In an alarming revelation, cybersecurity researchers from Oasis Security identified a critical vulnerability in Microsoft’s multi-factor authentication (MFA) system, dubbed AuthQuake, which had potentially put numerous user accounts at risk. This vulnerability allowed attackers to bypass MFA protections, thereby gaining unauthorized access to user accounts. The flaw lay in Microsoft’s implementation, which permitted up to ten failed attempts within one
In a significant blow to cybersecurity efforts, Sabre Corporation, a prominent US-based travel technology company, recently experienced a major data breach caused by a ransomware attack. This cyberattack, which occurred in September 2023, led to the exposure of sensitive personal information of nearly 30,000 employees. The Dunghill Leak group, the cybercriminal organization behind the attack, later leaked this compromised data
The news broke recently that Krispy Kreme had disclosed a significant cybersecurity incident to U.S. federal regulators, shaking the company’s operations and impacting its online sales. The unauthorized network activity was detected on November 29, 2024, prompting immediate action from Krispy Kreme. While the incident has disrupted online ordering in certain regions of the United States, in-store purchases and distribution
As the holiday season approached, law enforcement agencies from across the globe joined forces to launch an extensive effort aimed at dismantling 27 Distributed Denial-of-Service (DDoS) platforms that cybercriminals typically exploit during this period to wreak havoc and inflict financial harm on businesses and individuals. This collaborative operation, aptly named ‘PowerOFF,’ was spearheaded by Europol and saw contributions from agencies
Recent reports indicate a significant data breach resulted from hackers capitalizing on misconfigurations in Amazon Web Services (AWS). These vulnerabilities were targeted by the notorious hacking groups Nemesis and ShinyHunters, leading to the exposure of sensitive information such as customer data, infrastructure credentials, and proprietary source code. Independent cybersecurity researchers Noam Rotem and Ran Locar were able to identify the
A significant decline in reported cyber-attacks among the United Kingdom’s largest financial institutions reflects the positive impact of recent regulatory enhancements designed to bolster cybersecurity defenses. Based on data obtained through a Freedom of Information request by Hack the Box, incidence notifications to the Financial Conduct Authority (FCA) have dropped by 53% in the period from January 1 to October
As technology advances at an unprecedented rate, the integrity of live video streams and recordings from Scottish Parliamentary proceedings is increasingly under threat due to deepfake technologies. The Scottish Centre for Crime and Justice Research (SCCJR) and the University of Edinburgh recently conducted a study highlighting the various vulnerabilities associated with Scottish Parliament TV, the platform that provides livestreaming and
A significant vulnerability in Cleo-managed file transfer software has prompted urgent warnings from cybersecurity agencies. Users must ensure their systems are not exposed to the internet following reports of massive exploitation by threat actors. On December 3, 2024, Huntress, a cybersecurity company, identified that threat actors have been leveraging this vulnerability, which is affecting fully patched systems of Cleo’s LexiCom,
Throughout the past year, utility companies have faced a substantial rise in ransomware attacks that threaten their critical infrastructure. It is revealed a concerning 42% increase in such incidents, highlighting a growing vulnerability within these essential services. Cybercriminals are increasingly targeting utility firms that manage both Information Technology (IT) and Operational Technology (OT) systems, creating a significant challenge due to
The persistent and escalating struggle against cybercriminals is a pressing concern for industries worldwide. With cybercrime costs projected to exceed $10.5 trillion by 2025, the need for effective and innovative cybersecurity measures has never been more critical. This article delves into the current state of cybersecurity, highlighting advancements, setbacks, and strategies for improvement. Cybercriminals are becoming increasingly sophisticated, employing technologies
Recent disruptive cyberattacks on blood suppliers and related establishments have illuminated critical vulnerabilities in the systems and networks that underpin the safe procurement, processing, and distribution of blood and blood components. The Food and Drug Administration (FDA), in light of these incidents, is appealing to blood entities to significantly fortify their cybersecurity practices to ensure the reliable and safe supply
In a significant breach that jeopardized a widely-used artificial intelligence tool, the Ultralytics AI library was compromised earlier this month, allowing attackers to infiltrate the system and deliver a cryptocurrency mining payload via the PyPI package repository. This incident, which came to light on December 4, exposed a critical vulnerability in the library’s build environment, exploited through a GitHub Actions
