In the beginning of 2024, a major company listed in the Fortune 50 category paid $75 million to the Dark Angels group. This ransom amount is noted as one of the largest ever seen in history. The Dark Angels group first surfaced in May 2022, operating through the Dunghill data leak platform. Initially thought to…
Read More
Aug 20, 2024Ravie LakshmananMalware / Cyber Espionage Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations. Targets of these attacks span several sectors, including governmental institutions, financial companies, energy and oil and gas companies.…
Read More
Moreover, there are no safeguards at the repository level to detect bad packages. “Anyone can write a piece of code and just upload it to those platforms,” Yehuda Gelb, research engineer at Checkmarx, tells CSO. “For instance, in Python, you can just create a Python package and upload it, and there’s no one really in…
Read More
Aug 20, 2024Ravie LakshmananVulnerability / Ransomware The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware attacks. The vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that could lead to code execution. “Jenkins…
Read More
Aug 20, 2024Ravie LakshmananEnterprise Security / Data Breach Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information. “A potential issue in NetSuite’s SuiteCommerce platform could allow attackers to access sensitive data due to misconfigured access controls on custom record…
Read More
Image: Midjourney The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. Microsoft fixed the flaw, tracked as CVE-2024-38193 during its August 2024 Patch Tuesday, along with seven other zero-day vulnerabilities. CVE-2024-38193 is a Bring Your Own Vulnerable Driver (BYOVD)…
Read More
Toyota confirmed that its network was breached after a threat actor leaked an archive of 240GB of data stolen from the company’s systems on a hacking forum. “We are aware of the situation. The issue is limited in scope and is not a system wide issue,” Toyota told BleepingComputer when asked to validate the threat…
Read More
In today’s digital age, data privacy is crucial, with around 80% of countries implementing data protection laws like GDPR in Europe, CCPA in the US, PIPL in China, and DPDP in India. Technology plays a key role in compliance. Encryption and data masking secure sensitive information by making it unreadable to unauthorized users. Additionally, anonymization…
Read More
‘We’ve been on a tear from a growth perspective,’ US Signal’s John White tells CRN. ‘Once we complete the One Neck acquisition, which should happen in the next few weeks, we will have added eight new data centers to our portfolio.’ Up-and-coming data center heavyweight US Signal is making another Midwest acquisition, growing its available…
Read More
Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level. Last year, ransomware payments reached a record $1.1 billion, which Chainalysis previously predicted from stats gathered in the first half of the year when ransomware activity grossed $449,100,000.…
Read More