Security News

The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security was behind a breach of the country's parliament disclosed in March 2021. As Finnish Parliament officials said three years ago, when describing the incident as a "State cyber-espionage operation" believed to be linked to "The so-called APT31 operation," the attackers gained access to multiple parliament email accounts, including some belonging to Finnish MPs. On Monday, the U.S. Treasury Department's Office of Foreign Assets Control sanctioned two APT31 operatives who worked as contractors for Wuhan XRZ, an OFAC-designated front company used by the Chinese MSS as cover in U.S. critical infrastructure attacks.

Ray is an open-source framework developed by Anyscale that is used to scale AI and Python applications across a cluster of machines for distributed computational workloads. In November 2023, Anyscale disclosed five Ray vulnerabilities, fixing four tracked as CVE-2023-6019, CVE-2023-6020, CVE-2023-6021, and CVE-2023-48023.

Lynis: Open-source security auditing toolLynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. WebCopilot: Open-source automation tool enumerates subdomains, detects bugsWebCopilot is an open-source automation tool that enumerates a target's subdomains and discovers bugs using various free tools. NIST's NVD has encountered a problemWhether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST's National Vulnerability Database is struggling, and it's affecting vulnerability management efforts.

The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG. "The...

A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries. Specifically, the hackers have compromised 48 government organizations, 10 of which are Foreign Affairs ministries, and targeted another 49 government agencies.

Fujitsu Limited, the largest Japanese IT services provider, has announced that several of the company's computers have been compromised with malware, leading to a possible data breach. The affected computers have been disconnected and the company has strengthened the monitoring of other business computers, Fujitsu said.

Japanese tech giant Fujitsu discovered that several of its systems were infected by malware and warns that the hackers stole customer data. Fujitsu says it will continue investigating how the malware found its way into business systems and what data it exfiltrated.

Japanese tech giant Fujitsu discovered that several of its systems were infected by malware and warns that the hackers stole customer data. [...]

Nissan Oceania has confirmed that the data breach it suffered in December 2023 affected around 100,000 individuals and has begun notifying them.In early December 2023, the company - a regional Nissan division which includes Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand - revealed that an unauthorized third party accessed its local IT servers and caused downtime.

French national unemployment agency France Travail and Cap emploi, a government employment service for people with disabilities, have suffered a data breach that might have exposed personal data of 43 million people. The agencies announced on Wednesday that an intrusion exposed data of jobseekers registered in the last 20 years, as well as those with a candidate profile on the sites.