Security News

In assessing the results, only 13% of respondents were categorized as cyber mature. Cyber mature organizations, those that have deployed at least four of the five resiliency markers, recovered 41% faster than respondents with only zero or one marker.

Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information. The investigation revealed that the partner had been compromised by hackers who leveraged the hijacked account to gain unauthorized access to HealthEquity's systems and, later, exfiltrate sensitive health data.

Analyzing some of those attacks revealed the extensive use of core network devices, particularly Mikrotik models, making the attacks more impactful and challenging to detect and stop. Record-breaking DDoS. Earlier this year, OVHcloud had to mitigate a massive packet rate attack that reached 840 Mpps, surpassing the previous record holder, an 809 Mpps DDoS attack targeting a European bank, which Akamai mitigated in June 2020.

Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. In late June, a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service.

Never risk it when it comes to brisket – make sure those updates are applied Keen meatheads better hope they haven't angered any cybersecurity folk before allowing their Traeger grills to update...

FIA, the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack. Founded in 1904 as the Association Internationale des Automobile Clubs Reconnus, FIA is a non-profit international association that coordinates many auto racing championships, including Formula 1 and the World Rally Championship.

Thousands of pedophiles who download and share child sexual abuse material were identified through information-stealing malware logs leaked on the dark web, highlighting a new dimension of using stolen credentials in law enforcement investigations. Previous analysis has shown that information-stealer logs can contain crucial business account data or credentials to accounts that can expose proprietary information.

The vulnerability, which is a signal handler race condition in OpenSSH's server, allows unauthenticated remote code execution as root on glibc-based Linux systems; that presents a significant security risk. This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, and the creation of backdoors for persistent access.

Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims' networks. "Older, unlicensed versions of the Cobalt Strike red teaming tool were targeted during a week of action coordinated from Europol's headquarters between 24 and 28 June," said Europol.

The security team says they found vulnerable CocoaPods pods in "The documentation or terms of service documents of applications provided by Meta, Apple, and Microsoft; as well as in TikTok, Snapchat, Amazon, LinkedIn, Netflix, Okta, Yahoo, Zynga, and many more." E.V.A. reported the vulnerability to CocoaPods in October 2023, at which point it was patched.