The LockBit ransomware group has announced that it successfully breached the US Federal Reserve, claiming to have exfiltrated 33 terabytes of sensitive data, including Americans’ banking secrets. They have threatened to release this data on June 25, 2024. While the group has not yet published any samples of the stolen …
The new phishing-as-a-service (PhaaS) platform, ONNX Store, has been targeting Microsoft 365 accounts at financial firms using QR codes in PDF attachments. This sophisticated platform, which leverages Telegram bots and bypasses two-factor authentication (2FA), is believed to be a rebranded version of the Caffeine phishing kit. Discovered by EclecticIQ, ONNX …
Amtrak recently disclosed a breach affecting its Guest Rewards accounts, where attackers used previously compromised credentials to access sensitive user data from May 15-18. Although Amtrak’s systems were not hacked directly, the unauthorized access exposed personal information including names, contact details, partial payment information, and travel history. The attackers even …
Major insurance provider Globe Life is reeling from a data breach after a security flaw in one of their web portals exposed customer information. The exact nature and scope of the breach are still under investigation. The company became aware of the problem after a state regulator raised concerns about …
Los Angeles County Department of Public Health (DPH) disclosed a data breach impacting over 200,000 individuals. The incident was caused by a phishing attack that compromised the login credentials of 53 employees. The stolen data includes personal, medical, and financial information. DPH has implemented security enhancements, such as disabling affected …
According to Trellix, major regional and global events have driven cyber threat activities, with a significant increase in the last six months. China-linked threat groups, such as Volt Typhoon, are the most prolific originators of advanced persistent threat (APT) activities, accounting for 68.3% of all detections. Russia-linked APT group, Sandworm, …
The federal government, in partnership with industry leaders, recently conducted its inaugural tabletop exercise focused on AI security incidents. Over 50 AI experts from government agencies and private sector organizations participated in the four-hour simulation, held at Microsoft Corp.’s facility in Reston, Virginia. Led by the Joint Cyber Defense Collaborative …
Nearly 400,000 individuals had sensitive information stolen during a 2023 cyberattack on Panorama Eyecare, a company supporting eye clinics. The breach exposed names, Social Security numbers, financial details, and medical data. The incident highlights the risks associated with third-party service providers in healthcare. Panorama Eyecare said it first discovered the …
A recent cyberattack targeted Disney’s internal servers, resulting in the theft of 2.5 GB of sensitive data. The breach included current information about Disney’s operations, including Disney+, corporate strategies, and advertising plans. Threat actors exploited previously exposed credentials to gain unauthorized access to Disney’s systems. This highlights the importance of …
The New York Times suffered a significant data breach, with 273GB of internal source code and data leaked on 4chan. An exposed GitHub token allowed unauthorized access to the company’s repositories, leading to the theft. The threat actor shared a text file containing a complete list of the 6,223 folders …
