Hackers Possibly Stole Personal Data From Bitcoin ATM Operator Byte Federal

December 13, 2024 at 08:21AM Bitcoin ATM operator Byte Federal informed 58,000 individuals of a potential data breach, discovered on November 18, due to a vulnerability in GitLab. Personal data may have been accessed, but no funds were compromised. Byte Federal is taking security measures and advises users to monitor their accounts for suspicious activities. … Read more

Cleo patches critical zero-day exploited in data theft attacks

December 12, 2024 at 12:09PM Cleo has released urgent security patches for a zero-day vulnerability in its LexiCom, VLTransfer, and Harmony software, actively exploited in data theft attacks linked to the Termite ransomware gang. Customers are advised to upgrade to version 5.8.0.24 to enhance security and mitigate risks from these breaches. ### Meeting Takeaways 1. … Read more

Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed

December 12, 2024 at 11:09AM Byte Federal, the largest U.S. Bitcoin ATM operator, experienced a data breach affecting 58,000 customers due to a GitLab vulnerability. Sensitive information like names, social security numbers, and contact details were accessed. The company has secured its systems and urges customers to monitor for fraud but does not offer identity … Read more

Krispy Kreme cyberattack impacts online orders and operations

December 11, 2024 at 09:46AM Krispy Kreme experienced a cyberattack in November, which disrupted various business operations, including the ability to place online orders. **Meeting Takeaways:** 1. **Incident Overview:** Krispy Kreme experienced a cyberattack in November. 2. **Impact on Operations:** The attack specifically affected parts of the company’s business operations, notably online ordering capabilities. 3. … Read more

446,000 Impacted by Center for Vein Restoration Data Breach

December 11, 2024 at 06:56AM Center for Vein Restoration has informed over 446,000 individuals that their personal, medical, and financial data was compromised in a cyberattack identified on October 6. The breach affects both patients and employees. The organization is enhancing security measures and providing identity theft protection services to those impacted. ### Meeting Takeaways: … Read more

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

December 11, 2024 at 01:36AM The U.S. government charged Chinese national Guan Tianfeng for hacking thousands of Sophos firewalls in 2020, exploiting a severe zero-day vulnerability. He allegedly conspired to access and exfiltrate data, targeting critical U.S. infrastructure. Sanctions were imposed against his company, Sichuan Silence, linked to Chinese intelligence agencies. ### Meeting Takeaways from … Read more

New Cleo zero-day RCE flaw exploited in data theft attacks

December 10, 2024 at 10:11AM Hackers are leveraging a zero-day vulnerability in Cleo managed file transfer software to infiltrate corporate networks and execute data theft attacks. This highlights the urgent need for organizations to address security weaknesses and implement protective measures against such threats. **Meeting Notes Takeaways:** 1. **Current Threat:** Hackers are exploiting a zero-day … Read more

Large-Scale Incidents & the Art of Vulnerability Prioritization

December 9, 2024 at 10:04AM Cybersecurity defenders face increasing vulnerabilities due to a growing IT environment. Recent reports indicate that 14% of breaches exploit vulnerabilities, emphasizing the need for clear prioritization strategies. Learning from past incidents like MOVEit and Log4j can guide effective vulnerability evaluation and management, including the adoption of secure-by-design principles. ### Meeting … Read more

⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 – 8)

December 9, 2024 at 08:16AM This week’s cyber recap highlights hacker stealing infrastructures and deploying AI-driven scams. Significant events include the arrest of a Scattered Spider member, turmoil caused by malicious Android malware, and law enforcement actions disrupting online fraud networks. Cybersecurity firms stress vigilance against evolving threats and emerging vulnerabilities in popular software. ### … Read more

Deloitte Responds After Ransomware Group Claims Data Theft

December 9, 2024 at 07:07AM Deloitte responded to claims by the ransomware group Brain Cipher, which alleges it stole over one terabyte of data. Deloitte stated the issue pertains to a single client’s external system, with no impacts on its network. The group has targeted various sectors and threatened to release stolen data unless paid. … Read more