Security News

US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed some customers' information and allowed hackers to redeem rewards points for gift cards. General Motors operates an online platform to help owners of Chevrolet, Buick, GMC, and Cadillac vehicles manage their bills, services, and redeem rewards points.

US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed some customers' information and allowed hackers to redeem rewards points for gift cards. Car owners can redeem GM rewards points towards GM vehicles, car service, accessories, and purchasing OnStar service plans.

DDoS attacks decreased in 2021, still above pre-pandemic levels. As part of NexusGuard's "DDoS Statistical Report for 2021", it was found that despite the rate of DDoS attacks falling from 2020 to 2021, the number of attacks still outweigh those experienced before the COVID-19 pandemic began, as the total number of DDoS attacks were reduced by 13.3% from 2020 to 2021, according to the DDoS protection company.

The Chicago Public Schools has suffered a massive data breach that exposed the data of almost 500,000 students and 60,000 employee after their vendor, Battelle for Kids, suffered a ransomware attack in December. Yesterday, the Chicago Public School district disclosed that a December 1st ransomware attack on Battelle for Kids exposed the stored data of 495,448 students and 56,138 employees in its school system.

Cisco has addressed a zero-day vulnerability in its IOS XR router software that allowed unauthenticated attackers to remotely access Redis instances running in NOSi Docker containers. The IOS XR Network OS is deployed on multiple Cisco router platforms, including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers.

A case of software supply chain attack has been observed in the Rust programming language's crate registry that leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm SentinelOne dubbed the attack "CrateDepression."

A new report from Google's Threat Analysis Group exposes the use of five different zero-day vulnerabilities targeting Chrome browser and Android operating systems. Google assesses with high confidence that these exploits have been packaged by a single commercial surveillance company named Cytrox.

Russia's banking and financial services company Sberbank is being targeted in a wave of unprecedented hacker attacks. Sberbank is Russia's largest financial company and the third-largest in Europe, with total assets counting over $570 billion.

Taiwanese network-attached storage devices maker QNAP on Thursday warned its customers of a fresh wave of DeadBolt ransomware attacks. "QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the internet," QNAP said in an advisory.

Publishing giant Nikkei disclosed that the group's headquarters in Singapore was hit by a ransomware attack almost one week ago, on May 13, 2022. "The affected server likely contained customer data, and Nikkei is currently in the process of determining the nature and scope of the attack," Nikkei added.