Security News

The official Twitter account for Bloomberg Crypto was compromised earlier today, ultimately redirecting users to a deceptive website used to steal Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the hijacked profile contained a link to a fake Telegram channel with 14,000 members, further pushing visitors to join a fake Bloomberg Discord server with 33,968 members.

Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees' personal information. "One of the servers managed by [.] motorcycle manufacturing and sales subsidiary in the Philippines, Yamaha Motor Philippines, Inc., was accessed without authorization by a third party and hit by a ransomware attack, and a partial leakage of employees' personal information stored by the company was confirmed," Yamaha said.

Google's Threat Analysis Group has discovered that threat actors exploited a zero-day vulnerability in Zimbra Collaboration email server to steal sensitive data from government systems in multiple countries. According to Google's threat analysts, the threat actors exploited the vulnerability on government systems in Greece, Moldova, Tunisia, Vietnam, and Pakistan to steal email data, user credentials, and authentication tokens, perform email forwarding, and lead victims to phishing pages.

The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations. Although the library confirmed this was caused by ransomware, it still has to link the attack to a specific operation and reveal what employee and/or user personal or financial information was accessed or stolen from its systems, if any.

The U.S. Federal Communications Commission (FCC) is adopting new rules that aim to protect consumers from cell phone account scams that make it possible for malicious actors to orchestrate...

An attack path is important to prioritize potential risks in cloud environments. The attack path offers the ability to look at cloud environments from the attacker's perspective.

Automated attacks on application business logic, carried out by sophisticated bad bots, were the leading threat for online retailers, according to Imperva. In the past year, business logic attacks made up 42.6% of attacks on retail sites - up from 26% during the same period in the prior year.

DDoS attacks are cyber threats aimed at disrupting online services by flooding them with excessive traffic. Layer 7 DDoS attacks are a new breed of DDoS that allows attackers to do much more damage with fewer resources.

First time hard figure given on recovery costs for January incident Royal Mail's parent company has revealed for the first time the infrastructure costs associated with its January ransomware attack.…

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and...