Security News > 2022 > October

Cequence Security released its first half 2022 report titled, "API Protection Report: Shadow APIs and API Abuse Explode." Chief among the findings was approximately 5 billion malicious transactions targeted unknown, unmanaged and unprotected APIs, commonly referred to as shadow APIs, making this the top threat challenging the industry. Top threat #1: 31% of all malicious attacks target shadow APIs.

Hackers have reportedly stolen 2 million Binance Coins, worth $566 million, from the Binance Bridge.Details are scant at the moment, but the attack appears to have started at 2:30 PM EST today, with the attacker's wallet receiving two transactions [1, 2], each consisting of 1,000,000 BNB. Soon after the hacker began spreading some of the funds across a variety of liquidity pools, attempting to transfer the BNB into other assets.

Lloyd's of London has reset its IT systems and is probing a possible cyberattack against it after detecting worrisome network behavior this week. "Lloyd's has detected unusual activity on its network and we are investigating the issue," a spokesperson told The Register on Thursday.

America's second-largest nonprofit healthcare org is suffering a security "Issue" that has diverted ambulances and shut down electronic records systems at hospitals around the country.CommonSpirit has yet to provide additional details about the cause of the issue, how many facilities were affected, whether any patient data was stolen in what may have been a cyberattack, and whether or not ransomware was involved, even following our prodding of the org.

Former Uber CSO found guilty of obstruction in attempted data breach cover-up. Former Uber Chief Security Officer Joe Sullivan has been found guilty of criminal obstruction for attempting to conceal a 2016 data breach of tens of millions of customer and driver records.

The Federal Bureau of Investigation warned today of foreign influence operations that might spread disinformation to affect the results of this year's midterm elections. The federal law enforcement agency warned that foreign actors are actively spreading election infrastructure disinformation to manipulate public opinion, discredit the electoral process, sow discord, and encourage a lack of trust in democratic processes and institutions.

Papa John's is being sued by a customer - not for its pizza but for allegedly breaking the US Wiretap Act by snooping on the way he browsed the pie-slinger's website. The proposed class-action suit accuses Papa John's of violating both the Wiretap Act and the California Invasion of Privacy Act by going too far with its session replay software.

Let's stay on the subject of scams, and talk about scammers and rogue callers. DUCK. Well, there are scam calls and there's nuisance calls.

NSA, CISA, and the FBI revealed today the top security vulnerabilities most exploited by hackers backed by the People's Republic of China to target government and critical infrastructure networks. The three federal agencies said in a joint advisory that Chinese-sponsored hackers are targeting U.S. and allied networks and tech companies to gain access to sensitive networks and steal intellectual property.

Phishing attack spoofs Zoom to steal Microsoft user credentials We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. That's exactly the case with a recent phishing campaign analyzed by security firm Armorblox in which the attacker spoofed Zoom in an attempt to compromise Microsoft user credentials.