The U.S. government has revealed charges against Guan Tianfeng, a Chinese national linked to extensive cyberattacks on over 81,000 Sophos firewall devices worldwide in 2020. Guan, associated with Sichuan Silence Information Technology Company, is accused of computer and wire fraud conspiracy, and developing a zero-day vulnerability (CVE-2020-12271), which allowed unauthorized access to, and data exfiltration from, Sophos firewalls. The SQL
In a remarkable show of determination and technological prowess, South Korean law enforcement, in collaboration with the Korean Financial Security Institute (K-FSI) and other agencies, successfully dismantled a large-scale fraud network that extorted $6.3 million from victims. This sophisticated operation, dubbed Operation Midas, spanned over a year and involved meticulous monitoring and analysis of 125 illegal home trading system (HTS)
In an alarming revelation, cybersecurity researchers from Oasis Security identified a critical vulnerability in Microsoft’s multi-factor authentication (MFA) system, dubbed AuthQuake, which had potentially put numerous user accounts at risk. This vulnerability allowed attackers to bypass MFA protections, thereby gaining unauthorized access to user accounts. The flaw lay in Microsoft’s implementation, which permitted up to ten failed attempts within one
In a significant blow to cybersecurity efforts, Sabre Corporation, a prominent US-based travel technology company, recently experienced a major data breach caused by a ransomware attack. This cyberattack, which occurred in September 2023, led to the exposure of sensitive personal information of nearly 30,000 employees. The Dunghill Leak group, the cybercriminal organization behind the attack, later leaked this compromised data
The news broke recently that Krispy Kreme had disclosed a significant cybersecurity incident to U.S. federal regulators, shaking the company’s operations and impacting its online sales. The unauthorized network activity was detected on November 29, 2024, prompting immediate action from Krispy Kreme. While the incident has disrupted online ordering in certain regions of the United States, in-store purchases and distribution
As the holiday season approached, law enforcement agencies from across the globe joined forces to launch an extensive effort aimed at dismantling 27 Distributed Denial-of-Service (DDoS) platforms that cybercriminals typically exploit during this period to wreak havoc and inflict financial harm on businesses and individuals. This collaborative operation, aptly named ‘PowerOFF,’ was spearheaded by Europol and saw contributions from agencies
Recent reports indicate a significant data breach resulted from hackers capitalizing on misconfigurations in Amazon Web Services (AWS). These vulnerabilities were targeted by the notorious hacking groups Nemesis and ShinyHunters, leading to the exposure of sensitive information such as customer data, infrastructure credentials, and proprietary source code. Independent cybersecurity researchers Noam Rotem and Ran Locar were able to identify the
A significant decline in reported cyber-attacks among the United Kingdom’s largest financial institutions reflects the positive impact of recent regulatory enhancements designed to bolster cybersecurity defenses. Based on data obtained through a Freedom of Information request by Hack the Box, incidence notifications to the Financial Conduct Authority (FCA) have dropped by 53% in the period from January 1 to October
As technology advances at an unprecedented rate, the integrity of live video streams and recordings from Scottish Parliamentary proceedings is increasingly under threat due to deepfake technologies. The Scottish Centre for Crime and Justice Research (SCCJR) and the University of Edinburgh recently conducted a study highlighting the various vulnerabilities associated with Scottish Parliament TV, the platform that provides livestreaming and
A significant vulnerability in Cleo-managed file transfer software has prompted urgent warnings from cybersecurity agencies. Users must ensure their systems are not exposed to the internet following reports of massive exploitation by threat actors. On December 3, 2024, Huntress, a cybersecurity company, identified that threat actors have been leveraging this vulnerability, which is affecting fully patched systems of Cleo’s LexiCom,
Throughout the past year, utility companies have faced a substantial rise in ransomware attacks that threaten their critical infrastructure. It is revealed a concerning 42% increase in such incidents, highlighting a growing vulnerability within these essential services. Cybercriminals are increasingly targeting utility firms that manage both Information Technology (IT) and Operational Technology (OT) systems, creating a significant challenge due to
The persistent and escalating struggle against cybercriminals is a pressing concern for industries worldwide. With cybercrime costs projected to exceed $10.5 trillion by 2025, the need for effective and innovative cybersecurity measures has never been more critical. This article delves into the current state of cybersecurity, highlighting advancements, setbacks, and strategies for improvement. Cybercriminals are becoming increasingly sophisticated, employing technologies
