#SecurityBreach

Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover

by

November 15, 2024 at 05:35AM A critical vulnerability in the Really Simple Security plugin affected over 4 million WordPress websites, allowing for full administrative access. This flaw poses significant security risks, potentially enabling unauthorized takeovers of affected sites. The incident highlights the importance of timely security updates and monitoring for vulnerabilities. **Meeting Takeaways:** 1. **Incident … Read more

Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements

by

October 24, 2024 at 06:54AM Penn State University will pay $1.25 million to settle claims of not meeting cybersecurity requirements for Department of Defense and NASA contracts. This settlement addresses alleged compliance failures related to security standards essential for these federal contracts. ### Meeting Takeaways: 1. **Settlement Amount**: Penn State University will pay $1.25 million. … Read more

MoneyGram confirms hackers stole customer data in cyberattack

by

October 7, 2024 at 07:00PM MoneyGram suffered a cyberattack in September, causing a five-day outage. Hackers accessed customer data between September 20 and 22, 2024, stealing sensitive information such as contact details, dates of birth, Social Security numbers, government-issued IDs, and transaction data. The breach notification advises affected customers to await further details on the … Read more

American Water shuts down online services after cyberattack

by

October 7, 2024 at 01:34PM American Water, the largest U.S. water and wastewater utility, experienced a cyberattack prompting system shutdowns. The company hired cybersecurity experts and initiated a joint investigation with law enforcement. The incident led to the closure of its online services and billing paused. The company assured no impact on water facilities. This … Read more

Rackspace monitoring systems hit by zero-day

by

September 30, 2024 at 07:18PM Rackspace recently faced a security breach when intruders exploited a zero-day bug in a third-party application, impacting its internal performance monitoring system. This led to temporary suspension of its monitoring dashboard. Although some customer information was accessed, Rackspace promptly isolated the affected equipment and worked on a patch in collaboration … Read more

Hacker charged for breaching 5 companies for insider trading

by

September 30, 2024 at 06:05PM The U.S. SEC charged U.K. citizen Robert B. Westbrook with hacking into the computer systems of five U.S. public companies, accessing confidential earnings information, and conducting insider trading. Westbrook made illegal profits of approximately $3,750,000 from 14 trades. He now faces civil and criminal charges, which may result in prison … Read more

U.S. charges Joker’s Stash and Rescator money launderers

by

September 27, 2024 at 02:01PM The U.S. Department of Justice has charged two Russian nationals, Sergey Ivanov and Timur Shakhmametov, for money laundering and cybercrimes, including operating carding markets and cryptocurrency exchanges involving billions of dollars. Authorities also targeted Cryptex and seized servers hosting PM2BTC, leading to rewards for information on the individuals’ whereabouts. Additionally, … Read more

Sophistication of AI-Backed Operation Targeting Senator Points to Future of Deepfake Schemes

by

September 27, 2024 at 08:03AM Sen. Cardin was targeted in a sophisticated deepfake operation, where a caller posing as a former Ukrainian official engaged in a video call to gather politically charged information. Experts believe advances in generative AI have made such schemes more believable and easier to conduct. Officials warn of more attempts in … Read more

Russian security firm Dr.Web disconnects all servers after breach

by

September 18, 2024 at 11:50AM Dr.Web, a Russian anti-malware company, revealed a security breach on Tuesday following a cyberattack over the weekend. Based on the meeting notes, it appears that Russian anti-malware company Doctor Web (Dr.Web) experienced a security breach after a cyberattack over the weekend. This information should be communicated transparently and promptly to … Read more

Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military

by

September 18, 2024 at 10:54AM Chinese national Song Wu, employed by AVIC, was indicted in the U.S. for spear-phishing to access NASA, universities, and private companies’ software. The stolen data could be utilized in aerospace and military applications. Another Chinese national, Jia Wei, was separately charged for infiltrating a U.S. communications firm. In the UK, … Read more