Data on more than 515,000 "highly vulnerable people" has been compromised as the result of a supply chain cyberattack, the International Committee of the Red Cross has disclosed. The organization's humanitarian activities are already being impacted.
OpenSubtitles, a website providing free movie subtitles, confirmed to its users today that it had been hacked last August and the hacker had demanded a ransom to remain silent about the attack and to delete the leaked data. This data breach affected 6,783,158 users.
The services of domain name registrar and web hosting provider Enom Inc. were plagued by downtime issues during a scheduled data center migration activity. An update on its support center says "extended" maintenance is complete, but customers still report issues accessing their websites and emails.
Mozilla has released its latest Firefox browser version 96 with a host of new features and improvements for both desktop and mobile browsing. Mozilla has also fixed 18 security vulnerabilities, including 9 high-severity issues and 9 other medium- or low-severity flaws.
As staff increasingly connect to networks using internet of things devices, researchers have found a new way of detecting malware on IoT devices. The method leverages electromagnetic field emanations and can detect stealthy malware on the devices even in the presence of obfuscation techniques.
QNAP, a Taiwan-based company that manufactures network-attached storage devices, urges users to take immediate actions to secure QNAP NAS device suite amid reports of wide targeting of all its networking devices by ransomware and brute-force attacks.
A ransomware attack disrupted the operations of Norway-based media company Amedia, which publishes more than 70 newspapers for 2 million readers. The Tuesday attack on the company's computer systems forced it to shut the presses, says Amedia's executive vice president of technology, Pål Nedregotten.
Seven vulnerabilities - including one rated critical and five high-severity - in Schneider Electric's EVlink products have been patched, according to security researcher Tony Nasr. Exploitation of the vulnerabilities would allow attackers to manipulate configurations and settings.
Microsoft's Azure App Service had a security flaw, which researchers call "NotLegit," that kept your Local Git repository publicly accessible, according to a security blog from Wiz.io. The source code of customer applications written in Java, Node, PHP, Python and Ruby was exposed for four years.
Threat actors have attempted to steal two-factor authentication codes from users of Australian cryptocurrency exchange CoinSpot, researchers say. The codes would help attackers perform "potentially unauthorized withdrawals from individual accounts," say analysts at Cofense Phishing Defense Center.
Microsoft Teams' link preview feature contains four vulnerabilities that allow attackers to access internal Microsoft services, spoof the link preview and - for Android users - leak their IP address and use DoS attacks against their Teams app/channels. Three of the four flaws remain unpatched.
A week after announcing a new bug bounty program called "Hack DHS," U.S. Department of Homeland Security Secretary Alejandro Mayorkas announced that DHS is expanding the scope of the program to include finding and patching Log4j-related vulnerabilities in the systems.
Sainsbury's, the U.K.’s second-largest chain of supermarkets, confirms that it suffered an outage in its payroll system caused by a cyberattack affecting its cloud-based payroll service supplier - the U.S.-based multinational firm Ultimate Kronos Group, which was hit by a cyberattack last week.
The Chinese state-sponsored threat group Tropic Trooper has resurfaced as Earth Centaur and is targeting the transportation industry and government agencies associated with that sector, according to new research from cybersecurity firm Trend Micro.