July 2024

Identity: the new security perimeter

What to do when your MFA is mercilessly attacked by hackers Webinar  Threat actors are always looking for that easy way in by testing weak spots, and user identities are one of their favourite targets.…

Break-in at ‘third-party cloud platform’ leaked 110M customer records, says AT&T

Snowflake? Snowflake AT&T has admitted that cyberattackers grabbed a load of its data for the second time this year, and if you think the first haul was big you haven't seen anything: This one includes data on "nearly all" AT&T wireless customers - and those served by mobile…

Singapore’s banks to ditch texted one-time passwords

Accessibility be damned, preventing phishing is the priority After around two decades of allowing one-time passwords (OTPs) delivered by text message to assist log ins to bank accounts in Singapore, the city-state will abandon the authentication technique.…

China’s APT41 crew adds a stealthy malware loader and fresh backdoor to its toolbox

Meet DodgeBox, son of StealthVector Chinese government-backed cyber espionage gang APT41 has very likely added a loader dubbed DodgeBox and a backdoor named MoonWalk to its malware toolbox, according to cloud security service provider Zscaler’s ThreatLabz research team.…

‘Gay furry hackers’ say they’ve disbanded after raiding Project 2025’s Heritage Foundation

Ultra-conservative org funnily enough not ready to turn the other cheek After claiming to break into a database belonging to The Heritage Foundation, and then leaking 2GB of files belonging to the ultra-conservative think tank, the hacktivist crew SiegedSec claims to have disbanded. …

Advance Auto Parts: 2.3M people’s data accessed when crims broke into our Snowflake account

Letters from CISO Ethan Steiger suggest the data related to job applications Advance Auto Parts' CISO just revealed for the first time the number of individuals affected when criminals broke into its Snowflake instance – a hefty 2.3 million.…

Privacy expert put away for 9 years after ‘grotesque’ cyberstalking campaign

Scumbag targeted many victims – and those who tried to help them A scumbag who used to work as a privacy consultant has been put behind bars for nine years for a "grotesque" cyberstalking campaign against more than a dozen victims.…

You had a year to patch this Veeam flaw and now it’s going to hurt

LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware Yet another new ransomware gang, this one dubbed EstateRansomware, is exploiting a Veeam vulnerability that was patched more than a year ago to drop file-encrypting malware, a LockBit variant, and…

Japanese space agency spotted zero-day attacks while cleaning up attack on M365

Multiple malware attack saw personal data acessed, but rocket science remained safe The Japanese Space Exploration Agency (JAXA) discovered it was under attack using zero-day exploits while working with Microsoft to probe a 2023 cyberattack on its systems.…

Snowflake lets admins make MFA mandatory across all user accounts

Company announces intent following Ticketmaster, Santander break-ins A month after incident response giant Mandiant suggested the litany of data thefts linked to Snowflake account intrusions had the common component of lacking multi-factor authentication (MFA) controls, the cloud storage and data analytics company is offering a mandatory MFA option…

Copyright © 2024 Lugapel