Security News

London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches
2022-09-24 06:37

The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking."On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency said, adding "He remains in police custody."

S3 Ep101: Uber and LastPass breaches – is 2FA all it’s cracked up to be? [Audio + Text]
2022-09-22 18:42

DUCK. Yes, Uber has come out with a follow up report, and it seems that they're suggesting that a hacking group like LAPSUS$ was responsible. Just because you have those that's a security gate, but it's not the end-all and be-all to keeping someone out.

MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches
2022-09-20 10:30

An MFA Fatigue attack is when a threat actor runs a script that attempts to log in with stolen credentials over and over, causing what feels like an endless stream of MFA push requests to be sent to the account's owner's mobile device. A demonstration of an MFA Fatigue attack, or MFA spam, can be seen in this YouTube video created by cybersecurity support company Reformed IT. In many cases, the threat actors will push out repeated MFA notifications and then contact the target through email, messaging platforms, or over the phone, pretending to be IT support to convince the user to accept the MFA prompt.

Lorenz ransomware breaches corporate network via phone systems
2022-09-12 16:00

The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises, using their phone systems for initial access to their corporate networks. While these incidents weren't linked to a specific ransomware gang, Arctic Wold Labs was able to attribute similar malicious activity to the Lorenz gang with high confidence.

Financial organizations fail to act on firmware breaches
2022-09-12 04:30

In this Help Net Security video, Michael Thelander, Director Product Marketing at Eclypsium, discusses how financial organizations are failing to act despite the majority experiencing a firmware-related breach. 92% of CISOs in finance believe adversaries are better equipped at weaponizing firmware than their teams are at securing it, according to Eclypsium and Vanson Bourne.

How Just-in-Time privilege elevation prevents data breaches and lateral movement
2022-09-01 04:00

This attack and many others reinforce the importance of an effective Privileged Access Management framework that enforces the principle of least privilege with Just-in-Time privilege elevation. Reasons why you need Just-in-Time privilege elevation Minimize attack surface.

Almost 2,000 data breaches reported for the first half of 2022
2022-08-12 18:53

Almost 2,000 data breaches reported for the first half of 2022. In a new report entitled State of Data Breach Intelligence: 2022 Midyear Edition, security firm Flashpoint looks at the number and types of data breaches reported for the first half of 2022.

Conti ransomware hacking spree breaches over 40 orgs in a month
2022-06-23 10:05

The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month. During the campaign, Conti affiliates managed to compromise more than 40 organizations in various sectors of activity operating across wide geography but with a focus on companies based in the U.S. A Group-IB spokesperson told BleepingComputer that ARMattack was very swift and explained that the company's report refers to organizations that had their networks compromised.

How Secrets Lurking in Source Code Lead to Major Breaches
2022-05-25 05:21

Take the Codecov case: it is a textbook example to illustrate how hackers leverage hardcoded credentials to gain initial access into their victims' systems and harvest more secrets down the chain. In this article, we will talk about secrets and how keeping them out of source code is today's number one priority to secure the software development lifecycle.

Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches
2022-05-23 12:47

Zero Trust principles - whether applied to identities, network, or data objects - help organizations systematically improve security risks throughout each of visibility, detection, response, and protection. In the modern enterprise, implementing Zero Trust for data without breaking business logic is a new direction that requires a careful shift from Posture Management to Detection-Response to Protection to avoid creating business risk or outage.