Blog

Serious risk patients recall Medtronic Insulin Pump devices FDA vulnerability exploit

Serious risk to patients prompted the recall of Medtronic Insulin Pump devices via FDA

Earlier this week, the US Food and Drug Administration issued an advisory that warns the patients about the risk of the Medtronic insulin pump devices used for wireless insulin pumps. The FDA also initiated an expanded recall of the remote-controlled pumps.  The FDA identified the situation as a “Class I” recall due to the severity of the incident. It is placed...
Continue Reading
Ransomware CIS 2021 BigBobRoss CryptConsole Cryakl Phobos CrySIS

Ransomware strains that targeted the CIS for 2021

This year has been challenging for businesses, especially with the pandemic outbreak. Several threat actors have taken advantage of executing cyberattacks against organizations worldwide, ransomware being the most common type. System of government such as the Commonwealth of Independent States (CIS) also failed to avoid such unfortunate occurrences of attacks for this year.     Businesses that operate inside the CIS have been the targets of non-prevalent ransomware threat groups.    Described below is the...
Continue Reading
Journalists whistleblower sharing platform Onionshare bugs vulnerability exploit

Journalists and whistleblower sharing platform Onionshare, revealed bugs through the latest patch

OnionShare a file-sharing system used by journalists and whistleblowers to confidentially send information to any target location has revealed two vulnerabilities to their latest patch. If these bugs were not identified early, it might heavily impact the file-sharing system’s anonymous capabilities.  The system allows users to carry out activities including file sharing, messaging, and website hosting while being anonymous at...
Continue Reading
Large companies domain security enhancement cyberattacks DNS

Large companies lag in domain security enhancement adoption in preventing cyberattacks

Many studies state that web domains of large companies remain to be dangerously under-guarded against the threat of cyberattacks despite the world’s shift to a more modernize business and operations landscape. At least 81% of companies listed in Forbes Global 2000 are not using registry locks, which means that these companies have a lag in adopting enhanced domain security measures. ...
Continue Reading
Ethernet cables data exfiltration air gapped systems malware

Ethernet cables are being used in a newfound data exfiltration mechanism against air-gapped systems

The latest research has found a new data exfiltration mechanism that utilizes Ethernet cables as a transmitting antenna tool in siphoning sensitive data furtively from air-gapped systems. A security analyst stated that it is an interesting concern how the wires that are supposed to protect air-gap systems become the cause of vulnerability in attacks.  This new data exfiltration mechanism called “LANtenna Attack” allows malicious codes found in air-gapped...
Continue Reading
Two step verification Google users user account security

Two-step verification now required to millions of Google users for additional user account security

A publication was released by Google recently regarding the company’s plans of increasing user account security. This plan includes an aim to auto-enroll 150 million Google users into a two-step verification or 2SV process by the end of 2021 and oblige more than 2 million YouTube creators to activate the 2SV.  To improve user account security, Google takes a new step and fosters its existing measures such as...
Continue Reading
Luxury department store Neiman Marcus data breach compromised data

Luxury department store, Neiman Marcus, gets hit by data breach affecting millions

Neiman Marcus, an American luxury department store chain in the ownership of Neiman Marcus Group (NMG) located in Dallas, Texas, has warned millions of their worldwide clients about their online accounts being susceptible to a major data breach. The impacted customers have reached over 4.6 million people, of which they have sent notifications regarding the attack that may have begun by May last year.  From the clients’...
Continue Reading
GriftHorse Trojan malware infects Android devices

GriftHorse Trojan infects over 10 million Android devices worldwide

Over 10 million Android devices from more than 70 countries have reportedly been infected by a large-scale malware campaign wherein victims are unknowingly deceived into subscribing to many expensive paid services. GriftHorse trojan is the malware used for the campaign that is now active for about five months.    A GriftHorse Trojan infected Android devices are subscribed to expensive premium services, allowing threat...
Continue Reading
Top 14 Android mobile Apps Firebase misconfigured

Top 14 Android Apps with Millions of installs are Firebase misconfigured

The research revealed that nine out of fourteen android apps, which have more than 30 million users, are potentially leaking data. The top 14 Android apps with over a hundred million installs are at risk for being Firebase misconfigured. Unauthorized parties might access these apps and expose confidential data.     Almost everyone has an Android app installed on their...
Continue Reading
personal health information American Mental Healthcare provider exposed Data Breach

Thousands of personal health information of two American Mental Healthcare providers exposed to Data Breach

Two mental healthcare providers in America have been exposed to a data breach that has compromised thousands of affected people’s personal health information (PHI).  The first one is Horizon House, Inc., a mental healthcare provider located in Philadelphia, Pennsylvania. Last March 5, Horizon House discovered suspicious activity in their IT networks and revealed from the investigation that ransomware has infected their IT systems. The healthcare provider took...
Continue Reading
Cyber security risks server misconfigurations Apache Airflow Platforms

Cyber security risks threaten organizations that perform misconfigurations to Apache Airflow Platforms

Apache Airflow is an open-source platform that is popular among organizations. They use it in scheduling and managing workflows. But according to researchers, misconfigurations in Apache Airflow can endanger credentials and other sensitive records to the internet and be involved in a possible cyber security risk.  From the latest discovery of security researchers, there have been...
Continue Reading
Ecommerce firm Next Level Apparel email phishing

E-commerce firm, Next Level Apparel suffered email phishing that affects some employees

An American e-commerce firm and leading designer and manufacturer of clothing items, Next Level Apparel, has recently experienced a data breach issue that affected its employees’ email accounts. As reported by the firm’s issued press release, a small number of employee email accounts have been compromised to an email phishing incident. The attack has given threat actors unauthorized access to sensitive company information.  The exposed sensitive...
Continue Reading
Cloud storage applications malware downloads ransomware

Cloud storage applications top the most utilized avenue of malware downloads, according to recent studies

Cyberattacks have been utilizing cloud applications as an avenue of distributing malware, as per recent studies. Researchers have identified that 68% of malware downloads were derived from cloud applications for the 2nd quarter of 2021. Cloud-based misconfigurations are often a contributing factor in terms of these issues.    About 66.4% of malware downloads for the 2nd quarter...
Continue Reading
GSS European call centre provider unreachable ransomware attack

GSS, a European call centre provider, has been unreachable due to ransomware attack

One of Europe’s largest customer care and call centre providers, GSS, has undergone a devastating ransomware attack resulting in a massive freeze in its IT systems and has halted call centre services across its Spanish-speaking customer base. GSS is also a Spanish and Latin America division of the Covisian firm. This week, many call centres and customer...
Continue Reading
Double chats scheme unveiled REvil Ransomware gang cheat partners dark web

Double chats scheme unveiled by REvil Ransomware gang to cheat on partners

REvil, a private ransomware-as-a-service (RaaS) group from Russia, has reportedly come back to its operations intending to cheat on its affiliates. According to reports made by security researchers, the ransomware gang cheats on its partners so they will be able to rob all ransom payments from their victims.  The operators of the REvil RaaS were reported...
Continue Reading
Daily operations disrupted ransomware attack Crystal Valley Cooperative

Daily operations disrupted as ransomware hits Crystal Valley Cooperative

Crystal Valley, a farm supply and grain marketing organization from Minnesota, has been hit by a ransomware attack, as confirmed from their Facebook post last September 19. The website went down temporarily as a result of the attack. As of now, it is working  The firm said from their statement that their computer systems have been attacked, disrupting its...
Continue Reading
Pandora Papers Data Leak offshore bank account data the world’s most powerful

Recent revelations about Pandora Papers: Leak exposing offshore bank account data of the world’s most powerful

The Pandora Papers involve a series of investigations regarding the recent leak of the illegal dealings of corrupted, wealthy, and influential individuals and their offshore bank accounts to conceal their unprecedented collection of money amounting to more than trillions of dollars.  Partnering with 600 journalists from over 100 media firms worldwide, the International Consortium of Investigative Journalists (ICIJ) holds the investigation. The group has already acquired about 11.9 million worth of confidential documents from different financial and...
Continue Reading
300k Subdomains exploited Phishing-as-a-Service Scam phishing attack

300,000 Subdomains gets exploited by a newly discovered Phishing-as-a-Service Scam

Microsoft reported a newly found Phishing-as-a-Service operation last Tuesday, which has used a high-volume 300,000 distinct and newly created subdomains that are operated in a single run. According to the tech giant, they discovered the campaign amid their research about phishing attacks triggered by the phishing-as-a-service operation named BulletProofLink. The procedure is reported to be offering low-cost domain hosting, email...
Continue Reading
5 Million files Colombia Real Estate customers exposed data breach compromised data aws

5.5 Million files of Colombian Real Estate customers got exposed in Data Breach

Researchers have found a data breach consisting of about 5.5 million exposed files, totalling over 1TB of data. The leaked information has affected more than 100,000 Colombian real estate customers.  According to the statements reported by the researchers, the leaked information was not encrypted. Therefore it does not require any password or login credentials to be able for anyone to...
Continue Reading
Spam campaign attacks new techniques South American organizations

Spam campaign attacks revise its techniques against South American organizations

Researchers have found that a spam campaign has revised its methods to add an extensive commodity remote access trojans or RATs and geolocation filtering to evade being detected by authorities. The said spam campaign focuses on distributing spear-phishing emails towards South American organizations.  According to security researchers, the attacks were attributed to an advanced persistent threat or APT...
Continue Reading
1 2 3 33