Latest Software Security Breaches & Attacks
Microsoft links attacks on Exchange Server to China
Microsoft says it has detected multiple zero-day attacks against on-premise versions of Microsoft Exchange Server.
Oxford University confirms cyber incident at Covid-19 research lab
Oxford University has confirmed reports of a cyber incident at a research laboratory that is researching how to counter the Covid-19 pandemic
Ransomware attacks fuelled increase in data theft in 2020, says IBM Security
Ransomware attacks increased 20% in 2020 compared to the previous year, with “double-extortion” tactics used in 59% of cases, according to a report by IBM Security.
Data of 3.3m cash-loan app users ‘sold online’
Email addresses and other information about 3.3m clients of money-lending app Cashalo in the Philippines is being offered for sale on the dark web, a preliminary investigation by the Philippine National Privacy Commission (NPC) has shown.
Hackers behind Accellion breach linked to FIN11 group
Hackers behind Accellion breach linked to FIN11 group
Big game hunters and the ransomware jungle
Ransomware groups are increasingly using a more targeted approach against large organisations. Aleksander Jarosz explains more.
Second North American university hacked
Personally identifiable information of students and others connected with the Simon Fraser University (SFU) in western Canada have leaked in a cyberattack.
US university suffers data breach
The names and social security numbers of around 9,800 students, alumni and applicants of private research Syracuse University in New York state have leaked.
Clubhouse app reviews data protection practices following concerns about potential Chinese government access
High-profile US app Clubhouse has pledged to review its data protection procedures after academics warned it contained security flaws that left users’ data at risk of being accessed by the Chinese authorities.
Egregor Ransomware: what is it and why is it worrying the authorities?
A new ransomware group called Egregor has caught the attention of the Federal Bureau of Investigation, prompting it to issue a warning last month. GRC World Forums explains more about what it is and how it is being used in “double-extortion” attempts.
FTC settles with travel insurer for lax security on cloud database
The Federal Trade Commission (FTC) in the US has finalised a settlement with SkyMed International over allegations that the emergency travel services provider failed to take reasonable steps to secure sensitive consumer information.
4,000 files feared stolen in cyber attack on Scottish regulator
An environmental regulator in Scotland has confirmed that at least 4,000 files have been accessed and likely stolen by criminals in an ongoing cyberattack on its systems.
Connected vehicles and the rise of automotive cyber security
Vehicles are now entertainment, communications and productivity hubs, connected to both the internet and their surroundings – so automotive cyber security is increasingly essential, writes Alexander Moiseev
Cyber security company reveals “state-sponsored” cyber attack
US cyber security company FireEye yesterday revealed that it had been the victim of what it believes was a state-sponsored cyber attack.
Data locality is a compliance control, not a security control
Data locality is increasingly seen as important, but is there confusion as to why it matters? Microsoft’s Mark Anderson explains what he believes to be the real reason for its importance
Trump fires CISA Director over statement on US election security
The Director of the Cybersecurity and Infrastructure Security Agency (CISA) was fired by Donald Trump yesterday because he authorised a statement saying that the election was “the most secure in American history.”
Identifying, verifying and authenticating customers in banking
GRC World Forums looks at some of the identification and verification technologies currently being used to ensure privacy and security in an increasingly complex banking landscape while ensuring user experience remains positive.
Uber former security chief charged in connection with attempted data breach cover-up
The US Department of Justice has charged Joseph Sullivan, former chief security officer at Uber, with obstruction of justice following a data breach.
Research reveals the most vulnerable IoT devices
SAM Seamless Network unveils its Threat Assessment Lab research, investigating new attack vectors focusing on IoTs.
McAfee, Symantec & Trend Micro breached by Russian hacking group
The three US-based antivirus software vendors that had been breached by a Russian hacking group have now been identified.