03 May 2021

Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices

Security researchers at Microsoft have warned of 25 undocumented critical memory-allocation vulnerabilities that lie across a number of vendors’ IoT and industrial devices. The flaws could be used to execute malicious code throughout a network or cause an entire system to crash. The bugs were uncovered by Microsoft’s Azure Defender

Read More
03 May 2021

TurgenSec finds 345,000 files from Filipino solicitor-general’s office were breached

According to UK cybersecurity firm TurgenSec, roughly 345,000 sensitive files from the solicitor-general of the Phillippines have been leaked. Some of the information exposed pertains to ongoing legal cases, threatening the integrity of trials. The breached information was left publicly available, says TurgenSec. When TurgenSec discovered the security incident in

Read More
30 Apr 2021

Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks

A high-severity vulnerability, CVE-2021-23008, allows the bypass of Active Directory authentication if the attacker can hijack a Kerberos Key Distribution Center connection. The attacker uses a spoofed Kerberos Authentication Service Response, or authentication bypass is possible from a compromised AD server.  In order for the protocol to work, the user

Read More
30 Apr 2021

Multi-Gov Task Force Plans to Take Down the Ransomware Economy

60 global entities have proposed a plan to hunt down and stop ransomware gangs by attacking their financial operations. The Institute for Security and Technology created the coalition with more than 60 members from software companies, government agencies, nonprofits, academic institutions and cyber security vendors. Microsoft and Amazon are among

Read More
30 Apr 2021

Ransomware attack hits Washington, D.C. police department

The Metropolitan Police Department was the victim of a ransomware attack the Babuk Locker gang has since claimed responsibility for. The Babuk group says it has stole 250 GB of unencrypted files from the MPD and the data will be leaked in three days if the department does not contact

Read More
30 Apr 2021

API Hole on Experian Partner Site Exposes Credit Scores

A Rochester Institute of Technology sophomore discovered a vulnerability on a partner website of Experian that allows anyone to look up credit scores with a name and mailing address. Bill Demirkapi found the leak when he was looking for information about student loan vendors online.  He discovered the code behind

Read More
29 Apr 2021

74% of Financial Institutions See Spike in COVID-Related Threats

According to new research conducted by BAE Systems Applied Intelligence, 74% of financial institutions have witnessed a spike in cyber threats. Financial losses have also increased among organizations over the past year, with the average cost totaling $720,000. BAE Systems surveyed 902 organizations in the financial sector to conduct the

Read More
29 Apr 2021

Cancer Patients Diverted After Cyber-Attack on MedTech Firm

Last week, Swedish oncology and radiology system provider Elekta suffered from a security breach. Elektra provides equipment for scores of US cancer treatment centers, and the security breach ultimately impacted Elektra’s US customers as well. The breach pertained to its first-generation cloud-based storage system, according to a statement released by

Read More
29 Apr 2021

Data Breach Impacts 1 in 4 Wyomingites

Wyoming’s Department of Health released a statement admitting to exposing personal health information belonging to more than a quarter of Wyoming’s population. The data breach occurred when files containing laboratory test results were allegedly mishandled by an employee. The security incident was announced on the department’s website and included a

Read More
28 Apr 2021

Threat Actors Impersonate Chase Bank

Researchers at Armorblox have discovered two new phishing scams seeking to trick customers of JPMorgan Chase Bank into submitting login credentials. Both of the identified scams utilize social engineering and brand impersonation tactics to deceive targets into believing the messages are legitimate. One scam involved email notifications that appeared to

Read More