The Cyber Express
Banco Santander Confirms Data Breach, Assures Customers’ Transactions Remain Secure
Santander, one of the largest banks in the eurozone, confirmed that an unauthorized party had gained access to a database
The Cyber Express
Santander, one of the largest banks in the eurozone, confirmed that an unauthorized party had gained access to a database
The Cyber Express
Santander, one of the largest banks in the eurozone, confirmed that an unauthorized party had gained access to a database
Infosecurity News
Comparitech said 2023 was a record year for breaches with 954 reported, up from 139 in 2022 and 783 in 2021
The Cyber Express
The IntelBroker hacker has allegedly leaked a database belonging to the National Parent Teacher Association (PTA), a cornerstone of child
SecurityWeek
Financial Business and Consumer Solutions (FBCS) says the personal information of 2.7 million was impacted in the recent data breach.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Bleeping Computer
After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation.
Bleeping Computer
The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks.
Cyber Security News
The University System of Georgia (USG) announced that the confidential information of approximately 800,000 students, faculty, and staff was exposed in the recent MOVEit data breach.
SecurityWeek
University System of Georgia says Social Security numbers and bank account numbers were compromised in the May 2023 MOVEit hack.
CyberNews
The University System of Georgia, a US government agency, has suffered a data incident via the infamous MOVEit Transfer hack.
DarkReading
As Verizon Business redefines "supply chain breach," it could either help organizations address third-party risk holistically or just conflate and confuse.
DarkReading
Actual legislation is a long shot and a decade away, but policy experts are looking to jump-start the conversation around greater legal liability for insecure software products.
SecurityWeek
Verizon 2024 DBIR shows that vulnerability exploitation increased three times and confirmed data breaches doubled compared to 2023.
The Cyber Express
The CL0P ransomware group has listed 3 additional victims on its leak site. The mentioned victims include: McKinley Packing, Pilot
Infosecurity News
Comparitech found that 18% of ransomware incidents in the US led to a lawsuit in 2023, with 59% of completed lawsuits since 2018 proving successful
Infosecurity News
The growth of software supply chain attacks pushed vulnerability exploits to the third most used initial access method, Verizon found
CyberSecurity Dive
Threat actors are going after critical security flaws in widely used applications, but human error is still at the root of business security woes.
DarkReading
MOVEit drove a big chunk of the increase, but social engineering and failure to patch led to a doubling of data breaches since 2023, said Verizon Business.
SC Magazine
Vulnerability exploits, pure extortion and internal risks are on the rise, while AI threats fall short.
HACKRead
Beware! Agent Tesla & Taskun Malware are targeting US Education & Gov. This cyberattack steals data & exploits vulnerabilities.
CyberSecurity Dive
Stakeholders need to address why vendors are delivering products with common vulnerabilities, which account for the majority of attacks, Jen Easterly said.
CyberSecurity Dive
CrushFTP CEO Ben Spink said the company isn’t aware of any data theft thus far, but researchers see echoes of MOVEit exploits and other high-profile file-transfer vulnerabilities.
SecurityWeek
Mandiant's M-Trends 2024 Report unveils mixed signals in cybersecurity. While defenses are improving, attackers still retain the upper hand.
Infosecurity News
Mandiant’s latest M-Trends report found that vulnerability exploitation was the most common initial infection vector in 2023, making up 38% of intrusions
The Record
The cybersecurity firm Mandiant saw a more than 50% growth in zero-day usage compared to 2022.
SecurityWeek
CrushFTP patches a zero-day vulnerability allowing unauthenticated attackers to escape the VFS and retrieve system files.
Infosecurity News
CrushFTP is urging customers to download v11 of its file transfer platform, with attackers actively exploiting a vulnerability that allows them to download system files
The Record
Two of the biggest cybersecurity incidents in 2023 revolved around zero-day vulnerabilities in file transfer tools.
Infosecurity News
OpenSSF, in collaboration with the US Government, has developed Protobom, a open source tool designed to simplify SBOM management for organizations
SecurityWeek
YL Ventures leads a seed funding round for Miggo Security, a Tel Aviv startup working on application detection and response technology.
Cyber Security News
Microsoft SQL Server is one of the most popular databases deployed globally and an irresistible target for ransomware Attacks.
Cyber Security News
The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive.
Infosecurity News
Palo Alto Networks observed growing malware-initiated vulnerability scanning activity
The Hacker News
CL0P ransomware emerges as a major player in the cybercrime world! From "bed bug" beginnings to a global threat, this group's aggressive tactics are r
Cyber Security News
Adversaries are increasingly utilizing malware-infected devices to perform scans on target networks, shifting away from traditional direct
DarkReading
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Australia gets its cyber-groove back, and 2023's zero-day field day.
CyberSecurity Dive
The company said it still cannot quantify the potential impact of multiple government agency inquiries.
Infosecurity News
Flashpoint recorded a 34.5% rise in reported data breaches in 2023, with ransomware a major driver of this increase
SecurityWeek
In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major cyber threat indicators.
SecurityWeek
CISA and the FBI issue a secure-by-design alert on eliminating SQL injection vulnerabilities from software.
CyberSecurity Dive
CISA and FBI officials linked attacks against MOVEit file transfer software to preventable defects.
Infosecurity News
The US government wants developers to get serious about tackling SQL injection bugs
The Hacker News
CISA adds 3 security flaws to its Known Exploited Vulnerabilities catalog, citing active exploitation evidence
SC Magazine
A PoC exploit is available for the critical flaw, which was added to CISA’s KEV catalog Monday.
Bleeping Computer
CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to eliminate SQL injection (SQLi) security vulnerabilities before shipping.
CyberSecurity Dive
Recorded Future observed an approximately threefold increase in actively exploited high-risk vulnerabilities in enterprise software and network infrastructure, such as VPNs.
CyberNews
Philips Respironics has filed a notice with the authorities about a hacking incident on its network server. It’s still not clear what data was affected.
CyberSecurity Dive
At least 100 services remain offline four weeks after the UnitedHealth Group detected an intrusion in its medical claims clearinghouse. Experts say the impacts are unprecedented.
SC Magazine
First patched in August, the critical vulnerability enables unauthenticated web shell deployment.
Security Affairs
Unemployment agency France Travail (Pôle Emploi) recently suffered a data breach that could impact 43 million people.
Infosecurity News
France’s employment agency suffered a massive breach, exposing the data of users who registered over the past 20 years
Bleeping Computer
France Travail, formerly known as Pôle Emploi, is warning that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals.
HACKRead
These groups launched phishing attacks using stealthy attack patterns to target officials at large US school districts, bypassing MFA protections.
CyberSecurity Dive
The ransomware group didn’t just regroup quickly after a law enforcement takedown. It carried out the worst attack on U.S. infrastructure to date, according to experts.
Infosecurity News
Group-IB research warns of rising use of zero-day threats in targeted attacks
Infosecurity News
Ransomware and destabilization attacks rose in 2023, yet France’s ANSSI is most concerned about a diversification of cyber espionage campaigns
SecurityWeek
Use of AI to help vulnerability prioritization approaches suggests an exciting future for AI-assisted methods to vulnerability triaging.
SC Magazine
Thousands of ScreenConnect servers are at risk of takeover from a CVSS 10-scored vulnerability.
SecurityWeek
Supply chain security: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers
Infosecurity News
Arctic Wolf found that the median ransomware demand was $600,000 in 2023, a 20% rise on the previous year
The Cyber Express
In a concerning development, Schneider Electric's Sustainability Business Division has fallen victim to a data breach, raising alarms about the
SC Magazine
Security pros speculate that the Schneider Electric hack could wind up being another large ransomware loss like last year’s $100 million MGM case.
Bleeping Computer
The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month.
Bleeping Computer
Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later.
Infosecurity News
A notification letter sent to the Attorney General of Maine showed 57,028 individuals were impacted
The Hacker News
U.S. Department of State is offering up to $10 million for information on Hive ransomware operators.
SC Magazine
In letter to customers, firm said it has no intention of paying a ransom.
Cyber Security News
A new report by Chainalysis found that ransomware payments reached a staggering $1 billion in 2023, highlighting the growing threat posed by cybercrime.
SecurityWeek
Implementing a smart and timely approach to patching is one of the primary ways for organizations to protect their networks from cyberattacks.
CyberSecurity Dive
Ransomware payments surpassed $1.1 billion and researchers say attack sprees targeting MOVEit, GoAnywhere, Citrix devices and PaperCut helped fuel the surge.
CyberNews
2023 marked a major comeback for cyber gangs deploying ransomware, who received a record-breaking sum of at least $1.1 billion in ransom payments.
SC Magazine
The MOVEit hack and growth of RaaS helped drive record-breaking ransomware revenue, analysts say.
PCMag
Payments to ransomware attackers surge in 2023, doubling in value from the previous year, according to data from Chainalysis.
DataBreaches
The ransomware gang known as Clop created massive headaches for numerous entities with attacks involving the exploitation of vulnerabilities in file transfer...
Infosecurity News
Chainalysis monitoring of blockchain transactions finds ransomware payments hit a record $1bn in 2023
Bleeping Computer
Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs.
The Record
Companies, individuals and other victims of ransomware attacks paid hackers more than $1.1 billion in 2023 in exchange for unlocking their data, according to new research.
The Cyber Express
In an era dominated by evolving digital landscapes and persistent cyber threats, the mastery of cybersecurity language is paramount for
Infosecurity News
The last quarter of 2023 saw an 80% year-on-year increase in ransomware victim claims, according to ReliaQuest
CSO
A compromised VPN led to the data breach, impacting the sensitive and personal information of the users, including staff members of Canada’s foreign affairs department.
Infosecurity News
Energy firm Schneider Electric said a ransomware incident, reportedly perpetrated by the Cactus group, has led to data being accessed from its Sustainability Business division
SecurityWeek
Schneider Electric’s Sustainability Business division disrupted as a result of a ransomware attack and data breach.
CyberSecurity Dive
The company revealed multiple government investigations are underway into the MOVEit vulnerability. It’s also party to more than 100 class-action lawsuits.
Bleeping Computer
Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter.
CyberNews
Miracle software data leak expose millions of corporate emails
SecurityWeek
PoC code exploiting a critical Fortra GoAnywhere MFT vulnerability gets published one day after public disclosure.
CyberSecurity Dive
File-transfer services, including GoAnywhere, were widely exploited by ransomware threat groups in 2023.
Infosecurity News
Researchers have released exploit code for a critical bug in managed file transfer software Fortra GoAnywhere
SC Magazine
With a PoC for exploiting the file sharing software already available, users are urged to patch immediately.
Bleeping Computer
Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on unpatched instances via the administration portal.
Cyber Security News
Apple has released its first zero-day vulnerability patch of 2024 which affected several Apple products including tvOS, iOS, iPadOS, macOS.
Cyber Security News
Atlassian disclosed a critical vulnerability last week which was related to Remote Code Execution (CVE-2023-22527).
Cyber Security News
More than 9 vulnerabilities detected this month the most crucial ones were a Validation Bypass, Arbitrary File via Malicious Source URL.
Cyber Security News
Hackers seek to exploit WhatsApp flaws to gain unauthorized access to user data, messages, and sensitive information.
Cyber Security News
Recently, cybersecurity researchers at Microsoft discovered that Russian-based hackers hacked the emails of Microsoft's senior executives.
Cyber Security News
UNC3886, a highly advanced Chinese nexus espionage group was found to be exploiting VMware vCenter systems using the vulnerability.
Cyber Security News
In a case that ignites the age-old debate between security concerns and ethical hacking, a German court has convicted a programmer who uncovered a critical vulnerability in software developed by Modern Solution.
Cyber Security News
Bluetooth vulnerabilities in Android, Linux, macOS, iOS, and Windows are critical as hackers could exploit them to gain unauthorized access to the vulnerable devices.
Cyber Security News
Threat actors target Apache Struts 2 due to vulnerabilities in its code that can be exploited for unauthorized access to web applications.
Loading more articles....