October 27, 2023 at 02:36PM Ransomware attacks have reached record levels, with September experiencing a surge of activity. NCC Group and Check Point Software report substantial increases in attacks this year. Microsoft has identified Octo Tempest as one of the most dangerous financial criminal groups, involved in recent attacks on prominent organizations. In other news, … Read more
October 26, 2023 at 12:21PM Researchers have discovered a new side-channel attack called iLeakage that exploits Safari to extract sensitive information from Macs and iPhones. The attack requires the user to be lured to a malicious website, which then automatically opens the targeted site. The researchers demonstrated how it can steal passwords, Instagram credentials, email … Read more
October 26, 2023 at 10:39AM Japanese watchmaker Seiko has confirmed a data breach caused by a ransomware attack that occurred a few months ago. The attack resulted in the compromise of customer, business partner, and employee data. The ransomware group, BlackCat and ALPHV, claimed responsibility for the attack and leaked over 2TB of information when … Read more
October 26, 2023 at 04:32AM ServiceNow is issuing a fix for a vulnerability that allows unauthenticated attackers to steal sensitive files. The flaw involves default configurations of ServiceNow’s widgets, which can expose personal data. Despite previous code changes, the default configuration still sets widgets to return specified data, making them accessible to attackers. ServiceNow has … Read more
October 25, 2023 at 08:03PM Westinghouse subsidiary BHI Energy confirmed experiencing an Akira ransomware attack in June. The threat actor gained access through a compromised account of a third-party contractor. They performed network reconnaissance before exfiltrating 690GB of data and deploying the ransomware. The threat actor was removed in July and BHI was able to … Read more
October 25, 2023 at 12:44PM Seiko, the Japanese watchmaker, has confirmed a Black Cat ransomware attack that led to a data breach compromising sensitive customer, partner, and personnel information. 60,000 personal data items were compromised across multiple departments. The cybercriminals claimed to have stolen production plans, employee passport scans, and confidential technical schematics of Seiko … Read more
October 24, 2023 at 05:57PM The City of Philadelphia has disclosed that certain individuals’ information was stolen in a cyberattack involving its email environment. Unauthorized access to city email accounts occurred between May 26 and July 28, and personal information, health information, and financial information may have been compromised. The investigation is ongoing, and the … Read more
October 24, 2023 at 04:19PM Password manager 1Password is the second victim of Okta’s recent customer support breach. Okta, a cloud-based identity and access management service, suffered a cyberattack that compromised access to customer support systems, allowing the attacker to infiltrate some customers, including 1Password. Fortunately, no user or employee data was compromised. Okta has … Read more
October 24, 2023 at 06:10AM A third-party contractor running a database without password protection exposed over 500,000 records related to vehicle seizures by the Irish National Police. The exposed data includes scanned identity documents and incident summary reports containing names and details of drivers and officers. The database is owned and operated by an unnamed … Read more
October 24, 2023 at 01:51AM Password management solution 1Password had a breach of its Okta instance, but no user data was accessed. The breach involved a threat actor attempting to access an IT team member’s user dashboard and manipulate authentication flows. Measures have been taken to enhance security, including tighter MFA rules and reducing the … Read more