January 18, 2024 at 11:03AM Infostealer malware poses a significant risk to corporate information security by stealing credentials, cookies, and other data, leading to data breaches and ransomware distribution. Leaked credentials from breaches and infostealers are a substantial threat, prompting organizations to monitor and defend against them. Flare offers a solution to detect and mitigate … Read more
January 18, 2024 at 08:18AM Australian researcher Troy Hunt discovered a credential stuffing list named Naz.API, consisting of over 70 million unique email addresses and passwords, sourced from malware and a defunct OSINT tool. One-third of the addresses were not previously known, and the data has been added to Have I Been Pwned and Pwned … Read more
January 18, 2024 at 07:24AM Security researcher Eaton Zveare gained unauthorized access to customer information in Toyota Tsusho Insurance Broker India’s email account due to misconfigurations and vulnerabilities. Zveare accessed the [email protected] email account, exposing customer data, OTPs, and access to TTIBIās Microsoft cloud account. TTIBI took two months to address the issues, but the … Read more
January 18, 2024 at 06:12AM Foxsemicon, a subsidiary of Foxconn, was reportedly attacked by LockBit ransomware. 5 Tb of data was claimed to be stolen and encrypted, including personal data of customers and employees. The cybercriminals demanded a ransom and threatened to make the data public. Although Foxsemicon believes the impact won’t be significant, the … Read more
January 16, 2024 at 04:34PM Ivanti VPNs globally compromised due to two unpatched zero-day vulnerabilities, allowing attackers to gain network access. Thousands infected, primarily by group UTA0178, with no available patches until Jan. 22 and Feb. 19. Ivanti released a mitigation and Integrity Checker Tool for existing compromises. Customers advised to follow incident response playbook … Read more
January 12, 2024 at 05:13PM Ransomware gangs are targeting mortgage lenders, with recent attacks on loanDepot, Mr. Cooper, and title insurance companies. The Toronto Zoo and Tigo Business were also hit. In a positive turn, a Dutch police operation led to the arrest of a ransomware operator. The week also saw the discovery of new … Read more
January 12, 2024 at 10:19AM Laptop maker Framework suffered a data breach when an employee at its external accounting partner, Keating Consulting, fell victim to a phishing attack. The compromised data includes personal information of impacted individuals. Framework is urging users to be cautious of phishing attempts impersonating the company and has taken steps to … Read more
January 12, 2024 at 09:44AM Webinar on remote working and network security. Remote work is here to stay, but security is crucial. Zscaler offers solutions for secure app access, traffic elimination, issue detection, and cost reduction. Join the webinar on 16 January at 6pm GMT/1pm ET/10am PT to learn more. Sponsored by Zscaler. Register to … Read more
January 11, 2024 at 09:00AM The article highlights the growing threat of phishing-driven ransomware, with the rise of Generative Artificial Intelligence (GenAI) making it more difficult to detect and defend against phishing attacks. To counter this, companies are advised to upgrade to next-generation multi-factor authentication (MFA) solutions, such as Token Ring, to protect against sophisticated … Read more
January 10, 2024 at 06:23PM Fidelity National Financial disclosed a cybersecurity incident that led to unauthorized access of 1.3 million customers’ data. The intrusion was attributed to ransomware group ALPHV/BlackCat. FNF’s forensic investigation revealed that certain data was exfiltrated, though it claimed no direct customer impact. The company is providing credit monitoring and identity services … Read more