Security News
AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to confirm the legitimacy of all the data in the database, we have confirmed some of the entries are accurate, including those whose data is not publicly accessible for scraping.
McDonald's restaurants are suffering global IT outages that prevent employees from taking orders and accepting payments, causing some stores to close for the day. The outages started overnight and are impacting restaurants globally, including those in the USA, Japan, Australia, Canada, the Netherlands, Italy, New Zealand, and the UK. "We are aware of a technology outage, which impacted our restaurants; the issue is now being resolved," McDonald's said in a statement to BleepingComputer.
A cursory scan of the major ransomware groups' leak blogs shows none of the big names are yet claiming responsibility for the attack on Leicester City Council. "Over the weekend we have continued to work with our cybersecurity and law enforcement partners, as well as learning from other councils who have had attacks, to identify the nature of the incident and the steps we need to take to get our systems back online," said Richard Sword, strategic director of city developments and neighborhoods at Leicester City Council.
The Kremlin has accused the United States of meddling in Russia's upcoming presidential election, and even accused Uncle Sam of planning a cyberattack on the country's online voting system. Putin, who controls the SVR and the election process, will undoubtedly win the vote.
Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. The leaked data includes user IDs, full names, company names, office addresses, phone numbers, email addresses, positions/roles, and other information.
Midnight Blizzard, a group of Russian hackers tied to the country's Foreign Intelligence Service, has leveraged information stolen from Microsoft corporate email systems to burrow into the company's source code repositories and internal systems."It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures," the company's Security Response Center shared on Friday.
Microsoft has now confirmed that the Russian cyberspies who broke into its executives' email accounts stole source code and gained access to internal systems. In an updated US Securities and Exchange filing and companion security post, Microsoft provided more details about the breach, which it originally disclosed in January.
Microsoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January...
Python Risk Identification Tool is Microsoft's open-source automation framework that enables security professionals and machine learning engineers to find risks in generative AI systems. It started as a collection of individual scripts used during the team's initial foray into red teaming generative AI systems in 2022.
Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML...