Security News > 2023 > September

Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. If you are particularly unlucky, a DDoS attack can defenestrate your network defences.

Topgolf Callaway suffered a data breach at the start of August, which exposed the sensitive personal and account data of more than a million customers.In a letter sent to impacted individuals on August 29, 2023, the company explains that an IT system incident that occurred on August 1st has affected the availability of its e-commerce services and exposed certain customer information to an unauthorized entity. This impacts customers of Callaway and its sub-brands Odyssey, Ogio, and Callaway Gold Preowned sites that all operate under the same business umbrella.

In an undated note seen by TechCrunch, the unnamed hackers described how they found and exploited several security vulnerabilities that allowed them to compromise WebDetetive's servers and access its user databases. By exploiting other flaws in the spyware maker's web dashboard-used by abusers to access the stolen phone data of their victims-the hackers said they enumerated and downloaded every dashboard record, including every customer's email address.

Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to a Russian state-sponsored actor called Sandworm, has capabilities to "Enable unauthorized access to compromised devices, scan files, monitor traffic, and periodically steal sensitive information."

A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear. The intrusion singled out an unnamed activist, who was contacted in late August 2023 and received a malicious LNK file from an address impersonating a member of the organization, non-profit entity Interlabs said in a new report.

We introduce Silverfort Unified Identity Protection, a comprehensive solution that offers enhanced security for AD environments against the misuse of compromised credentials. AD environments are highly vulnerable to attacks that make use of compromised credentials.

Quite some money can be made from selling compromised business and ad accounts on social media platforms, and the Ducktail threat actor has specialized in just that. Ducktail is the name assigned by security researchers to a group operating from Vietnam, whose goal is hijack social media business accounts on platforms like TikTok, Facebook, LinkedIn, and Google.

The Classiscam scam-as-a-service program has reaped the criminal actors $64.5 million in illicit earnings since its emergence in 2019. Germany, Poland, Spain, Italy, and Romania accounted for the highest number of fraudulent transactions registered in Classiscam chats.

Adversary-sponsored research contests on cybercriminal forums focus on new methods of attack and evasion, according to Sophos. The contests mirror legitimate security conference 'Call For Papers' and provide the winners considerable financial rewards and recognition from peers and also potential jobs.

A significant gap is emerging between insurance providers, as organizations skip the fine print and seek affordable and comprehensive coverage, potentially putting them in a tough place when they need to use this safety net, according to a Delinea report. This year, companies that used their cyber insurance more than once increased to 47%, while 67% of respondents noted that their insurance rates increased 50-100% upon application or renewal.