Security News

Northern Minerals issued an announcement earlier today warning that it suffered a cybersecurity breach resulting in some of its stolen data being published on the dark web. The firm is publicly traded on the Australian Securities Exchange under the ticker 'NTU,' so it is legally obliged to disclose any data breach incidents promptly.

Snowflake said if any customer data was taken from its servers, it may have been obtained by thieves who got hold of individual customers' account credentials - via targeted phishing, some other leak, or malware, for example - and not by a general compromise of Snowflake's security. On Friday, in its now-deleted write-up, Hudson Rock wrote that data thieves claimed to have signed into a Snowflake employee's ServiceNow work account and used this access to siphon databases belonging to as many as 400 Snowflake corporate clients.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Yesterday, the RansomHub ransomware group added Christie's on its extortion page on the dark web, claiming it had breached the company and stole sensitive client data. A Christie's spokesperson confirmed to BleepingComputer that the company had suffered a data breach that impacted some clients.

Following a data leak that brought "Tangible fear of threat to life", the UK's data protection watchdog says it intends to fine the Police Service of Northern Ireland £750,000. The August exposure of cops' data affected 9,483 officers and was described by Commissioner Pete O'Doherty of the City of London Police as "The most significant data breach that has ever occurred in the history of UK policing" in an official review.

Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects. As developers may not be aware that these secrets are exposed in artifact files, the source code may be published to public repositories where threat actors can steal them.

The FBI has seized the notorious BreachForums hacking forum used to leak and sell stolen corporate data to other cybercriminals. The seizure occurred on Wednesday morning, soon after the site was used last week to leak data stolen from a Europol law enforcement portal.

Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES)...

A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection. The attackers set up a rogue DHCP server that alters the routing tables so that all VPN traffic is sent straight to the local network or a malicious gateway, never entering the encrypted VPN tunnel.

The BlackBasta ransomware / cyber extortion gang is behind the recent cyber attack that resulted in the temporary shutdown of operations at Synlab Italia. The group claimed the attack on their leak site on Saturday and says they have exfiltrated approximately 1.5 TB of company and customer data, employees' personal documents, as well as the results of customers' medical tests.