Infosecurity News
Canadian Financial Regulator Hacked, Exposing Personal Data from Member Organizations
The Canadian Investment Regulatory Organization (CIRO) said it will work to identify the personal information breached and notify those affected
Attacker “Patches” Vulnerability Post Exploitation to Lock Out Competition
Red Canary observed the novel tactic in a cluster of activity targeting a legacy vulnerability to access cloud-based Linux systems
Legitimate Chrome VPN Extension Turns to Browser Spyware
Researchers detected that FreeVPN.One, a longstanding Chrome Web Store VPN extension, recently turned into spyware
South Yorkshire Police Deletes 96,000 Pieces of Digital Evidence
South Yorkshire Police have been reprimanded by the ICO after deleting 96,000 pieces of evidence from officers’ bodycams
Australian ISP iiNet Suffers Breach of 280,000+ Records
Over 280,000 customers of Australian ISP iiNet have been impacted by a data breach
Popular npm Package Compromised in Phishing Attack
An incident involving the npm package eslint-config-prettier has been uncovered spreading Scavenger RAT
USB Malware Campaign Spreads Cryptominer Worldwide
A multi-stage attack delivered via USB devices has been observed installing cryptomining malware using DLL hijacking and PowerShell
Chinese APT Group Targets Web Hosting Services in Taiwan
Cisco Talos observed the newly identified group compromise a Taiwanese web hosting provider to conduct a range of malicious activities
Colt Customers Face Prolonged Outages After Major Cyber Incident
The Warlock ransomware gang has taken credit for the cyber-attack after the UK telco giant publicly confirmed an incident on August 14
Man Jailed for 20 Months After Compromising Millions of Accounts
Al-Tahery Al-Mashriky has been sentenced to 20 months behind bars for hacktism-related offenses
Workday Reveals CRM Breach
Workday has revealed a breach of its third-party CRM systems in what could be the latest ShinyHunters attack
US and Five Global Partners Release First Unified OT Security Taxonomy
Germany, the Netherlands and four of the Five Eyes countries share a common asset inventory for industrial cybersecurity
Cisco Discloses Critical RCE Flaw in Firewall Management Software
Cisco has issued a software update to address the vulnerability, which can allow an unauthenticated, remote attacker to inject arbitrary shell commands
Majority of Organizations Ship Vulnerable Code, Study Finds
A new Checkmarx study reveals that AI-generated code now accounts for over 60% of codebases in some companies, much of which contains known vulnerabilities
Authorized Push Payment Fraud a National Security Risk to UK, Report Finds
A RUSI report warned that money mules are exploiting inadequate security controls in smaller payment service providers to move fraudulent transactions about
KernelSU v0.5.7 Flaw Lets Android Apps Gain Root Access
A flaw in KernelSU 0.5.7 allows attackers to impersonate its manager app and gain root access to Android devices
Malvertising Campaign Deploys Modular PowerShell Malware PS1Bot
An ongoing malware campaign has been observed using malvertising to deliver PS1Bot, a PowerShell-based framework
FBI Shares Tips to Spot Fake Lawyer Schemes Targeting Crypto Scam Victims
The Bureau’s Internet Crime Complaint Center has provided a list of indicators for potential cryptocurrency scam victims to avoid a double whammy
Hacked Law Enforcement and Government Email Accounts Sold on Dark Web for $40
Abnormal AI said gaining access to such accounts provides opportunities for sophisticated fraud schemes that impersonate officials
Fortinet Warns Exploit Code Available for Critical Vulnerability
Fortinet reveals details of a new critical-rated vulnerability in FortiSIEM circulating in the wild
