Security News

First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack. "First American has experienced a cybersecurity incident," the company said in a statement published on a website dedicated to the cyberattack.

Allied Pilots Association, a labor union representing 15,000 American Airlines pilots, disclosed a ransomware attack that hit its systems on Monday. APA said that its IT team and outside experts are working on restoring systems impacted by the ransomware attack from backups, with an initial focus on first bringing back pilot-facing products and tools in the hours and days ahead. The union has launched an investigation led by third-party cybersecurity experts to assess the full extent of the incident and its impact on data stored on compromised systems.

Insurance giant American Family Insurance has confirmed it suffered a cyberattack and shut down portions of its IT systems after customers reported website outages all week.American Family Insurance is an insurance company focusing on commercial and personal property, casualty, auto, and life insurance, as well as offering investment and retirement planning The company employs 13,000 people and has a 2022 revenue of $14.4 billion.

A new APT hacking group named 'AtlasCross' targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware. Cybersecurity firm NSFocus identified two previously undocumented trojans, DangerAds and AtlasAgent, associated with attacks by the new APT group.

An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. "The BBTok banker has a dedicated...

Users in Latin America are the target of a financial malware called JanelaRAT that's capable of capturing sensitive information from compromised Microsoft Windows systems. "JanelaRAT mainly targets financial and cryptocurrency data from LATAM bank and financial institutions," Zscaler ThreatLabz researchers Gaetano Pellegrino and Sudeep Singh said, adding it "Abuses DLL side-loading techniques from legitimate sources to evade endpoint detection."

Tax-paying individuals in Mexico and Chile have been targeted by a Mexico-based cybercrime group that goes by the name Fenix to breach targeted networks and steal valuable data. "These fake websites prompt users to download a supposed security tool, claiming it will enhance their portal navigation safety," Metabase Q security researchers Gerardo Corona and Julio Vidal said in a recent analysis.

Businesses operating in the Latin American region are the target of a new Windows-based banking trojan called TOITOIN since May 2023. "This sophisticated campaign employs a trojan that follows a multi-staged infection chain, utilizing specially crafted modules throughout each stage," Zscaler researchers Niraj Shivtarkar and Preet Kamal said in a report published last week.

What is new is the extent to which the balloon was driven by US hardware, which unnamed sources told the Wall Street Journal was "Crammed" with off-the-shelf components that could have easily been purchased online. In February, US officials added six Chinese companies to its trade-restricting Entity List over their work with the Chinese government to develop high-altitude balloons like the one in question.

A vendor that operates a pilot recruitment platform used by maor airlines exposed the personal files of more than 8,000 pilot and cadet applicants at American Airlines and Southwest Airlines. Both American and Southwest on June 23 sent letters to those people affected by the hack of Pilot Credentials, a company based in Austin, Texas, that was founded in 2005 and manages online pilot recruitment portals for American, Southwest, and other airlines.