Ride hailing giant Uber disclosed Thursday it’s responding to a cybersecurity incident involving a breach of its network and that it’s in touch with law enforcement authorities. The New York Times first reported the incident. The company pointed to its tweeted statement when asked for comment on the matter. The hack is said to have
Cyber Security
An ongoing espionage campaign operated by the Russia-linked Gamaredon group is targeting employees of Ukrainian government, defense, and law enforcement agencies with a piece of custom-made information stealing malware. “The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine,” Cisco Talos researchers Asheer Malhotra and Guilherme Venere said in a
Gamers looking for cheats on YouTube are being targeted with links to malicious password-protected archive files designed to install the RedLine Stealer malware and crypto miners on compromised machines. “The videos advertise cheats and cracks and provide instructions on hacking popular games and software,” Kaspersky security researcher Oleg Kupreev said in a new report published
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran’s Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020. The agency said the cyber activity mounted by the individuals is partially attributable to intrusion
A Linux variant of a backdoor known as SideWalk was used to target a Hong Kong university in February 2021, underscoring the cross-platform abilities of the implant. Slovak cybersecurity firm ESET, which detected the malware in the university’s network, attributed the backdoor to a nation-state actor dubbed SparklingGoblin. The unnamed university is said to have
The operators behind the Lornenz ransomware operation have been observed exploiting a now-patched critical security flaw in Mitel MiVoice Connect to obtain a foothold into target environments for follow-on malicious activities. “Initial malicious activity originated from a Mitel appliance sitting on the network perimeter,” researchers from cybersecurity firm Arctic Wolf said in a report published
Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are
Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers as part of an intelligence gathering mission that has been underway since early 2021. “A notable feature of these attacks is that the attackers leveraged a wide range of legitimate software packages in order to
Contemporary organizations understand the importance of data and its impact on improving interactions with customers, offering quality products or services, and building loyalty. Data is fundamental to business success. It allows companies to make the right decisions at the right time and deliver the high-quality, personalized products and services that customers expect. There is a
Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild. The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges.
China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi’an in June 2022. The National Computer Virus Emergency Response Centre (NCVERC) disclosed its findings last week, and accused the Office of Tailored Access Operations (TAO) at
A hacktivist collective called GhostSec has claimed credit for compromising as many as 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations as part of a “Free Palestine” campaign. Industrial cybersecurity firm OTORIO, which dug deeper into the incident, said the breach was made possible owing to the fact that the PLCs were accessible
Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a persistent malicious campaign codenamed DangerousSavanna. Countries targeted include Ivory Coast, Morocco, Cameroon, Senegal, and Togo, with the spear-phishing attacks heavily focusing on Ivory Coast in recent months, Israeli cybersecurity firm Check Point
A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015. Cybersecurity firm Mandiant said the group operates as the intelligence gathering arm of Iran’s Islamic Revolutionary Guard Corps (IRGC),
A recent report revealed that ecommerce provider, Shopify uses particularly weak password policies on the customer-facing portion of its Website. According to the report, Shopify’s requires its customers to use a password that is at least five characters in length and that does not begin or end with a space. According to the report, Specops
The U.S. Treasury Department on Friday announced sanctions against Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies. “Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government
More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized. “The seizures represent approximately 10% of the total funds stolen from Axie Infinity (accounting for price differences between
Security threats are always a concern when it comes to APIs. API security can be compared to driving a car. You must be cautious and review everything closely before releasing it into the world. By failing to do so, you’re putting yourself and others at risk. API attacks are more dangerous than other breaches. Facebook