Security News > 2023 > September

Freecycle, the charity aimed at recycling detritus that would otherwise be headed for landfill, has become the latest organization to suffer at the hands of cyber attackers and admit to a breach. Executive director Deron Beal said: "The data breach includes usernames, User IDs, email addresses and hashed passwords."

The LockBit ransomware group has breached Zaun, a UK-based manufacturer of fencing systems for military sites and critical utilities, by compromising a legacy computer running Windows 7 and using it as an initial point of access to the wider company network. "At the time of the attack, we believed that our cyber-security software had thwarted any transfer of data. However, we can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed. It is believed that this is 10 GB of data, 0.74% of our stored data. LockBit will have potentially gained access to some historic emails, orders, drawings and project files, we do not believe that any classified documents were stored on the system or have been compromised."

An updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to distribute an open-source command-and-control framework called Mythic. "New BLISTER update includes keying feature that allows for precise targeting of victim networks and lowers exposure within VM/sandbox environments," Elastic Security Labs researchers Salim Bitam and Daniel Stepanic said in a technical report published late last month.

Traditional web application pen testing has limitations and often leaves organizations with gaps in their security. Rapidly Changing Technologies: With the continuous evolution of technologies, pen testers must constantly update their skills and knowledge to stay ahead of the curve and effectively identify potential security issues.

Banking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes. A subsequent analysis from Avast in early 2022 found that the threat actors behind the operation, who call themselves Lucifer, had breached more than 800 WordPress websites to deliver Chaes to users of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago.

In today's digital age, it's not just about being online but how securely your organization operates online. Regardless of size or industry, every organization heavily depends on digital assets.

Northern Ireland's police chief, Simon Byrne, resigned last night after an emergency meeting of the Policing Board amid discontent in the rank and file over a data breach that exposed serving officers' info, as well as news he was considering appealing a court ruling linked to the Troubles. An armed police officer stands guard at a cordon point while army ammunition technical officers examine a suspected bomb in Belfast, Northern Ireland.

The average cost of a breach rose once again to $4.45 million, increasing 15% over the last three years. I can't make any promises regarding your bottom line, but I can offer some opinions on where I see risk reduction and potential cost savings in the event of a breach.

Abstract: The Common Vulnerability Scoring System is a popular method for evaluating the severity of vulnerabilities in vulnerability management. The goal of CVSS is to provide comparable scores across different evaluators.

The North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart. Ariel, also known by the names Nicket Hyatt or Silent Chollima, is a sub-cluster of the Lazarus Group that's known to be active since at least 2008.