DataBreaches
Insurance giant CNA reports data breach after ransomware attack
Sergiu Gatlan reports: CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix...
Bleeping Computer
Insurance giant CNA reports data breach after ransomware attack
CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March.
Bleeping Computer
Insurance giant CNA fully restores systems after ransomware attack
Leading US-based insurance company CNA Financial has fully restored systems following a Phoenix CryptoLocker ransomware attack that disrupted its online services and business operations during late March.
DataBreaches
CNA Financial Paid $40 Million in Ransom After March Cyberattack
Kartikay Mehrotra and William Turton report: CNA Financial Corp., among the largest insurance companies in the U.S., paid $40 million in late March to regain...
DataBreaches
Shopee, Carousell most popular platforms used by phishing scammers
CNA reports: Taipei, March 12 (CNA) Shopee and Carousell, two online marketplaces based in Singapore, have been the two C2C platforms on which customers were...
DataBreaches
Starbucks Singapore hit by data breach affecting rewards program customers
CNA reports: Starbucks Singapore has been hit by a data breach affecting customers of its rewards membership programme. In an email sent to customers on Friday...
DataBreaches
Singapore data centre says no data loss discovered after report on hackers obtaining logins
CNA reports: Data centre operator ST Telemedia Global Data Centres (STT GDC) has noticed no data loss or impact to its customer service portals following a...
DataBreaches
Sg: OrangeTee real estate group suffers data security breach
CNA reports: OT Group, the holding company of OrangeTee & Tie and OrangeTee Advisory, has suffered a data security breach, the Singapore real estate group...
DataBreaches
iRent fined for data leak
CNA reports: Taiwanese car rental and automobile/motorcycle-sharing services platform iRent received separate fines from the Ministry of Transportation and...
DataBreaches
Rio Tinto data vendor GoAnywhere’s possible breach spotted in Jan-end
CNA reports: U.S. cybersecurity firm Fortra said suspicious activity was identified within its GoAnywhere software nearly two months ago, a day after Rio Tinto...
DataBreaches
No evidence of personal data leak amid national security probe: NHIA
CNA reports: The National Health Insurance Administration (NHIA) on Thursday said there is no evidence that three current and former employees stole data amid...
Bleeping Computer
Ransomware gang breached CNA’s network via fake browser update
Leading US insurance company CNA Financial has provided a glimpse into how Phoenix CryptoLocker operators breached its network, stole data, and deployed ransomware payloads in a ransomware attack that hit its network in March 2021.
DataBreaches
Real estate firm OrangeTee & Tie fined for data breach involving 250,000 customers and employees
CNA reports a follow-up to an attack by ALTDOS that was previously reported by DataBreaches: Real estate agency OrangeTee & Tie has been fined S$37,000 by...
The Record
Canadian Nurses Association confirms data theft after group dumps stolen info
The Canadian Nurses Association (CNA) confirmed that it is working with its members to respond to a leak of sensitive data stolen by a group of hackers earlier this year.
DataBreaches
Hackers interrupt Catholic charity’s online press conference on Ukraine
Hacktivists on both sides of the Russia-Ukraine war have been busy. CNA reports that some hackers disrupted a Zoom event to stream obscenities and to post fake...
SecurityWeek
Over 50 New CVE Numbering Authorities Announced in 2022
More than 50 organizations have been added as a CVE Numbering Authority (CNA) in 2022, bringing the total to 260.
DataBreaches
Singapore faced more cybercrime, phishing and ransomware threats in 2021
Natasha Ganesan reports: Firms and individuals in Singapore faced an increased number of cybercrime, phishing and ransomware threats last year, according to a...
DataBreaches
Taiwan Ministry of Interior denies responsibility for data leak
Matthew Strong reports: The Ministry of Interior (MOI) on Saturday (Oct. 29) denied being the source of a data leak reportedly posting private details of...
DataBreaches
Bits ‘n Pieces (Trozos y Piezas)
Ransomware attacks continue This week, LockBit added four entities related to South America: Chile, Colombia, and Venezuela: Comision Nacional de Acreditación...
Infosecurity News
Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation
An open letter signed by 50 cybersecurity practitioners requires the US Congress to support NIST in restoring operations at the National Vulnerability Database
The Cyber Express
NIST Hires External Contractor to Help Tackle National Vulnerability Database Backlog
The U.S. National Institute of Standards and Technology (NIST) has taken a big step to address the growing backlog of
CyberNews
Insurance giant AON hacked | Cybernews
British-American multinational falls victim to hackers - in an embarrassing development for a company that also offers cybersecurity services.
The Hacker News
Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Fortra patches critical flaw in FileCatalyst transfer tool. Vulnerability allows remote code execution via directory traversal.
Security Affairs
PoC exploit for critical RCE in Fortra FileCatalyst tool released
Fortra addressed a critical remote code execution vulnerability impacting its FileCatalyst file transfer product.
PCMag
UnitedHealth May Have Paid Ransomware Gang $22M to Fix Prescription Fiasco
UnitedHealth Group has not confirmed a payment, but an affiliate of the ALPHV/Blackcat gang disclosed the number in a forum while complaining about being swindled out of their cut.
Bleeping Computer
The Week in Ransomware - May 21st 2021 - Healthcare under attack
This week's ransomware news has been dominated by the attack on Ireland's Health Service Executive (HSE) that has severely disrupted Ireland's healthcare system.
SecurityWeek
PoC Published for Critical Fortra Code Execution Vulnerability
A critical directory traversal vulnerability in Fortra FileCatalyst Workflow could lead to remote code execution.
SecurityWeek
Insurance Broker Aon Investigating Cyber Incident
Global insurance broker Aon is investigating a cyber incident impacting some of its systems.
ZDNet
Sophos patches critical remote code execution vulnerability in Firewall | ZDNet
Sophos Firewall is a network protection solution for the enterprise market.
SecurityWeek
Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs
A total of more than 28,000 CVE IDs were assigned in 2023 and 84 new CVE Numbering Authorities (CNAs) were named.
Bleeping Computer
The Week in Ransomware - July 9th 2021 - A flawed attack
This week's news focuses on the aftermath of REvil's ransomware attack on MSPs and customers using zero-day vulnerabilities in Kaseya VSA. The good news is that it has not been as disruptive as we initially feared.
Bleeping Computer
Insurance giant AON hit by a cyberattack over the weekend
Professional services and insurance giant AON has suffered a cyberattack that impacted a "limited" number of systems.
Infosecurity News
NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stopped
Several software security experts have told Infosecurity that no new vulnerabilities have been added to the US NVD since May 9
Cyber Security News
Hackers Exploit Roundcube Zero-day to Attack Government Email Servers
Cybersecurity researchers at ESET actively monitoring the "Winter Vivern," started exploiting a new zero-day XSS vulnerability in Roundcube.
Bleeping Computer
New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions
The new PayloadBIN ransomware has been attributed to the Evil Corp cybercrime gang, rebranding to evade sanctions imposed by the US Treasury Department's Office of Foreign Assets Control (OFAC).
Bleeping Computer
The Week in Ransomware - May 14th 2021 - One down, many more to go
Ransomware took the media spotlight this week after a ransomware gang known as DarkSide targeted critical infrastructure in the USA.
Bleeping Computer
Japanese insurer Tokio Marine discloses ransomware attack
Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack.
DataBreaches
At some point, SNAtch Team stopped being the Snatch ransomware gang. Were journalists the last to know?
In December 2019, Sophos published an analysis of Snatch ransomware. In June 2020, DFIR Report provided a case study, and in July 2020, LIFARS wrote an...
The Record
Australian ports operator recovering after major cyber incident
One of Australia's largest port operators is resuming operations after being hit by a cyberattack late last week.
.webp)
Cyber Security News
Microsoft to Separate Office & Teams Globally
Microsoft Corporation has announced its decision to sell its chat and video app Teams separately from its Office suite on a global scale.
CyberSecurity Dive
SEC pushes for tougher cybersecurity disclosure rules
Companies would need to report breaches within four days under the proposed rules.
.webp)
Cyber Security News
PoC Exploit Released for Microsoft Edge Information Disclosure Vulnerability
Cybersecurity researchers have released a Proof-of-Concept (PoC) exploit for a recently disclosed disclosure Microsoft Edge vulnerability.
The Hacker News
Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft
Watch out for WordPress plugin that can create fake administrator users and inject malicious JavaScript code to steal credit card information
Bleeping Computer
The Week in Ransomware - July 23rd 2021 - Kaseya decrypted
This week has quite a bit of news ranging from the USA formally accusing China of the recent ProxyLogon vulnerability and Kaseya mysteriously obtaining the universal decryption key.
CyberSecurity Dive
Enterprises rarely follow advice to never pay ransoms
Ransomware foists a difficult choice on executives and very few leave business operations in limbo to test a best practice.
ZDNet
The biggest data breaches, hacks of 2021 | ZDNet
As COVID-19 continues to cause disruption, cyberattacks haven't let up, either.
Ars Technica
Nginx core developer quits project in security dispute, starts “freenginx” fork
Disagreement over security disclosures and bug-fixing priorities led to split.
CyberScoop
Dangerous vulnerability in fleet management software seemingly ignored by vendor
Researchers say Digital Communications Technologies has not addressed a bug impacting its Syrus4 IoT gateway, leaving open the possibility for vehicle fleets to be shut down.
DarkReading
Amid Sweeping Change, Cyber Defenders Face Escalating Visibility — and Pressure
Why cyber teams are now front and center for business enablement within organizations, and the significant challenges they face.
The Cyber Express
Microsoft Patch Tuesday 2024: Critical Vulnerabilities Addressed in Latest Security Update
March 2024 brings a fresh focus on cybersecurity as Microsoft rolls out its latest set of patches, addressing 61 vulnerabilities
The Cyber Express
Microsoft Patch Tuesday 2024 Update Fixes 147 New Vulnerabilities
Microsoft has released the latest Patch Tuesday update, addressing a large number of vulnerabilities across various products and services. The
Ars Technica
Small drones are giving Ukraine an unprecedented edge
Consumer drones are having a huge impact on the country’s defense against Russia.
Bleeping Computer
ALPHV BlackCat - This year's most sophisticated ransomware
The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments.
Cyber Security News
Ransomware Attack Prevention Checklist - 2023
Implementing a ransomware attack prevention plan can provide businesses with the necessary tools to protect your organisation.
ZDNet
What is ransomware? Everything you need to know and how to reduce your risk
The ransomware business is booming, and really anyone can be the next victim. Here's how to protect yourself and your organization from an attack. Too late for prevention? We'll show you what to do next.
The DFIR Report
Malicious ISO File Leads to Domain Wide Ransomware - The DFIR Report
IcedID continues to deliver malspam emails to facilitate a compromise. This case covers the activity from a campaign in late September of 2022. Post exploitation activities detail some familiar and … Read More