PowerSchool Reportedly Pays Ransom to Prevent Student Data Leak –
A school district said that PowerSchool paid a ransom to prevent the attackers releasing data it accessed of students and teachers in North America – Read More –
Category: Privacy/Governance Feed
EU Commission Liable for Breaching EU’s Own Data Protection Rules –
A court has ruled the EU Commission infringed an individual’s right to the protection of their personal data by transferring their details to the US – Read More –
Government Launches £1.9m Initiative to Boost UK’s Cyber Resilience –
The UK government has pledged nearly £2m to 30 new Cyber Local projects designed to enhance cyber resilience – Read More –
Critical Ivanti Zero-Day Exploited in the Wild –
Ivanti customers are urged to patch two new bugs in the security vendor’s products, one of which is being actively exploited – Read More –
Green Bay Packers Pro Shop Data Breach Compromises Customers –
The Green Bay Packers disclosed on Monday that their official online store was breached and customer information stolen – Read More –
US Launches Cyber Trust Mark for IoT Devices –
The voluntary Cyber Trust Mark labeling program will allow consumers to assess the cybersecurity of IoT devices when making purchasing decisions – Read More –
Scammers Exploit Microsoft 365 to Target PayPal Users –
A new PayPal phishing scam used genuine money requests, bypassing security checks to deceive recipients – Read More –
Casio Admits Security Failings as Attackers Leak Employee and Customer Data –
Electronics firm Casio revealed that ransomware attackers have leaked the personal data of employees, customers and business partners – Read More –
New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices –
A newly identified Mirai botnet exploits over 20 vulnerabilities, including zero-days, in industrial routers and smart home devices – Read More –
Fake Government Officials Use Remote Access Tools for Card Fraud –
Group-IB has observed scammers impersonating government officials to trick disaffected consumers into divulging card details – Read More –
New Research Highlights Vulnerabilities in MLOps Platforms –
New research by Security Intelligence has revealed security risks in MLOps platforms including Azure ML, BigML and Google Vertex AI – Read More –
Moxa Urges Immediate Updates for Security Vulnerabilities –
Moxa has reported two critical vulnerabilities in its routers and network security appliances that could allow system compromise and arbitrary code execution – Read More –
Phishing Click Rates Triple in 2024 –
Netskope observed a 190% growth in enterprise users clicking phishing links as attackers become more creative in delivering effective lures – Read More –
UK Government to Ban Creation of Explicit Deepfakes –
The UK government is cracking down on the generation of sexually explicit deepfakes in a bid to protect women and girls – Read More –
CISA Claims Treasury Breach Did Not Impact Other Agencies –
The US Cybersecurity and Infrastructure Security Agency claims a recent China-linked breach was confined to the Treasury – Read More –
Supply Chain Attack Targets Key Ethereum Development Tools –
A new supply chain attack targets Ethereum tools, exploiting npm packages to steal sensitive data – Read More –
New PhishWP Plugin Enables Sophisticated Payment Page Scams –
The PhishWP plugin enables scammers to create fake payment pages, stealing sensitive data via Telegram – Read More –
Chinese Hackers Double Cyber-Attacks on Taiwan –
Taiwan’s security service said government networks faced 2.4 million attacks in 2024, most of which are attributed to Chinese state actors – Read More –
New Infostealer Campaign Uses Discord Videogame Lure –
Threat actors are tricking victims into downloading malware with the promise of testing a new videogame – Read More –
Scammers Drain $500m from Crypto Wallets in a Year –
Scam Sniffer claims that threat actors used wallet drainers to steal $494m from victims in 2024 – Read More –
US Sanctions Chinese Cybersecurity Firm for Global Botnet Attacks –
The US government said that China based firm Integrity Technology Group provided infrastructure for Flax Typhoon to attack multiple US targets – Read More –
Atos Group Denies Space Bears’ Ransomware Attack Claims –
Atos Group has denied the ransomware group Space Bears’ claims of compromising its database, calling the allegations unfounded – Read More –
Crypto Boss Extradited to Face $40bn Fraud Charges –
Former Terraform CEO Do Hyeong Kwon is now in the US facing federal fraud charges – Read More –
Web3 Attacks Result in $2.3Bn in Cryptocurrency Losses –
The amount of crypto stolen in the Web3 ecosystem rose by 31.6% compared to 2023, with phishing the most costly attack vector – Read More –
DDoS Disrupts Japanese Mobile Giant Docomo –
Docomo has revealed a DDoS attack on Thursday took down key services – Read More –
Apple Agrees $95M Settlement Over Siri Privacy Violations –
Apple has agreed to a $95m settlement in a class action lawsuit alleging Siri privacy violations, with eligible users receiving up to $20 per Siri-enabled device – Read More –
US Confirms Russian GenAI Disinformation Op Targeted Election –
The US government has sanctioned Russian state-affiliated entity CGE, which used a vast GenAI infrastructure to spread disinformation during the US Presidential election – Read More –
Global Campaign Targets PlugX Malware with Innovative Portal –
Sekoia’s innovative PlugX malware disinfection campaign removed active threats across ten countries – Read More –
New DoubleClickjacking Attack Bypasses Protections –
DoubleClickjacking bypasses X-Frame-Options and SameSite cookies in double-click sequences, exposing UI authentication flaws – Read More –
HIPAA Rules Update Proposed to Combat Healthcare Data Breaches –
The US government has set out proposals to increase security obligations on healthcare providers to protect patient data amid surging cyber-attacks in the sector – Read More –
Hackers Leak Rhode Island Citizens’ Data on Dark Web –
The State of Rhode Island has confirmed that cybercriminals have begun publishing data stolen from its social services portal, the RIBridges system – Read More –
Dozens of Chrome Browser Extensions Hijacked by Data Thieves –
Over 2.5 million end users are at risk as researchers discover 36 compromised Chrome extensions – Read More –
US Treasury Computers Accessed by China in Supply Chain Attack –
Chinese hackers appear to have compromised Treasury machines via a trusted third party – Read More –
Majority of UK SMEs Lack Cybersecurity Policy –
Insurance firm Markel Direct found that 69% of UK SMEs lack a cybersecurity policy, with a significant lack of basic cybersecurity measures in place across these firms – Read More –
CISA’s 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration –
The US Cybersecurity and Infrastructure Security Agency’s 2024 Year in Review marks Jen Easterly’s final report before resignation – Read More –
Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400% –
The vacuum left by RedLine’s takedown will likely lead to a bump in the activity of other a infostealers – Read More –
US and Japan Blame North Korea for $308m Crypto Heist –
A joint US-Japan alert attributed North Korean hackers with a May 2024 crypto heist worth $308m from Japan-based company DMM – Read More –
Spyware Maker NSO Group Liable for WhatsApp User Hacks –
A US judge has ruled in favor of WhatsApp in a long-running case against commercial spyware-maker NSO Group – Read More –
Major Biometric Data Farming Operation Uncovered –
Researchers at iProov have discovered a dark web group compiling identity documents and biometric data to bypass KYC checks – Read More –
Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP –
The vulnerabilities, now patched, posed significant risks, including unauthorized file uploads, privilege escalation and SQL injection attacks – Read More –
Ransomware Attack Exposes Data of 5.6 Million Ascension Patients –
US healthcare giant Ascension revealed that 5.6 million individuals have had their personal, medical and financial information breached in a ransomware attack – Read More –
Cryptomining Malware Found in Popular Open Source Packages –
Cryptomining malware hits popular npm packages rspack and vant, posing risks to open source tools – Read More –
Interpol Identifies Over 140 Human Traffickers in New Initiative –
A new digital operation has enabled Interpol to identify scores of human traffickers operating between South America and Europe – Read More –
ICO Warns of Mobile Phone Festive Privacy Snafu –
The Information Commissioner’s Office has warned that millions of Brits don’t know how to erase personal data from their old devices – Read More –
Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe –
OpenAI must also initiate a six-month public awareness campaign across Italian media, explaining how it processes personal data for AI training – Read More –
Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers –
The Security Service of Ukraine has accused Russian-linked actors of perpetrating a cyber-attack against the state registers of Ukraine – Read More –
LockBit Admins Tease a New Ransomware Version –
The LockBitSupp persona said LockBit 4.0 will be launched in February 2025 – Read More –
Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns –
The FBI has issued a warning about the Hiatus RAT malware targeting Xiongmai and Hikvision web cameras and DVRs, urging users isolate these devices from networks – Read More –
CISA Urges Encrypted Messaging After Salt Typhoon Hack –
The US Cybersecurity and Infrastructure Security Agency recommended users turn on phishing-resistant MFA and switch to Signal-like apps for messaging – Read More –
Ransomware Attackers Target Industries with Low Downtime Tolerance –
A Dragos report observed 23 new ransomware groups targeting industrial organizations in Q3 2024 – Read More –