Mobile Security
Student Loan Breach Exposes 2.5M Records
EdFinancial and the Oklahoma Student Loan Authority (OSLA) are notifying over 2.5 million loanees that their personal data was exposed in a data breach. The
Watering Hole Attacks Push ScanBox Keylogger
A China-based threat actor has ramped up efforts to distribute the ScanBox reconnaissance framework to victims that include domestic Australian organizations and offshore energy firms
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organizations being compromised.
Ransomware Attacks are on the Rise
After a recent dip, ransomware attacks are back on the rise. According to data released by NCC Group, the resurgence is being led by old
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw. Hikvision – short
Twitter Whistleblower Complaint: The TL;DR Version
A recently surfaced 84-page whistleblower report filed with the US government by Twitter’s former head of security Peiter “Mudge” Zatko last month blasts his former
Firewall Bug Under Active Attack Triggers CISA Warning
Software running Palo Alto Networks’ firewalls is under attack, prompting U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue a warning to public and federal
Fake Reservation Links Prey on Weary Travelers
A longtime threat group identified as TA558 has ramped up efforts to target the travel and hospitality industries. After a lull in activity, believed tied
iPhone Users Urged to Update to Patch 2 Zero-Days Under Attack
Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack. The
Google Patches Chrome’s Fifth Zero-Day of the Year
Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable