Security News

The Royal Mail, UK's leading mail delivery service, has stopped its international shipping services due to "Severe service disruption" caused by what it described as a "Cyber incident." "Incident was detected yesterday, UK/ domestic mail remains unaffected," a Royal Mail spokesperson told BleepingComputer when we reached out for more details earlier today.

Des Moines Public Schools, the largest school district in Iowa, canceled all classes on Tuesday after taking all networked systems offline in response to "Unusual activity" detected on its network one day before. "Because many technology tools that support both classroom learning as well as the management and operation of the school district are not available at this time, the prudent decision is to close the district for the day."

This week rang in 2023 with a chorus of news on ransomware, DDoS, mass exfiltration, phishing attacks, revelations of attacks past, and threats of attacks to come. The exfiltration of a reputed 230 million Twitter users' private-date records was due to a zero-day application programming interface flaw by an attacker who may or may not be known as Ryushi.

Texas-based cloud computing provider Rackspace has confirmed that the Play ransomware operation was behind a recent cyberattack that took down the company's hosted Microsoft Exchange environments. While Crowdstrike didn't name the victim in their report, Rackspace officials have revealed in recent local media interviews and emails to BleepingComputer that the OWASSRF exploit was found on its network and Play ransomware was behind last month's ransomware attack.

Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the supply chain attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites.

FuboTV has confirmed that a streaming outage preventing subscribers from watching the World Cup Qatar 2022 semifinal match between France and Morocco was caused by a cyberattack. Subscribers could not contact support to report the problem, as it requires a user to first log in to the FuboTV site, which could no longer be done.

Microsoft says it has suspended several third-party developer accounts that submitted malicious Windows drivers for the IT giant to digitally sign so that the code could be used in cyberattacks. These moves come after eggheads at Google-owned Mandiant, SentinelOne, and Sophos told Microsoft in October that multiple cybercrime gangs were using malicious third-party-developed Microsoft-signed kernel-mode hardware drivers to help spread ransomware.

Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. "DEV-0139 joined Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms and identified their target from among the members," the tech giant said.

Despite fears of a looming recession, SMBs in the U.S. are spending more on software in 2023, according to Capterra's 2023 SMB Software Buying Trends Survey. 75% of U.S. SMBs estimate they'll spend more on software in 2023 compared to 2022.

Microsoft has warned of Russian-sponsored cyberattacks continuing to target Ukrainian infrastructure and NATO allies in Europe throughout the winter. Redmond said in a report published over the weekend that it observed a pattern of targeted attacks on infrastructure in Ukraine by the Russian military intelligence threat group Sandworm in association with missile strikes.