The Cyber Express
Banco Santander Confirms Data Breach, Assures Customers’ Transactions Remain Secure
Santander, one of the largest banks in the eurozone, confirmed that an unauthorized party had gained access to a database
The Cyber Express
Santander Confirms Data Breach, Assures Customers’ Transactions Remain Secure
Santander, one of the largest banks in the eurozone, confirmed that an unauthorized party had gained access to a database
Infosecurity News
Data Breaches in US Schools Exposed 37.6M Records
Comparitech said 2023 was a record year for breaches with 954 reported, up from 139 in 2022 and 783 in 2021
The Cyber Express
Dark Web Hacker Claims to Expose 70K National Parent Teacher Association Records
The IntelBroker hacker has allegedly leaked a database belonging to the National Parent Teacher Association (PTA), a cornerstone of child
SecurityWeek
FBCS Collection Agency Data Breach Impacts 2.7 Million
Financial Business and Consumer Solutions (FBCS) says the personal information of 2.7 million was impacted in the recent data breach.
Security Affairs
Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Bleeping Computer
The Week in Ransomware - May 10th 2024 - Chipping away at LockBit
After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation.
Bleeping Computer
University System of Georgia: 800K exposed in 2023 MOVEit attack
The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks.
Cyber Security News
University System of Georgia Says 800,000 Students Impacted in MOVEit Hack
The University System of Georgia (USG) announced that the confidential information of approximately 800,000 students, faculty, and staff was exposed in the recent MOVEit data breach.
SecurityWeek
University System of Georgia Says 800,000 Impacted by MOVEit Hack
University System of Georgia says Social Security numbers and bank account numbers were compromised in the May 2023 MOVEit hack.
CyberNews
Data incident at University System of Georgia exposes bank account numbers
The University System of Georgia, a US government agency, has suffered a data incident via the infamous MOVEit Transfer hack.
DarkReading
DBIR: Supply Chain Breaches Up 68% Year Over Year
As Verizon Business redefines "supply chain breach," it could either help organizations address third-party risk holistically or just conflate and confuse.
DarkReading
Software Security: Too Little Vendor Accountability, Experts Say
Actual legislation is a long shot and a decade away, but policy experts are looking to jump-start the conversation around greater legal liability for insecure software products.
SecurityWeek
Verizon DBIR 2024 Shows Surge in Vulnerability Exploitation, Confirmed Data Breaches
Verizon 2024 DBIR shows that vulnerability exploitation increased three times and confirmed data breaches doubled compared to 2023.
The Cyber Express
CL0P Lists McKinley Packing, Pilot, and Pinnacle Engineering as Latest Victims
The CL0P ransomware group has listed 3 additional victims on its leak site. The mentioned victims include: McKinley Packing, Pilot
Infosecurity News
1 in 5 US Ransomware Attacks Triggers Lawsuit
Comparitech found that 18% of ransomware incidents in the US led to a lawsuit in 2023, with 59% of completed lawsuits since 2018 proving successful
Infosecurity News
Vulnerability Exploits Triple as Initial Access Point for Breaches
The growth of software supply chain attacks pushed vulnerability exploits to the third most used initial access method, Verizon found
CyberSecurity Dive
CVE exploitation nearly tripled in 2023, Verizon finds
Threat actors are going after critical security flaws in widely used applications, but human error is still at the root of business security woes.
DarkReading
Verizon DBIR: Basic Security Gaffes Cause Breach Surge
MOVEit drove a big chunk of the increase, but social engineering and failure to patch led to a doubling of data breaches since 2023, said Verizon Business.
SC Magazine
Verizon’s 2024 Data Breach Investigations Report: 5 key takeaways
Vulnerability exploits, pure extortion and internal risks are on the rise, while AI threats fall short.
HACKRead
Agent Tesla and Taskun Malware Targeting US Education and Govt Entities
Beware! Agent Tesla & Taskun Malware are targeting US Education & Gov. This cyberattack steals data & exploits vulnerabilities.
CyberSecurity Dive
CISA director pushes for vendor accountability and less emphasis on victims’ errors
Stakeholders need to address why vendors are delivering products with common vulnerabilities, which account for the majority of attacks, Jen Easterly said.
CyberSecurity Dive
Zero-day exploits hit CrushFTP, researchers expect rapid exploitation
CrushFTP CEO Ben Spink said the company isn’t aware of any data theft thus far, but researchers see echoes of MOVEit exploits and other high-profile file-transfer vulnerabilities.
SecurityWeek
The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success
Mandiant's M-Trends 2024 Report unveils mixed signals in cybersecurity. While defenses are improving, attackers still retain the upper hand.
Infosecurity News
Vulnerability Exploitation on the Rise as Attacker Ditch Phishing
Mandiant’s latest M-Trends report found that vulnerability exploitation was the most common initial infection vector in 2023, making up 38% of intrusions
The Record
Chinese, Russian espionage campaigns increasingly targeting edge devices
The cybersecurity firm Mandiant saw a more than 50% growth in zero-day usage compared to 2022.
SecurityWeek
CrushFTP Patches Exploited Zero-Day Vulnerability
CrushFTP patches a zero-day vulnerability allowing unauthenticated attackers to escape the VFS and retrieve system files.
Infosecurity News
CrushFTP File Transfer Vulnerability Lets Attackers Download System Fi
CrushFTP is urging customers to download v11 of its file transfer platform, with attackers actively exploiting a vulnerability that allows them to download system files
The Record
CrushFTP urges customers to patch file transfer tool ‘ASAP’
Two of the biggest cybersecurity incidents in 2023 revolved around zero-day vulnerabilities in file transfer tools.
Infosecurity News
US Government and OpenSSF Partner on New SBOM Management Tool
OpenSSF, in collaboration with the US Government, has developed Protobom, a open source tool designed to simplify SBOM management for organizations
SecurityWeek
Miggo Security Gets $7.5 Million Seed Funding to Build ADR Technology
YL Ventures leads a seed funding round for Miggo Security, a Tel Aviv startup working on application detection and response technology.
.webp)
Cyber Security News
Data Center Ransomware Attacks on Rise: Microsoft SQL Server is Prime Target
Microsoft SQL Server is one of the most popular databases deployed globally and an irresistible target for ransomware Attacks.
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive.
Infosecurity News
Hackers Use Malware to Hunt Software Vulnerabilities
Palo Alto Networks observed growing malware-initiated vulnerability scanning activity
The Hacker News
CL0P's Ransomware Rampage - Security Measures for 2024
CL0P ransomware emerges as a major player in the cybercrime world! From "bed bug" beginnings to a global threat, this group's aggressive tactics are r
Cyber Security News
Hackers Using Malware-Driven Scanning Attacks To Pinpoint Vulnerabilities
Adversaries are increasingly utilizing malware-infected devices to perform scans on target networks, shifting away from traditional direct
DarkReading
CISO Corner: Cyber-Pro Swindle; New Faces of Risk; Cyber Boosts Valuation
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Australia gets its cyber-groove back, and 2023's zero-day field day.
CyberSecurity Dive
Progress Software continues to cooperate with SEC probe into MOVEit exploitation
The company said it still cannot quantify the potential impact of multiple government agency inquiries.
Infosecurity News
17 Billion Personal Records Exposed in Data Breaches in 2023
Flashpoint recorded a 34.5% rise in reported data breaches in 2023, with ransomware a major driver of this increase
SecurityWeek
Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023
In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major cyber threat indicators.
SecurityWeek
US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities
CISA and the FBI issue a secure-by-design alert on eliminating SQL injection vulnerabilities from software.
CyberSecurity Dive
Software makers urged to flush SQL injection vulnerabilities
CISA and FBI officials linked attacks against MOVEit file transfer software to preventable defects.
Infosecurity News
CISA and FBI Urge Renewed Effort to Eliminate SQLi Flaws
The US government wants developers to get serious about tackling SQL injection bugs
The Hacker News
CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products
CISA adds 3 security flaws to its Known Exploited Vulnerabilities catalog, citing active exploitation evidence
SC Magazine
Fortinet FortiClient EMS SQL injection flaw exploited in the wild
A PoC exploit is available for the critical flaw, which was added to CISA’s KEV catalog Monday.
Bleeping Computer
CISA urges software devs to weed out SQL injection vulnerabilities
CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to eliminate SQL injection (SQLi) security vulnerabilities before shipping.
CyberSecurity Dive
Threat groups hit enterprise software, network infrastructure hard in 2023
Recorded Future observed an approximately threefold increase in actively exploited high-risk vulnerabilities in enterprise software and network infrastructure, such as VPNs.
CyberNews
Philips Respironics admits to breach
Philips Respironics has filed a notice with the authorities about a hacking incident on its network server. It’s still not clear what data was affected.
CyberSecurity Dive
Change Healthcare’s drawn-out recovery catches flak from cyber experts
At least 100 services remain offline four weeks after the UnitedHealth Group detected an intrusion in its medical claims clearinghouse. Experts say the impacts are unprecedented.
SC Magazine
Fortra FileCatalyst RCE bug disclosed; full PoC exploit available
First patched in August, the critical vulnerability enables unauthenticated web shell deployment.
Security Affairs
France Travail data breach impacted 43 Million people - Security Affairs
Unemployment agency France Travail (Pôle Emploi) recently suffered a data breach that could impact 43 million people.
Infosecurity News
French Employment Agency Data Breach Could Affect 43 Million People
France’s employment agency suffered a massive breach, exposing the data of users who registered over the past 20 years
Bleeping Computer
French unemployment agency data breach impacts 43 million people
France Travail, formerly known as Pôle Emploi, is warning that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals.
HACKRead
Tycoon and Storm-1575 Linked to Phishing Attacks on US Schools
These groups launched phishing attacks using stealthy attack patterns to target officials at large US school districts, bypassing MFA protections.
CyberSecurity Dive
AlphV’s hit on Change Healthcare strikes a sour note for defenders
The ransomware group didn’t just regroup quickly after a law enforcement takedown. It carried out the worst attack on U.S. infrastructure to date, according to experts.
Infosecurity News
Ads for Zero-Day Exploit Sales Surge 70% Annually
Group-IB research warns of rising use of zero-day threats in targeted attacks
Infosecurity News
Cyber Espionage France’s Top Threat Ahead of 2024 Paris Olympics
Ransomware and destabilization attacks rose in 2023, yet France’s ANSSI is most concerned about a diversification of cyber espionage campaigns
SecurityWeek
Toward Better Patching — A New Approach with a Dose of AI
Use of AI to help vulnerability prioritization approaches suggests an exciting future for AI-assisted methods to vulnerability triaging.
SC Magazine
ConnectWise exploit could spur ‘ransomware free-for-all,’ expert warns
Thousands of ScreenConnect servers are at risk of takeover from a CVSS 10-scored vulnerability.
SecurityWeek
Cyber Insights 2024: Supply Chain
Supply chain security: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers
Infosecurity News
Initial Ransomware Demands Jump 20% to $600,000 in 2023
Arctic Wolf found that the median ransomware demand was $600,000 in 2023, a 20% rise on the previous year
The Cyber Express
Complexity Mounts in Schneider Electric Data Breach: Cactus Ransomware Claims Responsibility
In a concerning development, Schneider Electric's Sustainability Business Division has fallen victim to a data breach, raising alarms about the
SC Magazine
Cactus ransomware gang claims it stole 1.5TB of Schneider Electric data
Security pros speculate that the Schneider Electric hack could wind up being another large ransomware loss like last year’s $100 million MGM case.
Bleeping Computer
Cactus ransomware claim to steal 1.5TB of Schneider Electric data
The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month.
Bleeping Computer
Prudential Financial breached in data theft cyberattack
Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later.
Infosecurity News
Bank of America Customers at Risk After Data Breach
A notification letter sent to the Attorney General of Maine showed 57,028 individuals were impacted
The Hacker News
U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders
U.S. Department of State is offering up to $10 million for information on Hive ransomware operators.
SC Magazine
Planet Home Lending notifies customers of LockBit ransomware incident
In letter to customers, firm said it has no intention of paying a ransom.
Cyber Security News
Ransomware Payments Hitting Record High, Exceed $1 Billion
A new report by Chainalysis found that ransomware payments reached a staggering $1 billion in 2023, highlighting the growing threat posed by cybercrime.
SecurityWeek
How to Predict Your Patching Priorities
Implementing a smart and timely approach to patching is one of the primary ways for organizations to protect their networks from cyberattacks.
CyberSecurity Dive
Ransomware actors hit zero-day exploits hard in 2023
Ransomware payments surpassed $1.1 billion and researchers say attack sprees targeting MOVEit, GoAnywhere, Citrix devices and PaperCut helped fuel the surge.
CyberNews
Record $1.1 billion paid in ransoms in 2023
2023 marked a major comeback for cyber gangs deploying ransomware, who received a record-breaking sum of at least $1.1 billion in ransom payments.
SC Magazine
Ransomware payments breached $1 billion in 2023, a first
The MOVEit hack and growth of RaaS helped drive record-breaking ransomware revenue, analysts say.
PCMag
Ransomware Attacks Rake in Over $1 Billion in 2023 for New Record
Payments to ransomware attackers surge in 2023, doubling in value from the previous year, according to data from Chainalysis.
DataBreaches
Lawsuits Involving GoAnywhere Data Breach Consolidated at One Florida Federal Court
The ransomware gang known as Clop created massive headaches for numerous entities with attacks involving the exploitation of vulnerabilities in file transfer...
Infosecurity News
Ransomware Payments Hit $1bn All-Time High Last Year
Chainalysis monitoring of blockchain transactions finds ransomware payments hit a record $1bn in 2023
Bleeping Computer
Ransomware payments reached record $1.1 billion in 2023
Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs.
The Record
Ransomware payments doubled to more than $1 billion in 2023
Companies, individuals and other victims of ransomware attacks paid hackers more than $1.1 billion in 2023 in exchange for unlocking their data, according to new research.
The Cyber Express
2023 Cybersecurity Lingo for Stronger Digital Defense
In an era dominated by evolving digital landscapes and persistent cyber threats, the mastery of cybersecurity language is paramount for
Infosecurity News
LockBit Reigns Supreme in Soaring Ransomware Landscape
The last quarter of 2023 saw an 80% year-on-year increase in ransomware victim claims, according to ReliaQuest
CSO
Canada’s foreign affairs department investigates data breach
A compromised VPN led to the data breach, impacting the sensitive and personal information of the users, including staff members of Canada’s foreign affairs department.
Infosecurity News
Schneider Electric Confirms Data Accessed in Ransomware Attack
Energy firm Schneider Electric said a ransomware incident, reportedly perpetrated by the Cactus group, has led to data being accessed from its Sustainability Business division
SecurityWeek
Schneider Electric Responding to Ransomware Attack, Data Breach
Schneider Electric’s Sustainability Business division disrupted as a result of a ransomware attack and data breach.
CyberSecurity Dive
MOVEit liabilities mount for Progress Software
The company revealed multiple government investigations are underway into the MOVEit vulnerability. It’s also party to more than 100 class-action lawsuits.
Bleeping Computer
Energy giant Schneider Electric hit by Cactus ransomware attack
Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter.
CyberNews
Miracle leak exposes 11 million corporate messages
Miracle software data leak expose millions of corporate emails
SecurityWeek
PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability
PoC code exploiting a critical Fortra GoAnywhere MFT vulnerability gets published one day after public disclosure.
CyberSecurity Dive
GoAnywhere MFT customers confront yet another critical file-transfer CVE
File-transfer services, including GoAnywhere, were widely exploited by ransomware threat groups in 2023.
Infosecurity News
Exploit Code Released For Critical Fortra GoAnywhere Bug
Researchers have released exploit code for a critical bug in managed file transfer software Fortra GoAnywhere
SC Magazine
Fortra blasted over slow response to critical GoAnywhere file transfer bug
With a PoC for exploiting the file sharing software already available, users are urged to patch immediately.
Bleeping Computer
Exploit released for Fortra GoAnywhere MFT auth bypass bug
Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on unpatched instances via the administration portal.
Cyber Security News
Apple Critical Zero-day Flaw Exposes iPhones & Macs
Apple has released its first zero-day vulnerability patch of 2024 which affected several Apple products including tvOS, iOS, iPadOS, macOS.
Cyber Security News
Atlassian Confluence Servers Attacked From 600+ IP Addresses
Atlassian disclosed a critical vulnerability last week which was related to Remote Code Execution (CVE-2023-22527).
Cyber Security News
Critical AI Security Flaws Let Attackers Bypass Detection & Execute Remote Code
More than 9 vulnerabilities detected this month the most crucial ones were a Validation Bypass, Arbitrary File via Malicious Source URL.
Cyber Security News
WhatsApp Privacy Flaw Devices Information to Any Other User
Hackers seek to exploit WhatsApp flaws to gain unauthorized access to user data, messages, and sensitive information.
Cyber Security News
Microsoft Senior Executives Emails Hacked by Russian Hackers Group
Recently, cybersecurity researchers at Microsoft discovered that Russian-based hackers hacked the emails of Microsoft's senior executives.
Cyber Security News
Chinese Hackers Deploying Backdoor via VMware ESXi Zero-day Since 2021
UNC3886, a highly advanced Chinese nexus espionage group was found to be exploiting VMware vCenter systems using the vulnerability.
Cyber Security News
Court Charges Programmer for Disclosing Security Flaw Publicly
In a case that ignites the age-old debate between security concerns and ethical hacking, a German court has convicted a programmer who uncovered a critical vulnerability in software developed by Modern Solution.
Cyber Security News
New Bluetooth Vulnerability Let Hackers Takeover of iOS, Android, Linux, & MacOS Devices
Bluetooth vulnerabilities in Android, Linux, macOS, iOS, and Windows are critical as hackers could exploit them to gain unauthorized access to the vulnerable devices.
Cyber Security News
1,718,000+ Apache Struts 2 Installation Open to RCE Attacks
Threat actors target Apache Struts 2 due to vulnerabilities in its code that can be exploited for unauthorized access to web applications.
Loading more articles....