Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. In focus between March 24 and 30: SafeMoon, an update on Euler Finance, crypto-stealing Clipper malware, BitKeep, theft fail at Swerve Finance, THORChain, APT43 and an update on ParaSpace.
Suspected North Korean hackers trojanized installers of a voice and video calling desktop client made by 3CX and used by major multinational companies. The vulnerability traces to a poisoned Electron software library file, an open-source framework for user interfaces.
Leaked documents from a Moscow IT consultancy reveal how the Russian government has commissioned tools for its military and intelligence agencies for conducting cyber operations, information warfare, and controlling the internet, as well as training critical infrastructure hackers.
In this week's data breach spotlight: Telecom giant Lumen reports incidents, Taiwanese hardware vendor QNAP discloses vulnerabilities, debt collector NCB suffers a data breach and more data breaches occur in Australia. Also, there's a new Mac info stealer, and Toyota Italy exposed customer data.
Security experts are urging users of IBM's Aspera Faspex file-exchange application to take it offline immediately unless they've patched a flaw being actively exploited by ransomware groups, including Buhti and IceFire. Separately, QNAP is warning customers to prepare for emergency security fixes.
The U.S. Consumer Financial Protection Bureau is mulling over whether to reimburse consumers for online scams and fraud, but this regulatory change could lead to an increase in first-party fraud, cautioned Karen Boyer, senior vice president of financial crimes at M&T Bank.
A hacking group with apparent ties to Russia or Belarus has been using "simple yet effective attack techniques and tools" to gain access to multiple governments' email systems as part of apparent cyberespionage operations in support of Russia's invasion of Ukraine, researchers warn.
There's much national security ado about how much user data gets collected by the Chinese-owned, wildly popular video-sharing app TikTok. But as France's ban of "recreational apps" from government-issued devices highlights, a bigger-picture approach for combating surveillance is required.
Credential harvesting attackers are taking advantage of a distributed file protocol to distribute customized phishing links. Because the system, the InterPlanetary File System, is designed to be resilient against content takedowns, scammers are using it to deliver phishing emails at scale.
A U.S. federal judge sentenced a Nigerian national to four years in prison for running several cyber-enabled schemes aimed at defrauding U.S. citizens out of more than $1 million. The men were arrested four years ago and extradited to Arizona in 2022 from Malaysia and the United Kingdom.
Blue Shield of California is notifying more than 63,000 customers that their data was potentially exfiltrated in a compromise involving Fortra's GoAnywhere secure file transfer software and one of the health plan's covered mental health providers for minors.
North Korean hackers are stealing cryptocurrency to fund operations under an apparent mandate from Pyongyang to be self-sufficient, threat intel firm Mandiant says. The regime probably expected its hackers to pay their own way before 2020, but the novel coronavirus pandemic exacerbated its demands.
A hacking incident at Australian non-bank lender Latitude Financial affected a far greater number of individuals than initially disclosed, the company said Monday. It now estimates that its mid-March cybersecurity incident affected 14 million people although it has just over 2.8 million customers.
The French government imposed a ban on TikTok and other social media apps after concluding that "recreational apps" lack sufficient "levels of cybersecurity and protection of data to be deployed on administrative equipment," said Stanislas Guerini, the minister of transformation and public service.
A New York medical malpractice law firm will pay $200,000 and implement data security improvements to settle a HIPAA enforcement action by the state attorney general's office following a 2021 ransomware attack by LockBit. Law firm Heidell, Pittoni, Murphy & Bach paid the hackers $100,000 in 2021.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.
