It’s at least the third strain of wiper since the conflict began.
Researchers from cybersecurity firm ESET have discovered a new destructive wiper malware, dubbed CaddyWiper, that is affecting computer networks in Ukraine.
There have been some other high profile hacks recently.
Ubisoft says it experienced a “cyber security incident” last week that temporarily disrupted some games, systems, and services. The company does not believe player personal information was exposed. An entity seemingly representing the hacking group LAPSUS$ is taking responsibility.
MercadoLibre, one of the most important e-commerce companies in Latin America, confirmed unauthorized access to a part of its source code, in addition to confirming that the attackers managed to access the personal records of some 300,000 users. The company has not confirmed that its IT infrastructure was affected during the incident.
The Argentine firm confirmed the compromise of its systems after hackers from the Latin American group Lapsus$ threatened to expose confidential information from MercadoLibre and other e-commerce platforms. Faced with this threat, MercadoLibre enabled all its security and containment protocols, so it recommended that users of the platform change their passwords and monitor their account statements to prevent any attempt at malicious activity.
A report by cybersecurity firm Binarly points to the detection of 16 critical vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI), present in multiple HP enterprise devices. According to the researchers, threat actors can exploit these flaws to implant firmware capable of evading UEFI Secure Boot, Intel Boot Guard, and virtualization-based security measures.
Cybersecurity specialists reported the detection of multiple vulnerabilities in IBM Security QRadar SOAR. According to the report, successful exploitation of these flaws would allow the deployment of severe attack scenarios.
Below are brief descriptions of the reported flaws, in addition to their tracking keys and scorings assigned according to the Common Vulnerability Scoring System (CVSS).
Continue reading “3 XSS vulnerabilities in IBM Security QRadar SOAR: Update immediately” »
Hackers abuse Mitel devices to perform high-impact amplification attacks to stage massive DDoS attacks with a record-breaking amplification ratio.
Researchers have discovered three critical vulnerabilities in APC Smart-UPS.
Just as it wasn’t raining when Noah built the ark, companies must face the fact that they need to prepare — and educate the organization on — a well-thought-out response plan if a successful cyberattack does occur. Obviously, the worst time to plan your response to a cyberattack is when it happens.
With so many companies falling victim to cyberattacks, an entire cottage industry of Incident Response (IR) services has arisen. Thousands of IR engagements have helped surface best practices and preparedness guides to help those that have yet to fall victim to a cyberattack.
Recently, cybersecurity company Cynet provided an Incident Response plan Word template to help companies plan for this unfortunate occurrence.
Anthony J. Ferrante, Global Head of Cybersecurity and Senior Managing Director, FTI Consulting, Inc.
Artificial intelligence (AI) models are built with a type of machine learning called deep neural networks (DNNs), which are similar to neurons in the human brain. DNNs make the machine capable of mimicking human behaviors like decision making, reasoning and problem solving. This presentation will discuss the security, ethical and privacy concerns surrounding this technology. Learning Objectives:1: Understand that the solution to adversarial AI will come from a combination of technology and policy.2: Learn that coordinated efforts among key stakeholders will help to build a more secure future.3: Learn how to share intelligence information in the cybersecurity community to build strong defenses.
Samsung said on Monday that hackers breached its internal company data, gaining access to some source codes of Galaxy-branded devices like smartphones.
The statement from the South Korean electronics giant comes after hacking group Lapsus$ claimed over the weekend via its Telegram channel that it has stolen 190 gigabytes of confidential Samsung source code.
Samsung did not name any specific hackers in its statement nor what precise data was stolen.
