Items tagged with data sovereignty
Last November, two weeks after the Biden administration held the second International Counter Ransomware Summit, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) published a joint cybersecurity advisory warning...
Read more...
TA444 is an advanced persistent threat (APT) group believed to be associated with the North Korean government. However, rather than receiving financial backing from its government, the group seems to bring in revenue for the government. Unlike most state-backed APTs, such as China’s Aoqin Dragon or Iran’s Charming...
Read more...
A new report claims that a law enforcement app leaked the personal details of suspects and police officers involved in major police operations going all the way back to 2011. SweepWizard, the app in question, was developed by ODIN Intelligence to help police coordinate multi-agency raids, such as Operation Protect the...
Read more...
Cybersecurity researchers at ASEC have uncovered a threat campaign distributing remote access software under the guise of a Pokémon NFT card game. While many threat campaigns distribute Remote Access Trojans (RATs) that operate in the background to grant threat actors access to compromised systems, this particular...
Read more...
This week, Lake Charles Memorial Health System (LCMHS) in Louisiana published a notice informing its patients of a cybersecurity incident that occurred back in October of this year. According to the notice, threat actors gained unauthorized access to the healthcare system’s internal network between October 20 and 21...
Read more...
BIT Mining Limited has published a news release disclosing that the cryptocurrency mining pool run by its subsidiary, BTC.com, suffered a cyberattack earlier this month on December 3. In the course of the attack, threat actors stole cryptocurrency valuing approximately $3 million in total. BIT Mining has informed...
Read more...
Back in August of this year, an unknown actor operating under the username “devil” posted information relating to 5.4 million Twitter users for sale on BreachForums. This data included the email addresses and phone numbers tied to users’ accounts. Now, someone with the username “Ryushi” claims to be selling a similar...
Read more...
Back in August of this year, the password manager LastPass suffered a security breach that resulted in the theft of proprietary technical information and portions of the company’s source code. Hackers then used the stolen information to breach LastPass again at the end of November. Shortly after this follow-up breach...
Read more...
iRobot’s automated Roomba vacuum cleaners have been navigating households for many years using infrared sensors. However, the company has equipped some of its more recent Roomba models with visible light cameras. As it turns out, these cameras can capture images of people in compromising positions, and these images...
Read more...
Gemini, the cryptocurrency exchange founded by the Winklevoss twins, published a blog post this week warning about phishing campaigns targeting its customers. These phishing campaigns are likely related to a previously undisclosed data breach that exposed the email addresses of the exchange’s 5.7 million customers...
Read more...
Joint research conducted by cybersecurity firms Checkmarx and Illustria has revealed a massive phishing campaign that flooded open source repositories with over 144,000 packages. Unlike many other campaigns that involve the distribution of software packages, this newly discovered campaign didn’t attempt to distribute...
Read more...
The cuteness of kittens is widely recognized and appreciated on the internet, but there’s nothing cute about the Iranian Advanced Persistent Threat (APT) known as “Charming Kitten.” Also known as TA453 or APT42, this threat group has been conducting cyber espionage at the behest of the Iranian regime since at least...
Read more...
In the course of investigating an Android banking Trojan known as “Ermac,” cybersecurity researchers at ThreatFabric recently discovered a service that takes legitimate apps and turns them into Trojans. The researchers have named this service “Zombinder,” as it binds a malware dropper to legitimate apps, effectively...
Read more...
Yesterday, Apple announced a set of new security features coming soon to iPhones. Among these features is an option to enable end-to-end encryption (E2EE) for iCloud backups. US users are slated to be the first group for which this feature will be widely available, with Apple targeting the end of the year for its US...
Read more...
Edward Snowden, the former NSA contractor turned mass surveillance whistleblower, officially became a Russian citizen in September of this year when Russian president Vladimir Putin signed a decree granting citizenship to Snowden and seventy-four other foreigners residing in the country. Last week, Snowden’s lawyer...
Read more...
The proliferation of “smart” devices within the home has raised privacy concerns as it has become more apparent that the companies selling these devices often have access to data and media collected by the devices. Eufy, a sub-brand of the popular Chinese electronics manufacturer Anker Innovations, tries to capitalize...
Read more...
Researchers at the cybersecurity company Cyble have published a technical analysis of a new ransomware known as “AXLocker.” Aside from the regular data encryption performed by ransomware, AXLocker also searches victims’ systems for Discord login tokens, then hands these tokens over to the threat actor behind the...
Read more...
Two weeks ago, the Biden administration convened the second International Counter Ransomware Summit, warning that ransomware attacks are outpacing efforts to mitigate them. Now, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and...
Read more...
Almost a year ago exactly, DuckDuckGo introduced a new App Tracking Protection feature for its Android browser app as part of the company’s plan to build an all-in-one privacy app that extends beyond just web browsing and search results. DuckDuckGo initially launched this new feature in closed beta, but, as of...
Read more...
Threat researchers at the cybersecurity firm Proofpoint have discovered an extensive malware campaign targeting readers of online news outlets. A threat actor tracked as TA569, also known as SocGholish, has managed to compromise the infrastructure of a media company that serves content to a large number of news...
Read more...
Yesterday, the cloud storage provider Dropbox disclosed a recent phishing attack targeting the company’s employees that resulted in unauthorized access to 130 of its GitHub repositories. Fortunately, the incident didn’t escalate to a breach affecting any users’ Dropbox content, passwords, or payment information...
Read more...
Today and tomorrow, the White House is convening the second International Counter Ransomware Summit with representatives from over thirty countries and fifteen cybersecurity companies in attendance. This event comes after last year’s first ever summit of the same name, which was held virtually. Leading up to this...
Read more...
