Security News > 2023

Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware.The April network breach led to an outage affecting the company's operations after Americold forced it to shut down its IT network to contain the breach and "Rebuild the impacted systems."

Get a VPN for Yourself and Your Employees This Holiday Season Want to make sure everyone on your team is secure? Get a lifetime subscription to FastestVPN PRO, now just $29.97 through Christmas Day for 15 devices. Now through Christmas Day, you can get a lifetime subscription to FastestVPN PRO for 15 devices for just $29.97.

Toyota Financial Services is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack. Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers.

Two years after the Log4Shell vulnerability in the open source Java-based Log4j logging utility was disclosed, circa one in four applications are dependent on outdated libraries, leaving them open to exploitation. Research from security shop Veracode revealed that the vast majority of vulnerable apps may never have updated the Log4j library after it was implemented by developers as 32 percent were running pre-2015 EOL versions.

The Spanish police have arrested one of the alleged leaders of the 'Kelvin Security' hacking group, which is believed to be responsible for 300 cyberattacks against organizations in 90 countries since 2020. News of the arrest of a leader of the financial component of the group was posted to the Spanish National Police's Telegram channel Sunday morning, stating that the threat actors are linked to attacks on government institutions across Spain, Germany, Italy, Argentina, Chile, Japan, and the United States.

Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that's known to use a backdoor known as...

Webinar In the natural world, there are ten different kinds of cloud - a rare simplicity in meteorological terms. Multi-cloud environments in particular spawn a lot of complexity, and their continuous evolution can also create cyber security blind spots.

The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to...

It’s happened. Details here, and tech details here (for messages in transit) and here (for messages in storage) Rollout to everyone will take months, but it’s a good day for both privacy and...

Security in brief The saga of 23andMe's mega data breach has reached something of a conclusion, with the company saying its probe has determined millions of leaked records originated from illicit break-ins into just 14,000 accounts. In an update on Tuesday to a blog post sharing details of the attack, 23andMe said the breach, first reported in October, was enabled via credential stuffing, through which an attacker uses username and password combinations from other breaches to try breaking into unrelated accounts.