A large-scale cyberattack has disrupted operations at oil terminals in Belgium, Germany and the Netherlands with ransomware affecting fuel distribution, oil storage and transport around the world, including Oiltanking in Germany, SEA-Invest in Belgium and Evos in the Netherlands.
Researchers report that because of increased use of multifactor authentication, attackers are developing phishing kits that steal tokens and bypass this trusted layer of security, enabling them to "man in the middle" a browser session and steal credentials and session cookies in real time.
Eset says it has patched a high-severity privilege escalation bug affecting its clients who use Windows-based systems. The company has released software updates for all affected versions of its product, as well as a workaround, and says no exploits have been reported.
ThycoticCentrify renames itself Delinea to grow as a "seamless" security solution. Other acquisitions focus on providing tools to developers to better secure applications and software, boost healthcare device security, fight against chargeback fraud and bring smaller organizations into compliance.
Some of the biggest cybercrime-focused darknet markets selling stolen payment card data, passwords, malware and more have retired in the past year, with administrators oftentimes boasting it's because they've gotten rich. As they exit, other players remain ready to grab their market share, experts say.
Multinational media company News Corp was the target of a cyberattack that exposed emails and employee documents - including those belonging to journalists, the company confirmed on Friday. To investigate, News Corp has hired cybersecurity firm Mandiant, which says the attack has a "China nexus."
Four ISMG editors discuss important cybersecurity issues, including misconceptions around Zero Trust implementation, lessons learned from the crippling NotPetya malware attack of 2017 that nearly sank logistics giant Maersk and how a Russian cyberwar in Ukraine could move beyond its borders.
The latest edition of the ISMG Security Report features an analysis of how Russia's escalation in Ukraine is raising cyber defense alarms. It also describes how a Dark Overlord collaborator received a three-year prison sentence and shares tips for Zero Trust implementation.
A New York federal court has recommended the dismissal of a class action lawsuit filed against medical practice management vendor Practicefirst in the aftermath of a 2020 ransomware attack that involved data exfiltration and affected the personal and health information of 1.2 million individuals.
A popular British supplier of crisps revealed in a letter to grocery wholesaler Nisa on Wednesday that it had been the victim of a cyberattack. KP Snacks has stopped its orders, causing stores to worry that its products will be in short supply. Ransomware group Conti is allegedly behind the attack.
A new wave of Delphi malware called Micropsia, developed and operated by the Arid Viper APT group, is reported to be targeting Palestinian entities and activists using politically themed lures in an ongoing campaign, according to researchers at Cisco Talos.
Greek data protection authority Hellenic DPA has imposed fines totaling more than $10 million on two telecommunication companies for GDPR violations including inadequate information disclosure to subscribers in the wake of data breaches, illegal data processing and inadequate security measures.
U.S. DHS Secretary Alejandro Mayorkas confirmed on Thursday that the department is establishing a Cyber Safety Review Board, as directed by President Joe Biden's sweeping cybersecurity executive order signed in May 2021. The board aims to mirror the work of the National Transportation Safety Board.
The Wormhole network, a token bridge that allows users to trade multiple cryptocurrencies without a centralized exchange, has been exploited for 120,000 wETH tokens ($321 million). The company says it has issued a fix for the flaw and is working to "get the network back up as soon as possible."
The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.