Security News

Spanish airline Air Europa, the country's third-largest airline and a member of the SkyTeam alliance, warned customers on Monday to cancel their credit cards after attackers accessed their card information in a recent data breach. The credit card details exposed in the breach include card numbers, expiration dates, and the 3-digit CVV code on the back of the payment cards.

Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider. A data breach notification sent to impacted customers explains that Flagstar was indirectly impacted by Fiserv, a vendor it uses for payment processing and mobile banking services.

Cloud computing provider Blackbaud reached a $49.5 million agreement with attorneys general from 49 U.S. states to settle a multi-state investigation of a May 2020 ransomware attack and the resulting data breach. In the breach disclosed by Blackbaud in July 2020, the highly sensitive data belonging to over 13,000 Blackbaud business customers and their clients from the U.S., Canada, the U.K., and the Netherlands was compromised, impacting millions of individuals.

Sony Interactive Entertainment has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.According to the data breach notification, the compromise happened on May 28, three days before Sony learned from Progress Software about the flaw, but it was discovered in early June.

Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through a SQL Server instance. "The attackers initially exploited a SQL...

In the current business environment, it is almost inevitable that an organization will experience a security breach that exposes collected personal data to unauthorized access. Under the provisions of the General Data Protection Regulation, regardless of the severity of the security breach, organizations must inform their EU customers and stakeholders of the incident in a timely manner.

The Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer data, including the details of 150 credit cards. According to the company's press release, a group of unknown attackers infiltrated its network, intending to launch a ransomware attack, but had limited success thanks to its effective protective measures.

Operators of the North Korea-linked Lazarus APT obtained initial access to the network of an aerospace company in Spain last year after a successful spearphishing campaign, by masquerading as a recruiter for Meta - the company behind Facebook, Instagram, and WhatsApp. The initial contact by the attacker impersonating a recruiter from Meta.

The North Korean 'Lazarus' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown 'LightlessCan' backdoor. The hackers utilized their ongoing "Operation Dreamjob" campaign, which entails approaching a target over LinkedIn and engaging in a fake employee recruitment process that, at some point, required the victim to download a file.

Chinese hackers stole tens of thousands of emails from U.S. State Department accounts after breaching Microsoft's cloud-based Exchange email platform in May. During a recent Senate staff briefing, U.S. State Department officials disclosed that the attackers stole at least 60,000 emails from Outlook accounts belonging to State Department officials stationed in East Asia, the Pacific, and Europe, as Reuters first reported. Microsoft did not disclose specific details regarding the affected organizations, government agencies, or countries impacted by this email breach.