Author: nlqip
MS-ISAC ADVISORY NUMBER: 2024-094 DATE(S) ISSUED: 09/03/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated…
Read More
Sep 03, 2024Ravie LakshmananInsider Threat / Network Security A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his former employer. Daniel Rhyne of Kansas City, Missouri, has been charged with one count of extortion in relation to a threat to cause damage…
Read More
Transport for London (TfL), the city’s transport authority, is investigating an ongoing cyberattack that has yet to impact its services. The agency also added that there was no evidence that customer information was compromised during the incident. “We are currently dealing with an ongoing cyber security incident,” TfL’s Customer Information Team warned customers over email…
Read More
Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K. The codes – temporary passwords also known as OTPs, were part of multi-factor authentication protections and criminals subscribing to the illegal service could use them to access…
Read More
Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log in…
Read More
The Federal Trade Commission (FTC) proposes a $2.95 million penalty on security camera vendor Verkada for multiple security failures that enabled hackers to access live video feeds from 150,000 internet-connected cameras. Many of the cameras were located in sensitive environments, such as women’s health clinics, psychiatric hospitals, prisons, and schools. FTC alleges that Verkada not only failed…
Read More
Image: Midjourney A new ransomware-as-a-service (RaaS) operation is impersonating the legitimate Cicada 3301 organization and has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide. The new cybercrime operation is named after and uses the same logo as the mysterious 2012-2014 online/real-world game named Circada 3301 that involved elaborate cryptographic puzzles.…
Read More
CBIZ Benefits & Insurance Services (CBIZ) has disclosed a data breach that involves unauthorized access of client information stored in specific databases. The company informs that a threat actor exploited a vulnerability in one of its web pages and was able to steal customer data between June 2 and June 21. CBIZ is a management consulting company…
Read More
Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities,…
Read More
‘Microsoft has disappointed so many customers with AI,’ Salesforce co-founder and CEO Marc Benioff said. Salesforce CEO and co-founder Marc Benioff said earlier this week that Microsoft’s artificial intelligence products and strategy “has disappointed so many customers,” touting his company’s own platform and upcoming “agent” brand of AI products as superior to Microsoft’s Copilots. Jared…
Read More