “Graph for Understanding…

Read More