June 2025

Fake IT support calls hit 20 orgs, end in stolen Salesforce data and extortion, Google warns

Victims include hospitality, retail and education sectors A group of financially motivated cyberscammers who specialize in Scattered-Spider-like fake IT support phone calls managed to trick employees at about 20 organizations into installing a modified version of Salesforce's Data Loader that allows the crims to steal sensitive data.…

Crims stole 40,000 people’s data from our network, admits publisher Lee Enterprises

Did somebody say ransomware? Not the newspaper group, not even to deny it Regional newspaper publisher Lee Enterprises says data belonging to around 40,000 people was stolen during an attack on its network earlier this year.…

UK CyberEM Command to spearhead new era of armed conflict

Government details latest initiative following announcement last week Revealing more details about the Cyber and Electromagnetic (CyberEM) military domain, the UK's Ministry of Defence (MoD) says "there are pockets of excellence" but improvements must be made to ensure the country's capability meets the needs of national defense.…

Ukraine war spurred infosec vet Mikko Hyppönen to pivot to drones

Why? There's a war in Europe, Finland has a belligerent neighbor, and cyber is a settled field Interview  Mikko Hyppönen has spent the last 34 years creating security software that defends against criminals and state-backed actors, but now he's moving onto drone warfare.…

‘Deliberate attack’ deletes shopping app’s AWS and GitHub resources

CEO of India's KiranaPro, which brings convenience stores online, vows to name the perp The CEO of Indian grocery ordering app KiranaPro has claimed an attacker deleted its GitHub and AWS resources in a targeted and deliberate attack and vowed to name the perpetrator.…

Crooks fleece The North Face accounts with recycled logins

Outdoorsy brand blames credential stuffing Joining the long queue of retailers dealing with cyber mishaps is outdoorsy fashion brand The North Face, which says crooks broke into some customer accounts using login creds pinched from breaches elsewhere.…

Microsoft patches the patch that put Windows 11 in a coma

Out-of-band is becoming the norm rather than the exception Microsoft is patching another patch that dumped some PCs into recovery mode with an unhelpful error code.…

Illicit crypto-miners pouncing on lazy DevOps configs that leave clouds vulnerable

To stop the JINX-0132 gang behind these attacks, pay attention to HashiCorp, Docker, and Gitea security settings Up to a quarter of all cloud users are at risk of having their computing resources stolen and used to illicitly mine for cryptocurrency, after crims cooked up a campaign that…

Bling slinger Cartier tells customers to be wary of phishing attacks after intrusion

Nothing terribly valuable taken in data heist, though privacy a little tarnished Global jewelry giant Cartier is writing to customers to confirm their data was exposed to cybercriminals that broke into its systems.…

Ukrainians smuggle drones hidden in cabins on trucks to strike Russian airfields

A real-world Trojan Horse attack Ukraine claims it launched a cunning drone strike on Sunday against multiple Russian airbases, hitting over 40 military aircraft and inflicting an estimated $7 billion in damage, in an operation dubbed "Spiderweb."…

Copyright © 2024 Lugapel