23andMe user data breached in credential-stuffing attack

Biotech company 23andMe, known for its DNA testing kits, said the leak occurred through a credential-stuffing attack. A credential-stuffing attack involves user information that has already been compromised (usernames and passwords, for example) from one organization, which a hacker obtains Read More …

MGM Resorts estimates $100M loss due to cyber attack

MGM Resorts sent a letter to customers regarding the recent cyber incident that took place on Sept. 11. MGM Resorts stated that on or around Sept. 29, it determined that an unauthorized third party obtained the personal information of some Read More …

Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown

In a late August 2023 operation involving the FBI and many international partners, law enforcement agencies seized the infrastructure and cryptocurrency assets used by the Qakbot malware, dealing considerable damage to the group’s operations. Many people in the security industry Read More …

NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations

Today, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a joint cybersecurity advisory (CSA), NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations, which provides the most common cybersecurity misconfigurations in large Read More …

Sony confirms cyber-attack exposed details of nearly 7000 current and former employees

Sony Interactive Entertainment has confirmed the personal information of 6,791 former and current employees was exposed as part of a cyber-attack in June. According to a report the data breach was carried out by the Clop ransomware group. Sony is Read More …

Rules of engagement issued to hacktivists after chaos

The International Committee of the Red Cross (ICRC) has, for the first time, published rules of engagement for civilian hackers involved in conflicts. The organisation warns unprecedented numbers of people are joining patriotic cyber-gangs since the Ukraine invasion. The eight Read More …

Update on MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708

Unit 42 researchers have added additional information on CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 vulnerabilities using data gathered from Advanced Threat Prevention. On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) Read More …

Lyca Mobile blames cyberattack for network disruption

U.K.-based mobile virtual network provider giant Lyca Mobile has confirmed a cyberattack that caused service disruption for millions of its customers. Lyca Mobile claims to be the world’s largest international mobile virtual network operator, or MVNO, which piggybacks off network Read More …

Kenya hit by record 860m cyber-attacks in a year

Kenya has witnessed an alarming surge in cyberattacks, with a staggering 860 million incidents recorded in the past year, according to the country’s communications regulator. The regulator has expressed concerns over the escalating frequency, sophistication, and scale of these cyber Read More …