Hackers are attempting to infect a consumer-grade Wi-Fi router model with Mirai botnet malware following the discovery of zero-days in the device in a December hacking competition. TP-Link released a patch in mid-March. Telemetry shows infections in Eastern Europe and elsewhere.
In the days between April 14 and April 20, the spotlight was on the U.S. Consumer Financial Protection Bureau, a ransomware attack on American payments firm NCR, German automotive and arms producer Rheinmetall, state agencies in the Philippines, Indian rental platform RentoMojo, and Point32Health.
An Iranian state hacking group shifted from espionage to direct targeting of U.S. critical infrastructure - a likely indicator of newfound aggression by the national security apparatus, says Microsoft. One sign of Iran's new intensity is quicker uptake of exploits of newly disclosed vulnerabilities.
Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. In the days between April 6 and April 13, the spotlight was on European Hyundai dealerships, Yum! Brands, former RaidForums users, a German shipbuilder, a Taiwanese PC vendor and Tasmania.
Microsoft has issued fixes for 114 vulnerabilities, including patching a zero-day flaw being actively exploited by a ransomware group and updating guidance to block a vulnerability from 2013 that was recently exploited for the software supply chain attack on 3CX users, attributed to North Korea.
Every week, ISMG rounds up cybersecurity incidents and breaches around the world. This week, we check in on a breach at a law firm that does work for Uber, Dutch software maker Nebu, the latest in Oakland, California, and more. Oh, are Western Digital cloud services still down? Yes.
The FBI and other national police are touting an operation that dismantled Genesis Market, a marketplace used by ransomware hackers and bank thieves to gain ongoing access to victims' computers. Genesis Market since 2018 offered access to more than 1.5 million compromised computers around the world.
An employee of a Ukrainian utility company installed an unlicensed version of Microsoft Office from a torrent website resulting in two remote access Trojans infecting the company's systems. The Computer Emergency Response Team of Ukraine attributes the malware to a group it tracks as UAC-0145.
Hard disk drive maker Western Digital disclosed a hacking incident the company says likely resulted in data theft. Online services offered by the California company - including personal and enterprise cloud storage and email and push notifications - are down as of publication.
Ukrainian law enforcement busted a transnational group of scammers that used more than 100 phishing websites to defraud Europeans. The scammers embezzled nearly $4.4 million by fooling more than 1,000 victims into handing over payment card details, police said.
In this week's data breach spotlight: Telecom giant Lumen reports incidents, Taiwanese hardware vendor QNAP discloses vulnerabilities, debt collector NCB suffers a data breach and more data breaches occur in Australia. Also, there's a new Mac info stealer, and Toyota Italy exposed customer data.
A U.S. federal judge sentenced a Nigerian national to four years in prison for running several cyber-enabled schemes aimed at defrauding U.S. citizens out of more than $1 million. The men were arrested four years ago and extradited to Arizona in 2022 from Malaysia and the United Kingdom.
Twitter says its source code was leaked by an unknown user on the popular open-source code collaboration platform GitHub. The social media giant requested a subpoena from a federal court Monday to force GitHub to provide details about the person behind the partial code leak.
The United States sent its top cyber offensive team to NATO ally Albania to help secure the nation's critical infrastructure networks. The Cyber National Mission Force helped find cyberthreats and vulnerabilities on networks likely targeted last year by Iranian threat actors.
This week's roundup of cybersecurity incidents around the world includes attacks on luxury car manufacturer Ferrari, the Indian health system and a Dutch maritime logistics company. Other data breach incidents involve the NBA, Lionsgate, the city of Oakland, McDonald's and Samsung.