Security News
On Wednesday, a threat actor named "InteIBroker" put up for sale "Access to one of the largest cyber security companies" and immediately ignited speculation about which company it might be. Some six hours Zscaler confirmed that they discovered an isolated test environment on a single server that was exposed to the internet, but did not contain customer data.
Zscaler says that they discovered an exposed "Test environment" that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company's systems. A Zscaler employee also shared on Mastodon that the company investigated the rumors and that they are "Completely inaccurate and unfounded."
The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City's authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation. Earlier today, the LockBit ransomware group added Wichita to its extortion portal, threatening to publish all stolen files on the site by May 15, 2024, unless the City pays the ransom.
MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. Tools and techniques used to breach MITRE. The attackers leveraged the Ivanti zero-days to gain access to the organization's research and prototyping network, from which they performed additional reconnaissance, moved into its VMware environment and exfitrated data.
The UK Government confirmed today that a threat actor recently breached the country's Ministry of Defence and gained access to part of the Armed Forces payment network.The attacked system contained personal data belonging to active and reserve personnel as well as some recently retired veterans.
Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general...
The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches, according to Verizon's 2024 Data Breach Investigations Report, which analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023. "This year's DBIR findings reflect the evolving landscape that today's CISO's must navigate - balancing the need to address vulnerabilities quicker than ever before while investing in the continued employee education as it relates to ransomware and cybersecurity hygiene," said Craig Robinson, Research VP, Security Services at IDC. "The breadth and depth of the incidents examined in this report provides a window into how breaches are occurring, and despite the low-level of complexity are still proving to be incredibly costly for enterprises."
Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after attackers compromised its corporate systems in March and stole the personal information of an undisclosed number of individuals. The company discovered a data security breach on March 10, 2024, which affected some of its corporate systems but left in-store systems, operations, and guest experience unaffected.
Daily newspaper Philadelphia Inquirer revealed that attackers behind a May 2023 security breach have stolen the personal and financial information of 25,549 individuals. In May 2023, The Inquirer disclosed that its systems were breached in a cyberattack detected after its content management system went down unexpectedly.
Financial Business and Consumer Solutions is warning 1,955,385 impacted individuals in the United States that the company suffered a data breach after discovering unauthorized access to specific systems in its network. According to a data breach notification sample the firm shared with the authorities late last week, on February 26, 2024, it discovered that unauthorized actors had breached its network since February 14, 2024.