Adversaries increasingly using vendor and contractor accounts to infiltrate networks

The software supply chain has become a key security focus for many organizations, but the risks associated with supply chain attacks are often misunderstood. High-profile incidents like those reported by 3CX and MSI routinely grab headlines, continuing a trajectory of Read More …

At least 100,000 Nova Scotians affected by cyber theft of government employee files

Cyber-criminals made off with the personal and banking information of at least 100,000 Nova Scotians last week, before the Nova Scotia government secured a file transfer service that had been breached as part of a global attack on MOVEit. Nova Read More …

Spanish Globalcaja bank confirms ransomware attack

A prominent Spanish bank has confirmed that it is dealing with a ransomware attack that has impacted multiple branches. On Friday, Globalcaja issued a statement assuring customers that the incident has not impacted its entities’ operations, and that electronic banking Read More …

Microsoft says Clop ransomware gang is behind MOVEit mass-hacks, as first victims come forward

Security researchers have linked to the notorious Clop ransomware gang a new wave of mass-hacks targeting a popular file transfer tool, as the first victims of the attacks begin to come forward. It was revealed last week that hackers are Read More …

Android apps with 30 million downloads contain SpinOk Android malware — delete these now

Following the discovery that over a hundred Android apps with 400 million combined downloads actually contained the SpinOk malware, security researchers have now found that an additional 92 apps are also affected. For those unaware, SpinOk is a spyware module Read More …

British Airways, Boots staff data compromised by payroll cyber hack

British Airways and retailer Boots said their staff were amongst those hit by a cyber attack on Zellis, a payroll provider used by hundreds of companies in Britain. British Airways, owned by IAG, said it had notified affected employees and Read More …

Swiss administration hit by cyber attack

Swiss authorities are investigating a cyber attack on the IT company Xplain, whose clients include many federal and cantonal government departments, including the army and customs. The online attack was revealed on Saturday by the newspaper Le Temps, which reported Read More …

Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft

Mandiant has observed wide exploitation of a zero-day vulnerability in the MOVEit Transfer secure managed file transfer software for subsequent data theft. This vulnerability was announced by Progress Software Corporation on May 31, 2023 and has been assigned CVE-2023-34362. Based Read More …

A Confession Exposes India’s Secret Hacking Industry

In the summer of 2020, Jonas Rey, a private investigator in Geneva, got a call from a client with a hunch. The client, the British law firm Burlingtons, represented an Iranian-born American entrepreneur, Farhad Azima, who believed that someone had Read More …