At least four separate plaintiffs allege the company was negligent for allowing their sensitive personal data to be stolen in a social engineering attack by criminal threat groups.
Ukrainian cybersecurity officials have reported that the recent espionage campaigns targeted entities involved in investigating war crimes, such as the prosecutor general’s office and courts.
The attacks have caused significant problems for retailers, with issues such as inventory management and order fulfillment still not resolved. Retailers have reported glitches and loss of sales due to the cyberattack.
The incident did not affect systems that connect with customers or suppliers, and the company is working with its insurer to make claims under its cyber insurance coverage.
The attack involves creating fake commit messages titled “fix” to introduce malware that extracts secrets from targeted repositories and steals passwords from web-form submissions.
Researchers have discovered the infrastructure linked to a threat group called ShadowSyndicate, believed to have launched attacks using seven distinct ransomware families in the last year. ShadowSyndicate has been identified as using a consistent SSH fingerprint across 85 servers.
A new malware strain called ZenRAT has emerged in the wild to steal information from Windows systems. It was initially discovered on a website pretending to be associated with the open-source password manager Bitwarden. People should be wary of ads in search engine results as they remain a major driver of malware infection.
A new report from Akamai revealed that financial services organizations in the EMEA region suffered around one billion web app and API attacks during the period, with insurance the most attacked sub-sector, accounting for 55% of all web attacks.
The US Cybersecurity and Infrastructure Security Agency (CISA) has published new guidance designed to improve the accuracy of risk assessments related to hardware products in the supply chain.
CISOs often face being used as scapegoats for security incidents, leading to high turnover rates in the role. Lack of board support and prioritization of cybersecurity contributes to CISO churn.