Security News
Car manufacturer General Motors has confirmed the credential stuffing attack it suffered last month exposed customers' names, personal email addresses, and destination data, as well as usernames and phone numbers for family members tied to customer accounts. Other more personal information, including social security and credit card and bank account numbers, as well as drivers license data are not stored in customers' GM accounts and were not laid bare, GM officials said in a letter [PDF] sent to customers this month.
Low-cost Indian airline SpiceJet has informed its customers today of an attempted ransomware attack that has impacted some of its systems and caused delays on flight departures. ImportantUpdate: Certain SpiceJet systems faced an attempted ransomware attack last night that impacted and slowed down morning flight departures today.
Low-cost Indian airline SpiceJet has informed its customers today of an attempted ransomware attack that has impacted some of its systems and caused delays on flight departures. ImportantUpdate: Certain SpiceJet systems faced an attempted ransomware attack last night that impacted and slowed down morning flight departures today.
There has been an alarming rise in ransomware breaches - a jump greater than the past 5 years combined, Verizon Business has revealed in its 2022 Data Breach Investigations Report. Verizon has been issuing its yearly DBIR report for the last 15 years, providing the security practitioners and executives around the world a glimpse into the global trends and patterns related to cyber incidents and data breaches.
Attack surface management is only the beginning of a notable shift toward an offensive-or proactive-security approach. A proactive approach to security means that you must see your entire attack surface like an attacker sees it.
An unknown advanced persistent threat group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022. The cybersecurity company attributed the attacks with low confidence to a Chinese hacking group, citing infrastructure overlaps between the RAT and Sakula Rat malware used by a threat actor known as Deep Panda.
Ransomware attackers are motivated entirely by money, and they go after your high-value data. If they gain control of it, through encryption or other means, they can force you to pay to get it back.
Cases of voice phishing or vishing have been reported to have risen a whopping 550% over the past 12 months alone, according to the Quarterly Threat Trends & Intelligence Report co-authored by Agari and PhishLabs. "We are seeing an increase in threat actors moving away from standard voice phishing campaigns to initiating multi-stage malicious email attacks. In these campaigns, actors use a callback number within the body of the email as a lure, then rely on social engineering and impersonation to trick the victim into calling and interacting with a fake representative."
Hackers have a tendency to return to the scene of their crimes over and over again. If you want to fast forward your data security policy you should join our upcoming webinar, Your best defence against cyber attacks is an Iron Man suit for your data, on June 8th at 9am PT. Our own Martin Courtney will be joined by Rubrik's Murthy Mathiprakasam to discuss how, when it comes to protecting data, some heroes don't wear capes.
Online accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible? Inspired by previous research on preemptive account hijacking by way of single sign-on technology, researchers Avinash Sudhodanan and Andrew Paverd wanted to see whether an action by an attacker performed before a victim creates an account may allow the former to gain access to it once the the victim has created/recovered the account.