Security News > 2023 > November

The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors, one of the world's largest automotive parts suppliers. The Qilin ransomware group, also known as "Agenda," claimed the attack on Yanfeng by adding them to their Tor data leak extortion site yesterday.

Today, Microsoft shared a temporary fix for a known issue causing Outlook Desktop to crash when sending emails from Outlook.com accounts. These problems only affect Outlook for Microsoft 365 users and those in the Current Channel channel using Outlook build 17029.

International logistics giant DP World has confirmed that data was stolen during a cyber attack that disrupted its operations in Australia earlier this month. "DP World Australia's investigation has confirmed that the incident was confined to the Australian operations and did not impact any other markets where DP World operates," DP World told BleepingComputer.

Hackers are exploiting a critical ownCloud vulnerability tracked as CVE-2023-49103 that exposes admin passwords, mail server credentials, and license keys in containerized deployments. Of the three flaws, CVE-2023-49103 received a maximum CVSS severity score of 10.0 as it allows a remote threat actor to execute phpinfo() through the ownCloud 'graphapi' app, which reveals the server's environment variables, including credentials stored within them.

A design flaw in Google Workspace's domain-wide delegation feature, discovered by Hunters' Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges. Such exploitation could result in the theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all the identities in the target domain.

Slovenian power generation company Holding Slovenske Elektrarne has been hit by ransomware and has had some of its data encrypted. HSE is a state-owned company that controls numerous hydroelectric, thermal and coal-fired power plants.

Partner Content Athena AI, the new generative AI layer that spans across the entire Varonis Data Security Platform, redefines how security teams protect data - from visibility to action. With gen AI, attackers are faster, stealthier, and can more easily find what they want - your sensitive data.

A few low-level stragglers remain on the loose, but biggest fish have been hooked International law enforcement investigators have made a number of high-profile arrests after tracking a major...

As cloud technology evolves, so does the challenge of securing sensitive data. In a world where data duplication and sprawl are common, organizations face increased risks of non-compliance and...

Cybersecurity researchers have detailed a "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege...