News

The hackers leaking stolen Australian health records to the dark web on Thursday appeared to end their extortion attempt by dumping a final batch of data online and declaring:”Case closed.” In November the hackers demanded health insurer Medibank pay US$9.7 million to keep the records off the internet — or one dollar for each of the company’s impacted customers, which included Prime Minister Anthony Albanese. Medibank refused to pay at the urging of the federal…

The Black Basta ransomware group has taken credit for the recently disclosed attack on Canadian meat giant Maple Leaf Foods. The cybercriminals have made public several screenshots of technical documents, financial information and other corporate files to demonstrate that they gained access to Maple Leaf Foods systems. Maple Leaf Foods announced in early November that it was experiencing an outage as a result of a cyberattack. The Mississauga, Ontario-based packaged meats company said it took…

Southampton County in Virginia last week started informing individuals that their personal information might have been compromised in a ransomware attack. The incident was identified in September, when a threat actor accessed a server at Southampton and encrypted the data that was stored on it. The county says that it took steps to contain the attack immediately after identifying it, and that it launched an investigation into the incident, to determine the type of data…

US authorities announced a ban Friday on the import or sale of communications equipment deemed “an unacceptable risk to national security” — including gear from Chinese giants Huawei Technologies and ZTE. Both firms have been on a roster of companies listed as a threat by the Federal Communications Commission (FCC), and the new rules bar future authorizations of their equipment. The move is the latest in a series of actions to limit the access of…

The European Parliament website was hit by a cyberattack claimed by pro-Russian hackers Wednesday shortly after lawmakers approved a resolution calling Moscow a “state sponsor of terrorism”. “The European Parliament is under a sophisticated cyberattack. A pro-Kremlin group has claimed responsibility,” the parliament’s president, Roberta Metsola, posted on Twitter.  “Our IT experts are pushing back against it and protecting our systems. This, after we proclaimed Russia as a State-sponsor of terrorism. My response: #SlavaUkraini (Glory…

A cross-tenant vulnerability in Amazon Web Services (AWS) could have allowed attackers to abuse AWS AppSync to gain access to resources in an organization’s account. An attacker could exploit the AWS AppSync service to assume identity and access management (IAM) roles in other AWS accounts, gaining access to resources within those accounts, cloud security company Datadog Security Labs explains. The AppSync service allows developers to create GraphQL and Pub/Sub APIs, each with an associated data…

Facebook parent Meta has tied a recent influence operation powered by tens of accounts, pages and groups to the United States military. The social media giant on Tuesday released its adversarial threat report for the third quarter of 2022. During Q3, in addition to disrupting operations linked to Chinese and Russian threat actors, the company disrupted an operation that has been connected to the United States. According to Meta, the operation that originated in the…

Threat detection firm CloudSEK has identified thousands of applications leaking Algolia API keys, and tens of applications with hardcoded admin secrets, which could allow attackers to steal the data of millions of users. Organizations can use Algolia’s API to incorporate into their applications functions such as search, discovery, and recommendations. The API is used by over 11,000 companies, including Lacoste, Slack, Medium, and Zendesk. CloudSEK says it has identified 1,550 applications that leaked Algolia API…