Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
A new study from security firm Tessian highlights the sophisticated techniques employed by threat actors to evade detection and trick employees. Between July 2020-July 2021, two million malicious emails bypassed traditional email defenses, like secure email gateways, placing many employers at risk of data breach and cyber fraud. According to the study, retail industry […]
Continue Reading
Chinese cybersecurity researcher has discovered a new strain of malware that spreads via “poisoned” search-engine results. The malware dubbed ‘OSX.ZuRu’ poses as the legitimate macOS tool called iTerm2. Currently, the attackers are only targeting the Chinese Baidu search engine but it would not be a surprise if they attempt to expand their operation in […]
Continue Reading
US-based web host and domain registrar Epik has confirmed an “unauthorized intrusion” in its systems, a week after members of hacktivist group ‘Anonymous’ claimed that the group had obtained and leaked gigabits of data from the hosting company, including 15 million email addresses. The firm initially denied reports of the breach by saying, “’we […]
Continue Reading
AT&T, the world’s largest telecommunications firm, lost over $200 million after a Pakistani scammer and his partners coordinated a seven-year scheme that led to the fraudulent unlocking of nearly 2 million phones. Muhammad Fahd, 35, of Karachi, has been sentenced to 12 years in prison after he bribed several AT&T employees to do his […]
Continue Reading
Earlier this month, the personal court records for residents of Lubbock County, located in the US state of Texas, were exposed when the county transitioned to a new computer software system. The exposed data contained non-disclosure orders, criminal cases, and civil and family law records. According to the county’s official website, Lubbock County Defense […]
Continue Reading
The City of Yonkers has refused to pay the ransom after ransomware attackers demanded a ransom of $10 million to revive the disparate modules that overlay the different departments of the city. Earlier this month, government employees at the City of Yonkers were restricted from accessing their laptops or computers after the city suffered […]
Continue Reading
Cybersecurity researchers at Cofense Phishing Defense Center (PDC) have unearthed a new phishing campaign that uses ‘information technology (IT) support-themed email’ to lure users to update their passwords. The email appears legitimate because it’s a common practice within organizations to send security updates to their employees on a weekly or monthly basis. IT team […]
Continue Reading
On Tuesday, Randy Westergren, a cybersecurity expert, published his study on the Motorola Halo+, a popular baby monitor. He revealed two severe flaws in the protocol and remote code execution (RCE) of the Motorola Halo+ that would allow threat actors to hijack the device. The Motorola Halo+ comprises an over-the-crib monitor, a handheld unit […]
Continue Reading
Earlier this year in June, a security researcher from security firm Sonatype uncovered six malicious payloads in the official Python programming language’s PyPI repository that were laced with cryptomining malware. The attackers used typo-squatted names for the malicious payloads that were downloaded more than 5000 times. All the packages were posted on PyPI by […]
Continue Reading
The five-year longitudinal research conducted by cybersecurity firm Imperva revealed that nearly half of on-premises databases globally contain at least one flaw that could expose them to cyber-attacks. Researchers scanned roughly 27,000 databases, finding 46% contained vulnerabilities at an average of 26 vulnerabilities per database. Unfortunately, 56% of those vulnerabilities were ranked as ‘critical […]
Continue Reading