The leak consisted of publicly accessible environment files hosted on the airline’s website. It included MySQL database credentials, SMTP configuration, and other sensitive information, potentially allowing unauthorized access and phishing attacks.
While certified election systems are regularly tested, this represents the first time that manufacturers have voluntarily opened their systems to third-party scrutiny as part of a vulnerability disclosure process.
The new attack method, named GPU.zip, was discovered and detailed by representatives of the University of Texas at Austin, Carnegie Mellon University, University of Washington, and University of Illinois Urbana-Champaign.
The leaked data, including email and password pairs, provides cybercriminals with almost limitless attack capabilities, making affected users vulnerable to targeted phishing campaigns.
The ALPHV ransomware group, also known as the BlackCat hacker collective, has recently targeted three new victims in their cyberattacks. The group has demonstrated adaptability and employed advanced technical methods in their attacks.
“Smishing Triad” is leveraging compromised Apple iCloud accounts and illegally obtained databases containing personally identifiable information (PII) to carry out their attacks.
The stolen data includes names, addresses, health card numbers, and clinical information related to fertility, pregnancy, newborn, and child healthcare, with potential impacts on individuals from January 2010 to May 2023.
The flaw, CVE-2023-32315, allows attackers to bypass authentication and create new admin accounts, enabling them to install malicious Java plugins and execute arbitrary code on compromised servers.
The attack started on September 18, and officials immediately took steps to isolate and shut down affected systems. The Ministry of Finance assured that payment and payroll systems were on a separate network and that workers would be paid.
Through the acquisition, Stratascale professionals and their customers gain visibility of attack vectors and points of vulnerability, enhancing Stratascale’s ability to deliver proactive cybersecurity services.