January 3, 2024 at 05:00PM iFlock Security Consulting, a leading boutique cybersecurity company, has completed its first private funding round, bringing in two strategic sales executives, signifying growth. With a focus on penetration testing and fortified cybersecurity services, the company is well-positioned to tackle the rising global cybercrime. The new funding and hires demonstrate firm … Read more
January 3, 2024 at 08:23AM Xerox has confirmed a cybersecurity breach at its US subsidiary, XBS, following claims by INC Ransom of data exfiltration. The attack potentially compromised personal information, and Xerox is working with cybersecurity experts to investigate. The group behind the attack, INC Ransom, is known for indiscriminate targeting and previously threatened Xerox … Read more
January 3, 2024 at 06:08AM Prisma uncovered a critical exploit within an undocumented Google OAuth endpoint, enabling attackers to hijack user sessions and maintain continuous unauthorized access to Google services. The exploit has been integrated into various malware and has continued to evolve, posing a significant threat. CloudSEK has emphasized the need for enhanced cybersecurity … Read more
January 3, 2024 at 03:37AM Emsisoft advocates for a total ban on ransom payments following a surge in ransomware attacks on US organizations, costing nearly $1.5 million each on average to rectify. It pointed to record-breaking attacks in 2023, including those on hospitals, schools, and government bodies. The report also highlights concerns about the need … Read more
January 2, 2024 at 03:06PM Info-stealing malware can still access compromised Google accounts even after passwords are changed, due to a zero-day exploit first mentioned by the cybercriminal “PRISMA.” The exploit involves regenerating session tokens to access emails and cloud storage. CloudSEK identified the exploit in the undocumented Google OAuth endpoint “MultiLogin.” The discover reveals … Read more
December 29, 2023 at 08:54AM SecurityWeek weekly roundup provides a concise compilation of cybersecurity stories that may have been overlooked. This week’s stories include a $60 million crypto theft, Android backdoor infection, Microsoft warning of malware distribution, Mint Mobile data breach, and NASA’s space security guidance. Other topics covered are hacking claims, Chrome Safety Check, … Read more
December 24, 2023 at 01:41AM A UK teen, Arion Kurtaj, was given an indefinite hospital order due to his intent to resume cybercrime, while another teen, part of the LAPSUS$ gang, received an 18-month Youth Rehabilitation Order for cyberattacks on companies like Microsoft and Samsung. The group is known for SIM-swapping attacks and extortion via … Read more
December 22, 2023 at 08:35PM Mint Mobile, a subsidiary of T-Mobile, has confirmed a data breach exposing customer information. The breach notification assured customers that credit card numbers and passwords were not affected, but disclosed that names, phone numbers, email addresses, and other account details were compromised. The company has resolved the breach and is … Read more
December 22, 2023 at 12:54PM The Chameleon Android banking trojan, detected by ThreatFabric, has expanded its reach to the UK and Italy from its initial targets in Australia and Poland. The malware employs various tactics, such as phishing pages and accessing Accessibility Services, to perform Account Takeover and Device Takeover attacks, targeting banking and cryptocurrency … Read more
December 22, 2023 at 12:07PM Businesses worldwide face a surge in cyber threats, with ransomware attacks increasing by over 1,000% since 2019. Aon’s global survey identifies cyberattacks as the top risk for organizations, leading to a shift in cybersecurity investment in the Middle East. Organizations must prioritize a holistic, proactive approach to cyber resilience, including … Read more