Arizona’s Empowerment Scholarship Account program experienced a data breach where personal information of students, including names and disability categories, was viewable on the program’s financial vendor’s website.
Proofpoint discovered a new malware WikiLoader, a sophisticated malware downloader that targets Italian organizations to drop Ursnif trojan. It uses multiple evasion techniques to make detection and analysis difficult. Organizations and network defenders must leverage IOCs related to the malware to understand the current attack patterns and enhance the defense approaches to stay safe.
A little-known American internet hosting company appears to be partially enabling a “wide range” of cybercrime, nation-state hackers and a sanctioned spyware vendor, researchers alleged Tuesday.
The idea behind using Google AMP URLs embedded in phishing emails is to make sure that email protection technology does not flag messages as malicious or suspicious due to Google’s good reputation.
The round was led by Andreessen Horowitz (a16z), along with participation from Abstract Ventures, Wndrco, Unusual Ventures, and a high-profile list of angel investors, including the co-founders of Box, Figma, Okta, Vercel, and Eventbrite.
This novel campaign, believed to be perpetrated by a threat actor of Vietnamese origin, is part of a growing trend of attackers targeting Facebook business accounts for advertising fraud and other purposes in the past year.
“This funding will enable us to expand our outreach and grow our bench of in-house experts while accelerating the availability of the Converge platform worldwide,” the newly appointed CEO, Tom Kang, said.
Aquasec researchers have discovered cybercriminals targeting unsecured Jupyter notebooks in the new Meow attack campaign, which is currently affecting hundreds of publicly accessible databases online. These criminals have wiped out data from over 4,000 databases, including Cassandra, CouchDB, Redis, Hadoop, Jenkins, and Apache ZooKeeper. Databases at organizations must be scrutinized to identify any security gaps.
Facebook’s subsidiaries, including Onavo, have been ordered to pay $14 million in an Australian court case for undisclosed data collection through a now-discontinued VPN, highlighting the company’s privacy issues.
Despite both the rise in threats and the high percentage of respondents whose organizations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience, according to BigID.