26 May 2021

Bluetooth bugs open the door for attackers to impersonate devices

New vulnerabilities in devices with Bluetooth Core and Mesh have been uncovered by researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI). The bugs were disclosed on Monday and could allow a threat actor to impersonate devices during pairing, leading to man-in-the-middle attacks. Carnegie Mellon University also

Read More
25 May 2021

Air India Confirms Data of 4.5M Travelers Compromised

Air India has confirmed that a cyberattack led to the exposure of data belonging to roughly 4.5 million global passengers. According to the company, aviation IT provider SITA’s Passenger Service System was accessed by an unauthorized third party in early March. This system stores and processes all of the personal

Read More
25 May 2021

Russian dark web marketplace Hydra cryptocurrency transactions reached $1.37bn in 2020

Flashpoint and Chainalysis have released a joint report that investigated Hydra, a marketplace on the dark web. The report found that the marketplace’s transaction rates have surged, creating a thriving criminal ecosystem. Hydra has been known for the illegal sale of narcotics since its 2015 inception. However, Hydra now boasts

Read More
24 May 2021

Amex Fined After Sending Over Four Million Spam Emails

American Express has been fined by the UK’s Information Commissioner’s Office (ICO) for sending out over four million spam emails, becoming the latest big-name brand to receive a fine from the data protection regulator. The company has been fined £90,000 for the emails, which were marketing messages. The ICO alleges

Read More
24 May 2021

This massive phishing campaign delivers password-stealing malware disguised as ransomware

Cybersecurity researchers at Microsoft have identified a massive phishing campaign that is distributing trojan malware to create a backdoor into Windows systems, stealing usernames, passwords, and other sensitive information from victims. The phishing messages deliver the latest version of the Java-based STRRAT malware. The email campaign consists of utilizing compromised

Read More
24 May 2021

FBI identifies 16 Conti ransomware attacks striking US healthcare, first responders

The Federal Bureau of Investigation (FBI) has identified at least 16 attacks linked to the Conti ransomware group. The agency stated that the attacks target healthcare and first responder organizations, aiming to disrupt their operations and networks. Targets include 911 dispatch carriers, law enforcement agencies, and emergency medical services. These

Read More
21 May 2021

Twitter drops automated image-cropping tool after determining it was biased

This week, Twitter admitted that an algorithm responsible for the platform’s automatic photo cropping feature was biased. Twitter has since removed the feature from its platform. The social media company released a blog post on Wednesday, stating that it had analyzed the artificial intelligence algorithm that crops images before they

Read More
21 May 2021

Global Credential Stuffing Attempts Hit 193 Billion in 2020

According to security vendor Akamai, there was roughly 193 billion credential stuffing attempts during 2020 due to surging numbers of online users. Akamai detailed its findings in its latest report, the 2021 State of the Internet / Security publication, looking to reveal the scale of attempts to hack users’ accounts

Read More
21 May 2021

Microsoft, Google Clouds Hijacked for Gobs of Phishing

Attackers are targeting Microsoft and Google Clouds to perform mass phishing attempts, sending roughly 52 million malicious messages leveraging the likes of Office 385, Azure, OneDrive, SharePoint, G-Suite, and Firebase storage. The reported influx in phishing attempts was recorded in Q1 of 2021 and is likely a result of threat

Read More
21 May 2021

US insurance giant CNA Financial paid $40 million ransom to regain control of systems

CNA Financial, one of the largest American insurance companies, reportedly paid a $40 million ransom payment to restore access to its systems after a ransomware attack. The figure is $10 million more than the highest attempted demand of $30 million in 2020 and double the highest attempted extortion figure, and

Read More