Cisco Duo says a third-party data breach stole MFA SMS logs

Cisco Duo has confirmed some sensitive customer data was stolen after a third-party cyber-incident. In a breach notification letter sent to affected customers, Cisco Duo said that its telephony provider, which it didn’t name, was compromised on April 1 2024. Read More …

Hackable Intel and Lenovo hardware that went undetected for 5 years won’t ever be fixed

Hardware sold for years by the likes of Intel and Lenovo contains a remotely exploitable vulnerability that will never be fixed. The cause: a supply chain snafu involving an open source software package and hardware from multiple manufacturers that directly Read More …

What we know about the xz Utils backdoor that almost infected the world

On Friday, a lone Microsoft developer rocked the world when he revealed a backdoor had been intentionally planted in xz Utils, an open source data compression utility available on almost all installations of Linux and other Unix-like operating systems. The Read More …

Backdoor found in widely used Linux utility targets encrypted SSH connections

Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian. The compression utility, known as xz Utils, introduced the malicious code in versions ​​5.6.0 Read More …

Acer Philippines reports data breach in third-party vendor system

Acer Philippines confirmed through an official statement that a security breach occurred within a third-party vendor’s system. The vendor was responsible for managing Acer Philippines’ employee attendance data, and the breach resulted in the unauthorized access of this information. The Read More …

Third-Party Breach and Missing MFA Contributed to British Library Cyber-Attack

The British Library ransomware attack was likely caused by the compromise of third-party credentials coupled with no multifactor authentication (MFA) in place to stop the attackers, despite previous warnings about these risks. This is according to a British Library report Read More …

Microsoft admits Russian state hack still not contained

Microsoft said Friday it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data. Read More …

Third-party breach leads to American Express customer data compromise

Payment card provider American Express Company is warning customers that their credit card details may have been exposed following a breach involving a third-party provider. The details were first revealed in a filing with the State of Massachusetts, with a Read More …

South Africa: CIPC cyber attack leaves millions of entities vulnerable across nation

Sensitive data of at least three-million entities and individuals who were registered with the Companies and Intellectual Property Commission (CIPC) could have fallen into the wrong hands when the organisation’s database was hacked this week. Addresses, credit card details, ID Read More …