Security researchers at Palo Alto Networks uncovered a large-scale extortion campaign exploiting misconfigured cloud environments. Attackers targeted over 110,000 domains by accessing exposed .env files, which contained sensitive information like AWS IAM keys, SaaS API keys, and database logins. These misconfigurations allowed attackers to infiltrate cloud environments, exfiltrate data, and …
The first half of 2024 saw ransomware gangs extort over $459 million from victims, marking a sharp increase and setting the stage for a record-breaking year. A report from blockchain research firm Chainalysis reveals that the median ransom demanded by the most dangerous ransomware groups surged from $198,939 in early …
There were no email addresses in the social security number files. If you find yourself in this data breach via HIBP, there’s no evidence your SSN was leaked, and if you’re in the same boat as me, the data next to your record may not even be correct.
The recent emergence of Deep-Live-Cam has sparked significant concern in the cybersecurity community as it allows users to impersonate individuals in real-time video chats using just a single photo. The software, which has gained viral attention, demonstrates the rapid advancement of face-swapping technology, making it accessible for malicious actors. As …
Orion, a leading supplier of carbon black, recently lost $60 million in a business email compromise (BEC) scam. Cybercriminals tricked a non-executive employee into making multiple wire transfers to their accounts. This incident highlights the growing threat of BEC attacks, where scammers often impersonate executives or manipulate employees to authorize …
In August, hackers leaked 2.7 billion records from National Public Data on a dark web forum. The data includes Social Security numbers and other sensitive information. The breach, tied to the cybercriminal group USDoD, affected individuals in the U.S., U.K., and Canada. The stolen records, shared in two CSV files …
A recent survey revealed that 74% of ransomware victims experienced multiple attacks within a year, highlighting the increasing threat severity and the need for stronger cyber resilience. Despite widespread cybersecurity measures, many organizations paid multiple ransoms, with 33% of victims paying four or more times. These repeated attacks led to …
The recent DARPA-led AI Cyber Challenge at DEF CON showcased the potential of artificial intelligence to revolutionize cybersecurity. Ninety teams participated, each developing autonomous systems to identify and patch vulnerabilities in widely-used open-source software. The competition demonstrated the promise of AI in addressing the growing number of vulnerabilities that outpace …
Researchers at Bitdefender found serious vulnerabilities in solar power systems that could have allowed hackers to cause major disruptions. These flaws exist in platforms from Solarman and Deye, which manage millions of solar installations worldwide. Hackers could exploit these vulnerabilities to manipulate inverters, disrupt power generation, and trigger blackouts. The …
The Senate Intelligence Committee has introduced a bill that could change how the U.S. addresses this cyber threat. By equating it with terrorism, the bill aims to give the U.S. intelligence community more power to target these actors and the nations that support them. If passed, this would be the …
