Cyberattackers Hoop NBA Fan Data via Third-Party Vendor
As it moves into the final stretch of its regular season, the National Basketball Association said over the weekend that “an unauthorized third party” netted a database filled with the names and email addresses of fans. The data was housed by a newsletter service that it partners with, the NBA noted in a letter to…
40% of Global ICS Systems Attacked With Malware in 2022
More than 40% of the total number of global industrial control systems (ICS) computers saw some kind of malicious attack during the course of 2022. This volume of cyberattacks against industrial systems was led by growth in Russia, which, as a region, saw a full 9 percentage-point increase in malicious activity in 2022, according to…
Russian Influence Duo Targets Politicians, CEOs for Embarrassing Video Calls
A Russian duo notorious for pranking numerous high-profile individuals, including Canadian Prime Minister Trudeau, is at it again — this time seeking to embarrass public figures that have expressed support for Ukraine in its war with Russia. Over the past year, the two individuals — known publicly as Vovan and Lexus — have targeted high-ranking…
AI-Powered ‘BlackMamba’ Keylogging Attack Evades Modern EDR Security
A proof-of-concept, artificial intelligence (AI)-driven cyberattack that changes its code on the fly can slip past the latest automated security-detection technology, demonstrating the potential for creating undetectable malware. Researchers from HYAS Labs demonstrated the proof-of-concept attack, which they call BlackMamba, which exploits a large language model (LLM) — the technology on which ChatGPT is based…
Hacker Cracks Toyota Customer Search Tool
A production API in Toyota’s C360 customer relationship management (CRM) tool loaded with the personal information of an unknown number of the carmaker’s customers in Mexico was found to expose reams of sensitive data. A disclosure from threat hunter Eaton Zveare outlines how it was possible to access Toyota customers’ names, addresses, phone numbers, emails,…
Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn’t in place for the service. In a recent…
Shein Shopping App Glitch Copies Android Clipboard Contents
A version of the Shein shopping application in the Google Play store with more than 100 million downloads was unnecessarily accessing Android-device clipboard contents, creating a potential security threat, according to Microsoft. The software giant said in a blog post from Microsoft Threat Intelligence that it asked Shein to remove the feature from its Android…
Police Raid Rounds Up Core Members of DoppelPaymer Ransomware Gang
On Feb. 28, multiple police forces carried out a coordinated action against two suspected members of the cybercrime gang behind the DoppelPaymer ransomware. These latest raids, revealed on March 6 by Europol, follow a series of other law enforcement campaigns against prominent ransomware groups in recent years. “We’ve seen an increase in the velocity of…
EV Charging Infrastructure Offers an Electric Cyberattack Opportunity
As electric vehicle (EV) charging infrastructure rushes to keep pace with the dramatic rise in sales of electric vehicles in the United States, cyberattackers and security researchers alike have already started focusing on security weaknesses in the infrastructure. In February, researchers with energy-network cybersecurity firm Saiflow discovered two vulnerabilities in the Open Charge Point Protocol…
Indigo Books Refuses LockBit Ransomware Demand
Indigo Books, the company behind Chapters stores and the largest bookseller in Canada, let the deadline to pay a ransomware demand expire, risking the release of employee data. A LockBit ransomware affiliate group set a Thursday at 3:39 p.m. EST deadline to pay, but Indigo flatly rejected the notion, explaining the extortion money could “end…
