Security News > 2023

Once inside corporate networks, they move swiftly to target and exfiltrate high-value data, including data crucial to the organization, intellectual property, and personal identifiable information or sensitive PII. Structured and unstructured data are at risk. Attackers targeted structured data used in databases such as Oracle and Microsoft Azure SQL Server and for analytics in web platforms such as Databricks.

Notorious ransomware gang LockBit "Formally apologized" for an extortion attack against Canada's largest children's hospital that the criminals blamed on a now-blocked affiliate group, and said it published a free decryptor for the victim to recover the files. "The partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program," LockBit reportedly said on its leak site.

A new phishing campaign is exploiting the increasing interest of security community members towards Flipper Zero to steal their personal information and cryptocurrency. [...]

More than 60,000 Microsoft Exchange servers exposed online are yet to be patched against the CVE-2022-41082 remote code execution (RCE) vulnerability, one of the two security flaws targeted by...

Canada Unity, one of the groups that organized last year's so-called Freedom Convoy during which truckers and others overtook Canadian city streets to protest mandatory COVID-19 vaccinations, has canceled a repeat demonstration planned for February 17 to 20, according to a press release posted to the group's Facebook page. "As a result of these security breaches that are beyond our control, I cannot in good conscience guarantee Public Safety as I promised, nor can I guarantee other Team Canada Unity Freedom Convoy National Partners that could be deemed as convoy organizers, protection from being charged under Ontario's Bill 100 Act," wrote James Bauder, one of the group's organizers, in a post that has since been removed.

U.S. rail and locomotive company Wabtec Corporation has disclosed a data breach that exposed personal and sensitive information. Wabtec is a U.S.-based public company producing state-of-the-art locomotives and rail systems.

This picture comes from the Ukraine Cyber Police, who raided a fraudulent call centre just before New Year, where they say the three founders of the scam, plus 37 "Staff", were busted for allegedly operating a large-scale banking fraud. Typically, the scammers try to convince you that your bank account is under attack from fraudsters, and patiently offer to help you "Secure" your account and "Recover" lost or at-risk funds.

The Polish government is warning of a spike in cyberattacks from Russia-linked hackers, including the state-sponsored hacking group known as GhostWriter. The Polish believe Russian hackers target their country due to the continued support they have provided Ukraine in the ongoing military conflict with Russia.

Threat actors behind a recent malware campaign have been using the stolen information of bank customers in Colombia as lures in phishing emails designed to infect targets with the BitRAT remote access trojan, according to cloud security firm Qualys. The company found that the infrastructure of an undisclosed Colombian cooperative bank had been hijacked by attackers while investigating BitRAT lures in active phishing attacks.

We have long known from Shor's algorithm that factoring with a quantum computer is easy. What the researchers have done is combine classical lattice reduction factoring techniques with a quantum approximate optimization algorithm.