January 22, 2024 at 12:06PM In December 2023, media organizations and North Korea experts were targeted by a cyber campaign orchestrated by the threat actor ScarCruft. This North Korea-linked group, also known as APT37, targeted individuals with malicious files, displaying a sophisticated and evolving approach. The attack is indicative of the group’s ongoing efforts to … Read more
January 18, 2024 at 01:50PM Kansas State University is managing a cybersecurity incident disrupting VPN, K-State Today emails, and Canvas and Mediasite videos. Its prompt response includes engaging third-party IT forensic experts, providing guidance to maintain educational continuity, and ongoing updates. Email services will resume with limitations on January 18. No data breach has been … Read more
January 17, 2024 at 10:07AM A recent CloudSEK XVigil report reveals a 95% surge in cyberattacks on government agencies in 2022. The public sector faces greater cybersecurity challenges due to limited resources and widespread personal data. A whole-of-state (WoS) cybersecurity strategy is proposed for collaborative defense, supported by the State and Local Cybersecurity Grant Program. … Read more
January 16, 2024 at 02:45AM Threat actors exploit a patched security flaw in Microsoft Windows to deploy the Phemedrone Stealer, targeting web browsers, cryptocurrency wallets, and messaging apps. The flaw, CVE-2023-36025, allows attackers to bypass Windows SmartScreen protection. Despite being patched, threat actors find ways to exploit the flaw, highlighting their flexibility in adapting attack … Read more
January 11, 2024 at 10:36AM Kenya’s Office of the Data Protection Commissioner released new guidance notes for data protection in education, communications, and digital credit sectors, as well as a general guide for processing health data. The Data Protection Act, enacted in 2019, has led to significant enforcement, with fines issued for violations. Awareness efforts … Read more
January 4, 2024 at 05:51PM C3 Complete acquires Compliance Solutions Inc.’s Cyber Security business unit, enhancing its service portfolio with Security Risk Assessments, Digital Forensics, and more. Jonathan Cox leads the combined teams as VP of Information Security. Both companies sponsor each other’s upcoming events. C3 Complete is a technology consultancy known for its in-house … Read more
January 4, 2024 at 01:32PM RIPE, the Regional Internet Registry for Europe, the Middle East, and Central Asia, is investigating a compromised administrator account that disrupted network traffic. The compromise affected some services and potentially other accounts, prompting RIPE to contact affected account holders. Additionally, a threat actor announced unauthorized access to a RIPE administrator … Read more
January 4, 2024 at 06:42AM Orange Spain experienced a prolonged internet outage due to a hacker attack on January 3. The hacker, known as ‘Snow’, gained control of Orange’s RIPE account, disrupting internet traffic using stolen credentials. Orange confirmed the attack, stating that customer data was not compromised, and the impacted services have been restored. … Read more
December 29, 2023 at 11:09AM The popular Slay the Spire indie game fan expansion, Downfall, was breached on Christmas Day, distributing the Epsilon information stealer malware via a Steam update. The compromised package was a modified version of the game, not a mod. The attackers hijacked the developer’s Steam and Discord accounts to upload the … Read more
December 29, 2023 at 07:54AM The US Department of Defense has proposed a rule for the Cybersecurity Maturity Model Certification (CMMC) program, seeking public feedback. The program aims to ensure defense contractors and subcontractors implement security measures to protect federal contract information and controlled unclassified information. The revision allows for self-assessment, emphasizes cooperation with industry, … Read more