28 Jun 2021

EA ignored domain vulnerabilities for months despite warnings and breaches

New information has emerged that gaming giant Electronic Arts (EA) ignored warnings from cybersecurity researchers in December 2020 that the platform contained multiple vulnerabilities that left the company’s network severely exposed to attackers. According to researchers at Israeli cybersecurity firm Cyberpion, they approached EA late last year to inform the

Read More
25 Jun 2021

Data Breach at WorkForce West Virginia

WorkForce West Virginia suffered from a recent data breach in which personal information belonging to job seekers residing in the state may have been exposed. The breach was confirmed yesterday by the governor of West Virginia, Jim Justice, who addressed the incident in a press conference. WorkForce has been notifying

Read More
25 Jun 2021

Crackonosh malware abuses Windows Safe mode to quietly mine for cryptocurrency

Malware named Crackonosh has been found to spread through pirated and cracked software that is frequently discovered through torrents, forums, and malicious websites, according to researchers at Avast. The Avast team conducted an investigation into this situation after uncovering Reddit reports of their antivirus software users curious as to why

Read More
24 Jun 2021

30M Dell Devices at Risk for Remote BIOS Attacks, RCE

A faulty update mechanism has left an estimated 30 million individual Dell endpoints worldwide, according to an analysis by Eclypsium. Dell is currently facing four separate security bugs that would give attackers almost complete control and persistence over targeted devices by allowing remote adversaries to gain arbitrary code execution in

Read More
24 Jun 2021

Ransom Leak Sites Reveal 422% Annual Increase in Victims

Mandiant claims to have detected a 422% increase in victim organizations announced by ransomware groups via their leak sites year-on-year between the first quarter of 2020 and Q1 2021. Over three-quarters of consumers and cybersecurity professionals want to completely outlaw ransom payments as the number of victims per year keeps

Read More
24 Jun 2021

79% of Third-Party Libraries in Apps Are Never Updated

According to a recent analysis conducted by Veracode, 79% of third-party libraries are never updated after including them in a codebase. Most libraries can be easily updated without disrupting application functionality, according to Veracode. However, the company analyzed the results of 13 million scans of 86,000 customer repositories containing more

Read More
24 Jun 2021

One-click account takeover vulnerabilities in Atlassian domains patched

Check Point Research released a report on a series of vulnerabilities in Atlassian that have since been patched, stating that the bugs were found in the software solution provider’s online domains, used by thousands of enterprise clients worldwide. The vendor is based in Australia and provides tools such as Confluence,

Read More
23 Jun 2021

Councils Reported Over 700 Data Breaches in 2020

In 2020, hundreds of councils across the UK suffered from data breaches, according to new Freedom of Information research produced by Redscan. Redscan utilized official FOI responses from 60% of the country’s 398 local authorities to compile the new report, Disjointed and Under-Resourced: Cybersecurity across UK Councils. The managed security

Read More
23 Jun 2021

Nearly 10% of SMB Defense Contractors Show Evidence of Compromise

According to a new report released by Cybersecurity vendor BlueVoyant, more than half of SMB contractors in the US defense supply chain are critically vulnerable to ransomware attacks. BlueVoyant analyzed a sample of 300 smaller contractors from a defense industrial base estimated to have roughly 100,000-300,000 suppliers. The investigation showed

Read More
23 Jun 2021

SonicWall ‘Botches’ October Patch for Critical VPN Bug

SonicWall’s patch for a critical VPN bug has turned out to be insufficient in fixing the vulnerability, leaving more than 80,000 devices vulnerable to remote code execution for months. The patch was released in October, however, was ineffective. SonicWall finally released a complete fix this week for the RCE flaw

Read More