On February 17, 2023, the U.S. Marshals Service (USMS) discovered a major ransomware attack on a stand-alone system that had compromised sensitive information, including personal data of employees and potential targets of federal investigations, as well as law enforcement materials.… Read More »Ransomware attack on U.S. Marshals Service (USMS)
Investigators have identified a Chinese hacker, known by the handle “OKE,” as the prime suspect behind the largest data leak in Taiwan’s history. In October of last year, OKE offered a dump of data containing personal information of 23.56 million… Read More »The prime suspect behind the largest data leak in Taiwan’s history
News Corporation (News Corp), one of the largest mass media and publishing conglomerates in the world, recently disclosed that it suffered a data breach in 2022. According to the company, attackers first gained access to its systems in February 2020,… Read More »News Corp Says APT Hackers Were on Its Network for Two Years
A recent threat campaign distributed via Discord has been discovered to target government entities, according to Menlo Labs. The campaign, which employs the PureCrypter downloader and uses a compromised non-profit organisation’s domain as a Command and Control, was found to… Read More »PureCrypter targets government through Discord
API security is a growing concern for many organizations as APIs become a fundamental part of their digital strategies. APIs are used to share data with internal stakeholders and enable brand-new API-as-a-product offerings to form. APIs power event-driven microservices architectures… Read More »API Security in 2023
A recent joint operation by law enforcement authorities in several countries, with support from Europol, has led to the arrest of eight suspects involved in a large-scale CEO fraud scheme. The criminal network was comprised of French and Israeli nationals,… Read More »Franco-Israeli gang behind EUR 38 million CEO fraud busted
Coinbase, the digital currency exchange, is a frequent target of fraudsters and cybercriminals. In a recent case study, Coinbase discussed an actual cyber attack that it faced, where an employee clicked on a link in an SMS message and unwittingly… Read More »Coinbase shared social engineering case
A new zero-day vulnerability in SSH has been discovered, which could allow attackers to remotely execute code on vulnerable systems. The vulnerability was discovered in a C program created by ClumsyLulz, which was designed to generate a packet to be… Read More »ssh exploit poc by ClumsyLulz
Web hosting giant GoDaddy has confirmed that it suffered a security breach in early December 2022 that compromised its cPanel shared hosting environment. Unknown attackers breached the system and installed malware on the servers, and reportedly had access to the… Read More »GoDaddy was pwned
On February 15th, 2023, Atlassian, an Australian software vendor, experienced a significant data breach. A group of hackers calling themselves SiegedSec posted data online, including what appears to be personal information for over 13,000 employees and floor plans for two… Read More »Data breach @ Atlassian