- AI search is going to change marketing… are you prepared?
September 3, 2024
OpenAI, the company behind ChatGPT, has announced they are building a search engine. It’s a move that begs two simple questions: is Google at risk and will this change how you market your business? The answer is yes to both. AI search engines aren’t new. Perplexity is an AI search engine with a valuation of over ...
- City of Columbus sues researcher for sharing leaked ransomware data
September 3, 2024
The City of Columbus, Ohio, has taken legal action against a security researcher who shared leaked data from a ransomware attack against the city with members of the news media. A lawsuit filed last week alleges that the actions of software development consultant David Leroy Ross Jr., who also goes by Connor Goodwolf, risks “irreparable harm” ...
- Transport for London dealing with ‘ongoing cyber security incident’
September 3, 2024
Transport for London (TfL) is dealing with whats it calls an “ongoing cyber security incident”. The organisation, which is responsible for most of London’s transport network, has not shared specific details of the incident but it confirmed there is currently no evidence customer data has been compromised. Shashi Verma, TfL’s chief technology officer, said: “We have ...
- Should State Governments Ban Ransomware Payments?
September 3, 2024
In 2021, North Carolina became the first state to prohibit public ransomware payments, even going so far as to ban negotiations with cyber criminals. It was a groundbreaking move. Florida followed suit in 2022, but its legislation took a less stringent approach, covering a narrower range of entities and omitting some of the stricter provisions ...
- Stone Wolf employs Meduza Stealer to hack Russian companies
September 2, 2024
BI.ZONE Threat Intelligence reports an increase in criminal activity employing commercial malware available on underground resources. Recently, the researchers identified a malicious campaign by a cluster later dubbed Stone Wolf. The adversaries send out phishing emails on behalf of a legitimate provider of industrial automation solutions. The goal of the attackers is to deliver Meduza Stealer ...
- Head Mare: adventures of a unicorn in Russia and Belarus
September 2, 2024
Head Mare is a hacktivist group that first made itself known in 2023 on the social network X (formerly Twitter). In their public posts, the attackers reveal information about some of their victims, including organization names, internal documents stolen during attacks, and screenshots of desktops and administrative consoles. By analyzing incidents in Russian companies, Kaspersky researchers ...
- Northern Ireland: Police Ombudsman sorry for ‘distressing’ data leak as investigation is launched
September 1, 2024
An investigation has been launched after a data breach led to the details of current and former Police Ombudsman staff members being accidently released. The Police Ombudsman (PONI) has apologised for the data leak incident involving 160 current and former staff. A document containing some of their personal details was “inadvertently released” to 22 people who ...
- Misconfigurations in Microsoft Exchange open new doors to email spoofing attacks
September 1, 2024
A new report from the Acronis Threat Research Unit has uncovered a vulnerability in Microsoft Exchange Online settings that could enable email spoofing attacks. This issue primarily affects users with a hybrid configuration of on-premises Exchange and Exchange Online, and those utilizing third-party email security solutions. In July 2023, Microsoft introduced a major change in how ...
- A million airport parking customers affected in huge data breach
August 31, 2024
A million Park’N Fly customers have had their sensitive data stolen after the company suffered a cyberattack. The news was confirmed in a data breach notification letter sent out by the company, which noted the threat actors accessed the company’s IT infrastructure in July 2024 using stolen VPN credentials. The crooks stole people’s full names, email ...
- Cyber security in critical industries: challenges, solutions, and the road ahead
August 30, 2024
In an era of rapid digital transformation, cyber security has emerged as a paramount concern, particularly for critical industries such as energy, healthcare, and transportation. As we approach the IET’s Cyber Security for Critical Industries 2024 conference, it is essential to delve into the latest cyber security challenges and explore how building resilient and responsive ...
- North Korean threat actor Citrine Sleet exploiting Chromium zero-day
August 30, 2024
On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). Microsoft researchers assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain. Microsoft ...