News – January 2024


  • VF Corp’s cyber incident causes data breach of 35.5 million consumers

    January 19, 2024

    Vans sneaker maker VF Corp said on Thursday the cyber incident that hit the company in December led to a breach of personal data of about 35.5 million consumers, and added that it does not expect a material impact to its financials. The unauthorized activity, detected on Dec. 13, disrupted global customer orders on its e-commerce ...

  • Security pros are being hospitalized by after-effects of ransomware hacks

    January 19, 2024

    New research from the Royal United Services Institute (RUSI) has laid bare the mental and physical toll that cybersecurity workers face as a result of their work. In a number of interviews with individuals who had been at the forefront of ransomware attacks and their aftermath, RUSI found that individuals were suffering from stress related illnesses, ...

  • Microsoft actions following attack by nation state actor Midnight Blizzard

    January 19, 2024

    The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium. Beginning in ...

  • Carnegie Mellon University hit by cyberattack, informs 7,300 people possibly affected

    January 19, 2024

    Carnegie Mellon University informed about 7,300 people that their personal information may have been compromised in an August cyberattack that was quietly investigated by law enforcement and the university. The breach impacting one of the nation’s top schools for computing was acknowledged by the university as higher education in general faces a growing assault by digital ...

  • Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021

    January 19, 2024

    While publicly reported and patched in October 2023, Mandiant and VMware Product Security have found UNC3886, a highly advanced China-nexus espionage group, has been exploiting CVE-2023-34048 as far back as late 2021. These findings stem from Mandiant’s continued research of the novel attack paths used by UNC3886, which historically focuses on technologies that are unable to ...

  • Ukrainian hackers steal construction plans for 500 Russian military sites

    January 18, 2024

    Hackers from the group Blackjack, purportedly affiliated with Ukraine’s SBU security service, have breached a Russian state enterprise involved in construction work for the Russian military, and downloaded over 1.2 TB of data, a Ukrainian law enforcement source told NV on Jan. 18. The data from Russia’s Main Military Construction Directorate for Special Projects included more ...

  • Chinese drones may pose security risks, US agencies warn

    January 18, 2024

    Chinese-made drones could pose a national security risk to the United States due to laws in China that force companies to provide authorities access to user data, two U.S. agencies say in a new memo. These “unmanned aircraft systems,” or UAS, are often used by operators of critical infrastructure in the United States without regard to ...

  • Update Chrome – Google patches actively exploited zero-day vulnerability

    January 18, 2024

    Google has released an update for Chrome which includes four security fixes, including one for a vulnerability that has reportedly already been exploited. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up ...

  • Water and Wastewater Sector – Incident Response Guide

    January 18, 2024

    Cyber threat actors are aware of – and deliberately target – single points of failure. A compromise or failure of a Water and Wastewater (WWS) Sector organization could cause cascading impacts throughout the Sector and other critical infrastructure sectors. There are many aspects of the large and complex WWS Sector that pose challenges to raising cyber resilience ...

  • Web monitors say Gaza week-long internet outage is longest yet

    January 18, 2024

    Internet monitoring firms say a near-total internet blackout in Gaza is reaching its seventh day, the longest outage of the ongoing Israel-Hamas conflict so far. Doug Madory, the director of internet analysis at Kentik, told TechCrunch in a Signal message that this is the “longest internet blackout ever and longer than all of the previous blackouts ...