Latest Software Security Breaches & Attacks
Investigation under way after hack at provider of code testing software
Codecov has called in law enforcement agencies after a cyber attacker breached one of its products which enables software developers to test source code to help prevent bugs and syntax errors.
97% of businesses ‘experienced cyber attacks via mobile devices last year’
Nearly every business polled reported a cyber-attack via a mobile device last year, according to research by cyber security firm Check Point Software Technologies
EU Council adopts cyber security strategy
The Council of the European Union has agreed to the European Commission’s proposed cyber security policy for the digital decade ahead.
Australian data latest to be compromised in Microsoft Exchange Server attacks
The Australian Cyber Security Centre (ACSC) has identified extensive targeting and confirmed compromises of organisations with vulnerable Microsoft Exchange servers.
Microsoft releases updates for older software to try and combat soaring Exchange Server attacks
Microsoft is pushing out updates for older software as ransomware groups seek to exploit vulnerabilities caused by ongoing attacks against on-premise versions of its Exchange Server.
Hackers access live feeds ‘from 150,000 surveillance cameras’
A group of hackers says it has breached security systems and viewed live feeds from 150,000 surveillance cameras supplied by Verkada to general and psychiatric hospitals, women’s health clinics, police stations, prisons, schools and companies, including car maker Tesla and software provider Cloudflare.
White House and US federal agencies’ concerns mount over Microsoft Exchange Server hack
The White House has urged widespread action to patch Microsoft Exchange servers following an ongoing attack that the company has blamed on China.
McAfee hits back after being charged with fraud and money laundering conspiracy over cryptocurrency promotion
The anti-virus software pioneer John McAfee has hit out after being charged with fraud and money laundering crimes in the United States.
US mortgage lender agrees to pay $1.5m penalty after failing to report cyber breach
Residential Mortgage Services (RMS) has agreed with New York state’s Department of Financial Services to pay $1.5m after failing to report a cyber breach.
Microsoft links attacks on Exchange Server to China
Microsoft says it has detected multiple zero-day attacks against on-premise versions of Microsoft Exchange Server.
Oxford University confirms cyber incident at Covid-19 research lab
Oxford University has confirmed reports of a cyber incident at a research laboratory that is researching how to counter the Covid-19 pandemic
Ransomware attacks fuelled increase in data theft in 2020, says IBM Security
Ransomware attacks increased 20% in 2020 compared to the previous year, with “double-extortion” tactics used in 59% of cases, according to a report by IBM Security.
Data of 3.3m cash-loan app users ‘sold online’
Email addresses and other information about 3.3m clients of money-lending app Cashalo in the Philippines is being offered for sale on the dark web, a preliminary investigation by the Philippine National Privacy Commission (NPC) has shown.
Hackers behind Accellion breach linked to FIN11 group
Hackers behind Accellion breach linked to FIN11 group
Big game hunters and the ransomware jungle
Ransomware groups are increasingly using a more targeted approach against large organisations. Aleksander Jarosz explains more.
Second North American university hacked
Personally identifiable information of students and others connected with the Simon Fraser University (SFU) in western Canada have leaked in a cyberattack.
US university suffers data breach
The names and social security numbers of around 9,800 students, alumni and applicants of private research Syracuse University in New York state have leaked.
Clubhouse app reviews data protection practices following concerns about potential Chinese government access
High-profile US app Clubhouse has pledged to review its data protection procedures after academics warned it contained security flaws that left users’ data at risk of being accessed by the Chinese authorities.
Egregor Ransomware: what is it and why is it worrying the authorities?
A new ransomware group called Egregor has caught the attention of the Federal Bureau of Investigation, prompting it to issue a warning last month. GRC World Forums explains more about what it is and how it is being used in “double-extortion” attempts.
FTC settles with travel insurer for lax security on cloud database
The Federal Trade Commission (FTC) in the US has finalised a settlement with SkyMed International over allegations that the emergency travel services provider failed to take reasonable steps to secure sensitive consumer information.
4,000 files feared stolen in cyber attack on Scottish regulator
An environmental regulator in Scotland has confirmed that at least 4,000 files have been accessed and likely stolen by criminals in an ongoing cyberattack on its systems.
Connected vehicles and the rise of automotive cyber security
Vehicles are now entertainment, communications and productivity hubs, connected to both the internet and their surroundings – so automotive cyber security is increasingly essential, writes Alexander Moiseev
Cyber security company reveals “state-sponsored” cyber attack
US cyber security company FireEye yesterday revealed that it had been the victim of what it believes was a state-sponsored cyber attack.
Data locality is a compliance control, not a security control
Data locality is increasingly seen as important, but is there confusion as to why it matters? Microsoft’s Mark Anderson explains what he believes to be the real reason for its importance
Trump fires CISA Director over statement on US election security
The Director of the Cybersecurity and Infrastructure Security Agency (CISA) was fired by Donald Trump yesterday because he authorised a statement saying that the election was “the most secure in American history.”
