News

The FBI is asking US businesses to report any uptick in Russian hacking threats -- the latest effort to prepare for potential Russian cyberattacks on US organizations amid Russia's troop buildup on Ukraine's border, CNN reported this week. "Have you identified any efforts by known or suspected Russian to test exploitation capabilities, develop new malware or otherwise prepare for cyber operations?" the FBI asked in a January 21 request for information to US businesses obtained by CNN....

Attacks linked to a Chinese threat actor have exploited a Zimbra's zero-day vulnerability and are stealing emails linked to European government and media. Researchers say that at the time of writing the exploit has no available patch. Zimbra says that more than 200,000 businesses from over 140 countries are using its software, including over 1,000 government and financial organizations. The vulnerability allows attackers to perform a number of malicious actions. These include exfiltrating cookies to...

Employees and executives from the top 20 pharma companies on the Fortune 500 list have had their credentials exposed, new research suggests. Constella Intelligence identified 9,030 breaches/leakages and 4,549,871 exposed records—including attributes like email addresses, passwords, phone numbers, addresses, and even credit card and banking information—related to employee corporate credentials from the companies analysed. The circulation and proliferation of this data provides threat actors with the resources necessary for a range of cyberattacks and paves the...

The Department of Homeland Security has announced a new Cyber Safety Review Board bringing together cybersecurity experts from public and private organizations to "review and assess significant cybersecurity events." The board was part of the executive order that President Joe Biden signed last year. Experts have long called for a federal organisation for cybersecurity incidents similar to the National Transportation Safety Board, which investigates airplane crashes and transportation incidents.  Alejandro Mayorkas, Homeland Security secretary, said...

KP Snacks, purveyor of iconic British snacks such as Skips and Butterkist, has been hit with a ransomware attack threatening to impact deliveries at least until the end of March. The company announced that Conti, an incredibly effective Russian-speaking group, is behind the attack. As is typical for the gang, they stole data in a double-extortion operation, posting “proof” of the steal on their leak site. Jamie Akhtar, CEO and founder of Cybersmart said, “as...

Despite business backing and a recruitment push, new research suggests most tech security decision-makers are struggling to address the skilled professional shortage. Stott and May, a global cybersecurity recruitment firm has joined forces with venture investor Forgepoint Capital to compose the Cyber Security in Focus. Responses from cybersecurity directors, security operations directors and VPs of product security across the globe are all featured. 87% of respondents admitted to skills shortages, with over a third (35%) claiming...

Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to the tune of $326 million in cryptocurrency. Wormhole is a platform enabling users to transfer cryptocurrency across different blockchains. It  locks the original token in a smart contract and mints a wrapped version of the stored token that is trans. Avalanche, Oasis, Binance Smart Chain, Ethereum, Polygon, Solana, and Terra blockchains are all supported by the platform. Wormhole announced yesterday that they shut...

Zero trust-type security has become the standard for any self-respecting security software provider and is a step in the right direction in the never-ending battle against the bad hacker actors of the worlds. Unfortunately, it doesn’t seem the be the final answer to storing corporate data securely for an enterprise and its users. Zero trust is essential for enterprises to restrict access controls to networks, applications and environments without sacrificing performance or usability. Even those...

The American web infrastructure and website security company Cloudflare has announced the launch of a new public bug bounty program. Rushil Shah, a Product Security Engineer at Cloudflare said, "today we are launching Cloudflare's paid public bug bounty program," "We believe bug bounties are a vital part of every security team's toolbox and have been working hard on improving and expanding our private bug bounty program over the last few years." The new public bug...

A cloud misconfiguration has leaked personal details of countless airport staff throughout South America, a new report suggests. An Amazon Web Services S3 bucket was found without any authentication required to access its contents. A team at AV comparison site Safety Detectives found the problem and notified the owner, Swedish security giant Securitas on October 28 2021. The firm secured the database on November 2. Safety Detectives believe the S3 bucket contained around 1.5 million...