Security News > 2024 > January

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. "We are aware of the incident impacting the Mandiant X account and are working to resolve the issue," a Mandiant spokesperson told BleepingComputer.

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. "We are aware of the incident impacting the Mandiant X account and are working to resolve the issue," a Mandiant spokesperson told BleepingComputer.

One of America's biggest private freight shippers, Estes Express Lines, has told more than 20,000 customers that criminals may have stolen their personal information. "As you may be aware, on October 1, 2023, Estes discovered that an unauthorized threat actor had gained access to a portion of the Company's IT network and deployed ransomware," it said in a letter mailed to 21,184 people [PDF].

Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration. "Resource Public Key Infrastructure is a cryptographic method of signing records that associate a BGP route announcement with the correct originating AS number," explains a Cloudflare article on RPKI. By enabling RPKI with a routing body such as ARIN or RIPE, a network can cryptographically certify that only routers under their control can advertise an AS number and their associated IP addresses.

A Nigerian national was arrested in Ghana and is facing charges related to business email compromise attacks that caused a charitable organization in the United States to lose more than $7.5 million. Olusegun Samson Adejorin was arrested on December 29 for defrauding two charitable organizations in Maryland and New York, according to an eight-count federal grand jury indictment in the U.S. Specifically, Adejorin faces charges for wire fraud, aggravated identity theft, and unauthorized access to a protected computer linked to attacks aimed at two Maryland-based charitable organizations, culminating in the embezzlement of $7.5 million.

Adult media giant Aylo has blocked access to many of its websites, including PornHub, to visitors from Montana and North Caroline as new age verifications laws go into effect. As of January 1st, new age verification laws went into effect in Montana and North Carolina that require adult websites to verify the age of visitors from those states.

LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. "Historically, while a 12-character master password has been LastPass' default setting since 2018, customers still had the ability to forego the recommended default settings and choose to create a master password with fewer characters, if they wished to do so," LastPass said in a new announcement today.

HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers. On December 22, the firm disclosed that it suffered a data breach between July 14 and 23, 2023, which resulted in unauthorized access to some of its systems.

The Australian government announced the 2023-2030 Australian Cyber Security Strategy, which aims to "Help realise the Australian Government's vision of becoming a world leader in cyber security." Overall, the strategy is designed to bring the public and private sectors together in delivering a cohesive vision. More Australia coverage Lack of bipartisan agreement means a lack of clear cyber security strategy.

French IT services provider Atos has entered talks with Airbus to sell its tech security division in an effort to ease its financial burdens. In a market update this morning, Atos Group said it received two letters indicating non-binding interest in its Big Data & Security division, but said only Airbus offered to buy the entire business unit.