31 Aug 2021

LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection

In July, researchers at Sophos discovered a new emerging threat in July that exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems. The ransomware is referred to as LockFile and uses a unique intermittent encryption method as a means of evading detection. The ransomware gans also adopts tactics

Read More
30 Aug 2021

Boston Public Library Hit With Cyberattack

In a statement released on Friday, the Boston Public Library confirmed that it was hit by a cyberattack earlier that week that crippled its computer network. There is currently no evidence that sensitive employee or customer data was compromised in the attack. The library represents the largest municipal library in

Read More
30 Aug 2021

Critical Azure Cosmos DB Bug Allows Full Cloud Account Takeover

A critical security vulnerability in Microsoft’s Azure cloud database platform has come to light. The flaw, which lies in Cosmos DB, could have allowed for a full remote takeover of accounts before it was patched. It is unclear whether Microsoft customers were breached during the several months in which the

Read More
30 Aug 2021

Bangkok Airways apologizes for passport info breach as LockBit ransomware group threatens data leak

Bangkok Airways has publicly apologized for a data breach in which the passport information and other personally identifiable data were leaked. The company stated that it discovered the cyberattack on August 23. The airline expressed that it was sorry for any inconvenience that the breach may have caused to customers.

Read More
27 Aug 2021

Critical IoT Camera Flaw Allows for Device Hijacking

Security researchers at Nozomi Networks have uncovered another critical IoT security camera systems bug that could potentially allow attackers to access and control devices. The remote code execution vulnerability is tracked as CVE-2021-32941 and is located in the web service of the Annke N48PBB network video recorder often used by

Read More
27 Aug 2021

Chinese Developer Exposes Data on Over One Million Gamers

Chinese game developer EskyFun Entertainment Network Limited accidentally exposed the personal and device details of over one million players after leaving an internet-facing server unsecured. Researchers at vpnMentor first discovered the unprotected Elasticsearch server on July 5. After no reply from the parent company, they contacted the Hong Kong CERT

Read More
27 Aug 2021

US charges HeadSpin ex-CEO over fake $1bn valuation scheme

HeadSpin has been charged $1 billion by the SEC and the US Department of Justice for allegedly defrauding investors by falsely claiming that the company had achieved strong and consistent growth. The organization markets itself as an AI testing, dev-ops, and mobile testing platform. For two years, officials state that

Read More
27 Aug 2021

US Media, Retailers Targeted by New SparklingGoblin APT

Cybersecurity researchers at ESET have identified a new threat actor utilizing an undocumented backdoor to infiltrate organizations in the education, retail, and government sectors. The advanced persistent threat (APT) group is an emerging international cybercriminals gang that is broadening its targets to include universities, media firms, and one computer retailer

Read More
26 Aug 2021

“Sophisticated” Cyber-Attack Compromises Patient Data at Private Health Clinic

In Singapore, Eye & Retina Surgeons revealed that over 73,000 patients were affected by a sophisticated cyberattack. The private medical clinic released a statement earlier this week, revealing that the attack took place on August 6. The cyberattack compromised sensitive data such as patients’ names, addresses, ID card numbers, contact

Read More
26 Aug 2021

Cisco Issues Critical Fixes for High-End Nexus Gear

Cisco Systems recently released six security patches linked to its 9000 series networking gear. The patches range in severity from critical to medium. The most serious of the bugs patched by Cisco ranked 9.1 on the CVSS scale and could allow for a remote and unauthenticated adversary to read or

Read More