Hacker Cracks Toyota Customer Search Tool
A production API in Toyota’s C360 customer relationship management (CRM) tool loaded with the personal information of an unknown number of the carmaker’s customers in Mexico was found to expose reams of sensitive data. A disclosure from threat hunter Eaton Zveare outlines how it was possible to access Toyota customers’ names, addresses, phone numbers, emails,…
Indigo Books Refuses LockBit Ransomware Demand
Indigo Books, the company behind Chapters stores and the largest bookseller in Canada, let the deadline to pay a ransomware demand expire, risking the release of employee data. A LockBit ransomware affiliate group set a Thursday at 3:39 p.m. EST deadline to pay, but Indigo flatly rejected the notion, explaining the extortion money could “end…
6 Examples of the Evolution of a Scam Site
Fraudsters are getting more sophisticated about how they set up and make adjustments to brand impersonation scam sites — not just for phishing, but for all kinds of consumer fraud. A recent analysis by security researchers at Allure Security illustrates how brand impersonation sites are born, how they progress, and the evolutionary steps that fraudsters…
Phishers Trick Microsoft Into Granting Them ‘Verified’ Cloud Partner Status
Late last year, a group of threat actors managed to obtain “verified publisher” status through the Microsoft Cloud Partner Program (MCPP). This allowed them to surpass levels of brand impersonation ordinarily seen in phishing campaigns, as they distributed malicious applications bolstered by a verified blue badge only ever given to trusted vendors and service providers…
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year
SysKit, a SaaS software company, has published a report on the effects of digital transformation on IT admins and the current governance landscape. The survey found that 40% of companies experienced a data leak in the previous year, which can have severe consequences on an organization’s efficiency and result in large fines, downtime, and loss…
5 cybersecurity trends accelerating in 2023
Netwrix has released key cybersecurity trends that will affect organizations of all sizes in 2023. Here are five specific trends that you need to be aware of: The business of cybercrime will be further professionalized The return of malware strains like Emotet, Conti and Trickbot indicates an expansion of cybercrime for hire. In particular, the…
Killnet Gloats About DDoS Attacks Downing Starlink, White House
Killnet and its band of hacker collaborators are claiming they were able to pull off a trio of symbolic distributed denial-of-service (DDoS) attacks aimed at punishing some of the most critical supporters of Ukraine against the Russian invasion — Elon Musk’s Starlink satellite broadband service and the websites of the White House in the US…
Details Disclosed for OPC UA Vulnerabilities Exploited at ICS Hacking Competition
OPC UA (Open Platform Communications United Architecture) is a machine-to-machine communication protocol that is used by many industrial solutions providers to ensure interoperability between various types of industrial control systems (ICS). JFrog’s researchers discovered several vulnerabilities in OPC UA and disclosed some of them at the Pwn2Own Miami 2022 competition in April, where participants earned…
Phishing Bonanza: Social Engineering Savvy Skyrockets as Malicious Actors Cash In
This week, it came to light that gaming platform Roblox was breached via a phishing/social-engineering attack that led to the theft of internal documents and the leaking of them online in an extortion attempt. The hacker has posted documents on a forum that purport to contain information about some of Roblox’s most popular games and…
Peer Software partners with Pulsar Security to help enterprise customers combat ransomware attacks
Peer Software announced the formation of a strategic alliance with Pulsar Security. Through the alliance, Peer Software will leverage Pulsar Security’s team of cyber security experts to continuously monitor and analyze emerging and evolving ransomware and malware attack patterns on unstructured data. PeerGFS, an enterprise-class software solution that eases the deployment of a modern distributed…
