- Kadokawa confirms data leak of 254,000 people due to cyberattack
August 6, 2024
Japanese publisher Kadokawa has confirmed a data leak affecting 254,241 people due to a cyberattack. The finding, announced Monday, is based on an investigation by third-party experts. Of the leaked data, information of 186,269 people was related to Kadokawa Dwango Educational Institute, including N High School, a correspondence school. Kadokawa reported the investigation results to the ...
- SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability
August 5, 2024
The SonicWall Capture Labs threat research team has discovered a pre-authentication remote code execution vulnerability in Apache OFBiz being tracked as CVE-2024-38856 with a CVSS score of 9.8. This is the second major flaw SonicWall has discovered in Apache OFBiz in recent months, the first coming in December 2023. This time, a flaw in the override ...
- Chinese hackers hijacked an ISP software update to spread malware
August 5, 2024
Windows and macOS machines alike have been hit by malware after notorious Chinese hacker group StormBamboo used a compromised internet service provider (ISP) to target organizations with poisoned DNS responses. StormBamboo used altered DNS query responses tied to automatic update mechanisms to target organizations that used insecure update mechanisms that did not properly validate the digital ...
- Beware of Fake WinRar Websites: Malware Hosted on GitHub
August 5, 2024
A fake website seemingly distributing WinRar, a data compression, encryption, and archiving tool for Windows, has been seen also hosting malware. This fake website closely resembles the official website, uses typosquatting, and capitalizes on internet users who might incorrectly type the URL of this well-known archiving application. The initial malware then leads to a slew of ...
- Google Illegally Acted As A Search Monopoly, Judge Rules In Major Case
August 5, 2024
A federal judge ruled on Monday Google violated antitrust laws in a bid to maintain a monopoly with its search engine—a major loss for Google, capping off the latest antitrust case brought against a U.S. tech giant. D.C.-based Judge Amit Mehta wrote “Google is a monopolist” and “has acted as one to maintain its monopoly,” in ...
- Chinese cyber attack sparks alert over six year old MS vuln
August 5, 2024
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft vulnerability dating back to 2018 to its Known Exploited Vulnerabilities (KEV) catalogue after evidence emerged that it is being used in an attack chain by the China-backed APT41 advanced persistent threat group. CVE-2018-0824 was first addressed by Microsoft in the May 2018 Patch ...
- LianSpy: new Android spyware targeting Russian users
August 5, 2024
In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021. This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple ...
- Bringing Security Back into Balance
August 4, 2024
A growing tension has been proliferating in the modern enterprise, shallow, but just under the surface. The recent CrowdStrike outage punctuated this tension in dramatic fashion — and what we saw coming all along, is here now. Revolutionary technology shifts come fast and are integrated quickly into the day-to-day operations of the business. In return, ...
- Operation Giant Financial Storm Under Circuit Breaker Orders
August 2, 2024
Since 2022, the BerBeroka group has been mentioned in every annual report released by the QiAnXin Threat Intelligence Center. The group was disclosed by QiAnXin friendly company Trend Micro. QiAnXin researchers have continued to track it under this name after merging internal groups. In fact, BerBeroka is the same as group such as DRBControl and TAG33 . ...
- Pharma giant Cencora is alerting millions about its data breach
August 2, 2024
Cencora has so far notified over a million people around the U.S. that their personal and protected health information was compromised in a data breach earlier this year. The pharmaceutical giant in May said that a February incident resulted in the compromise of patients’ data, which Cencora obtained through partnerships with drug makers it works with ...
- Optus and Medibank Data Breach Cases Allege Cyber Security Failures
August 2, 2024
2022 was a big year for cyber security breaches in Australia. Both telecommunications provider Optus and private health insurer Medibank suffered large-scale data breaches affecting tens of millions of Australians, leading to heightened regulatory and business focus on cyber security in the years since. The two data breaches also led to legal action, with recent court ...