December 5, 2024 at 07:01AM Chemonics International has notified over 260,000 individuals about a data breach compromising personal information, including names, addresses, and Social Security numbers. Discovered on December 15, 2023, investigators found attackers had accessed data from May 2023 to January 2024. Chemonics is offering 24 months of free identity protection services. ### Meeting … Read more
October 16, 2024 at 07:06AM The article examines variations in AI models regarding security measures and reveals tactics employed by threat actors. It discusses the implications of AI in cybersecurity, highlighting the transition from misuse to more harmful abuse of these technologies. **Meeting Takeaways:** 1. **Discussion Topic:** The meeting focused on exploring the differences in … Read more
October 8, 2024 at 09:58AM A recent cyberattack on US auto dealerships highlights the need for prioritizing IT security, involving the entire C-suite, and balancing cybersecurity spending and technology. CEOs’ engagement in planning and response, conducting business analysis for cyber spending, and implementing advanced technologies are essential. Collaborating with cybersecurity experts and understanding the impact … Read more
October 4, 2024 at 12:03PM Red Barrels, a Canadian video game developer known for the Outlast series, faces potential delays in game development due to a recent cyberattack on its internal IT systems and data. The company assures that player data remains unaffected and is working with cybersecurity experts to investigate and secure its systems. … Read more
October 3, 2024 at 02:59PM Dutch national police (Politie) suspects a state actor of the recent data breach, compromising officers’ contact details and private information. They are implementing stronger security measures, including two-factor authentication, and closely monitoring systems for unauthorized access. The investigation is ongoing, and further details will be made public as they become … Read more
September 20, 2024 at 11:25AM The article discusses the Ransomhub ransomware’s utilization of EDRKillShifter to disable EDR and antivirus protections. Ransomhub also exploits the Zerologon vulnerability to take control of networks without authentication. The group has attacked various industries, employed spear-phishing, and used the affiliate model. Trend Micro’s Vision One telemetry data aided in uncovering … Read more
September 19, 2024 at 04:38AM Threat actor Earth Baxia targeted a government organization in Taiwan and possibly other APAC countries using spear-phishing emails and exploiting CVE-2024-36401, a GeoServer vulnerability. Earth Baxia deployed customized Cobalt Strike components and a new backdoor called EAGLEDOOR, which supports multiple communication protocols for information gathering and payload delivery, with evidence … Read more
September 9, 2024 at 10:39AM Payment gateway provider Slim CD disclosed a data breach compromising credit card and personal data of nearly 1.7 million individuals. Hackers had access to the network for almost a year. Though the exposed data isn’t enough for fraudulent transactions, a risk of credit card fraud exists. Slim CD has augmented … Read more
September 6, 2024 at 02:10PM Avis, a well-known car rental company, disclosed a recent data breach where attackers accessed their business application from August 3 to August 6, stealing names and other sensitive customer information. Avis has taken measures to enhance security and has advised affected customers to monitor their accounts for unauthorized activity and … Read more
August 26, 2024 at 03:20PM The FBI was found to have serious flaws in its handling and disposal of seized electronic storage media. The lack of labeling and tight security measures posed risks of loss or theft of sensitive information. While the FBI is taking steps to address the issue, concerns remain over inventory control … Read more