Phishing As a Service Targets Financial Sector

The new phishing-as-a-service (PhaaS) platform, ONNX Store, has been targeting Microsoft 365 accounts at financial firms using QR codes in PDF attachments. This sophisticated platform, which leverages Telegram bots and bypasses two-factor authentication (2FA), is believed to be a rebranded version of the Caffeine phishing kit. Discovered by EclecticIQ, ONNX …

Read More

Amtrak Loyalty Breach

Amtrak recently disclosed a breach affecting its Guest Rewards accounts, where attackers used previously compromised credentials to access sensitive user data from May 15-18. Although Amtrak’s systems were not hacked directly, the unauthorized access exposed personal information including names, contact details, partial payment information, and travel history. The attackers even …

Read More

Web Portal Exposes Insurance Customers

Major insurance provider Globe Life is reeling from a data breach after a security flaw in one of their web portals exposed customer information. The exact nature and scope of the breach are still under investigation. The company became aware of the problem after a state regulator raised concerns about …

Read More

Los Angeles Public Health data breach

Los Angeles County Department of Public Health (DPH) disclosed a data breach impacting over 200,000 individuals. The incident was caused by a phishing attack that compromised the login credentials of 53 employees. The stolen data includes personal, medical, and financial information. DPH has implemented security enhancements, such as disabling affected …

Read More

Emails Leading to False Election Contributions

According to Trellix, major regional and global events have driven cyber threat activities, with a significant increase in the last six months. China-linked threat groups, such as Volt Typhoon, are the most prolific originators of advanced persistent threat (APT) activities, accounting for 68.3% of all detections. Russia-linked APT group, Sandworm, …

Read More

Industry and Government Collaborate to Boost AI Security

The federal government, in partnership with industry leaders, recently conducted its inaugural tabletop exercise focused on AI security incidents. Over 50 AI experts from government agencies and private sector organizations participated in the four-hour simulation, held at Microsoft Corp.’s facility in Reston, Virginia. Led by the Joint Cyber Defense Collaborative …

Read More

Eye Care Firm’s Data Breach

Nearly 400,000 individuals had sensitive information stolen during a 2023 cyberattack on Panorama Eyecare, a company supporting eye clinics. The breach exposed names, Social Security numbers, financial details, and medical data. The incident highlights the risks associated with third-party service providers in healthcare. Panorama Eyecare said it first discovered the …

Read More

Insecure credentials leads to Disney Data breach

Disney’s-Data-Breach-Exposed

A recent cyberattack targeted Disney’s internal servers, resulting in the theft of 2.5 GB of sensitive data. The breach included current information about Disney’s operations, including Disney+, corporate strategies, and advertising plans. Threat actors exploited previously exposed credentials to gain unauthorized access to Disney’s systems. This highlights the importance of …

Read More

AI Amplifies Cyber Threats

AI-Amplifies-Cybersecurity-Challenges

AI technology has escalated the cyber threat landscape by enabling less skilled hackers to enhance their capabilities, leading to a surge in AI-driven cyberattacks. Federal cybersecurity officials emphasize the importance of information-sharing and coordination to combat these sophisticated threats. The key to mitigating AI-fueled threats lies in increased collaboration and …

Read More