Researchers have discovered a 631GB database – which contained records on around four billion Chinese citizens – was left exposed on the internet. Bob Dyachenko, owner of Security Discovery, and the team at Cybernews, found the trove of personal information, which they believe was gathered and maintained to build comprehensive behavioural, economic and social profiles on Chinese […]
A new study from Palo Alto Networks says employees are using an average of 6.6 high-risk generative AI applications – including some unknown to CISOs The study, on the popularity of GenAI in organisations, analysed traffic logs from more than 7,000 PAN customers during the 12 months of 2024 to detect use of software-as-a-service apps such […]
A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. “The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy […]
£47 million was stolen by cybercriminals in a series of phishing attacks on HMRC where cybercriminals posed as taxpayers to claim repayments. HMRC were slow to report the incident. A Treasury Select Committee hearing yesterday heard how the accounts of an estimated 100,000 UK taxpayers were targeted in a series of phishing attacks last year. […]
Microsoft has launched a a European Security Programme (ESP) for government bodies in the region, throwing a protective embrace around all 27 European Union (EU) member states, EU accession candidates, European Free Trade Association members, the UK, Monaco and the Vatican. Recognising that the European cyber threat landscape is in a state of flux as […]
Global sportswear brand Adidas has confirmed that a data breach at a third-party customer service provider has compromised customer data. While no financial or password information was apparently accessed, the full extent of the breach – which stemmed from a cyberattack – remains unclear. In a statement released last Friday, the German company said it had recently […]
Sophos has warned managed service providers (MSPs) they are the targets of a ransomware attack that is hoping to exploit the systems the channel uses to monitor and service customers. The security vendor has shared its experiences tracking DragonForce attacks, which look to exploit vulnerabilities in remote monitoring and management (RMM) tools. It shared an example of […]
Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. Cisco Talos researcher Chetan Raghuprasad said: “CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on […]
University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust have had patient data stolen by hackers exploiting a critical vulnerability in mobile device management software. Two prominent NHS trusts have been targeted in a sophisticated cyberattack that saw sensitive data stolen after hackers exploited a critical vulnerability in a widely […]
Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. WSU is a prominent Australian institution offering various undergraduate, postgraduate, and research programs across multiple disciplines. It serves a student body of 47,000 and employs more than 4,500 permanent and seasonal staff, operating with an annual budget […]