The FBI obtained a court order to remove hackers’ web shells from the still-compromised Microsoft Exchange servers without informing the owners until the operation was concluded.
Staff Correspondent at CPO Magazine
Alicia Hope has been a journalist for more than 5 years, reporting on technology, cyber security and data privacy news.
Threat intelligence firm Group-IB says cybercriminals actively used Google Forms and Telegram bots to collect stolen data from exploit kits during phishing attacks.
The gift cards belonged to 3,010 companies, including Amazon and Walmart, and were allegedly stolen from Cardpool’s backend. Both sales closed very quickly on the dark web forum.
Onapsis and SAP say that cybercriminals are actively exploiting known SAP security vulnerabilities in the wild, sometimes with a cyber attack within 72 hours after patches are released.
A whistleblower says that Ubiquiti downplayed its data breach to protect its stocks. He claims that Ubiquiti was the source of the breach, and hackers gained administrative rights.
PHP open-source team averted a potential supply chain attack after hackers compromised their self-managed Git server and inserted malicious code in PHP’s “under development” version.
Hackers compromised carding site Card Mafia exposing 300,000 user account credentials. A hacker later offered the stolen data for free on a different hacking forum.
Cyber insurance firm CNA Financial potentially leaked clients’ data after being the victim of a sophisticated cyber attack that disrupted services. Data obtained may help hackers optimize targeting of firm’s customers.
California State Comptroller’s office leaked details of 9,000 people after a Microsoft 365 email account of an Unclaimed Property Division employee was hacked in a phishing attack.
NCC Group and Bad Packets detected cyber attacks targeting F5 critical vulnerabilities after proof-of-concept code and patches were released. CISA advised users to prioritize the installation of updates.
