The Breach News

Live Webinar: Ensuring Audit-Ready Data Disposal in a High-Risk Compliance Landscape

Explore key topics such as Data Backup and Recovery, Data Loss Prevention (DLP), and Data Security. Presented by Blancco 60 Minutes As businesses increasingly modernize their infrastructures to meet demands for AI integration, cloud computing, and sustainability, the management of end-of-life technology has surfaced as a significant risk factor. With…

Read MoreLive Webinar: Ensuring Audit-Ready Data Disposal in a High-Risk Compliance Landscape

Lotus Blossom Hackers Compromise Official Notepad++ Hosting Infrastructure – gbhackers.com

Lotus Blossom Hackers Compromise Notepad++ Hosting Infrastructure In a significant cybersecurity incident, the Lotus Blossom attackers have successfully breached the official hosting infrastructure of Notepad++, a widely used text and source code editor. This breach raises concerns for users and businesses relying on Notepad++ for development and coding tasks, as…

Read MoreLotus Blossom Hackers Compromise Official Notepad++ Hosting Infrastructure – gbhackers.com

Unresolved Security Vulnerabilities Found in Various Document Management Systems

Multiple Vulnerabilities Identified in Document Management Systems Recent findings have highlighted several security vulnerabilities across prominent open-source and freemium Document Management Systems (DMS) offered by four vendors: LogicalDOC, Mayan, ONLYOFFICE, and OpenKM. These unpatched flaws expose organizations to potentially severe cyber threats. Cybersecurity firm Rapid7 has reported eight critical vulnerabilities…

Read MoreUnresolved Security Vulnerabilities Found in Various Document Management Systems

Emerging IoT Botnet Poses a Serious Threat to Internet Stability

A pressing cybersecurity risk has emerged just a year following the notorious Mirai botnet attack, which disrupted numerous Internet services through extensive DDoS attacks. Security researchers are now raising alarms about a new IoT botnet known as “IoT_reaper,” first identified by experts from Qihoo 360. This malware has distinct characteristics,…

Read MoreEmerging IoT Botnet Poses a Serious Threat to Internet Stability

Further Information Released on Alleged 17-Year-Old Author of Russian BlackPOS Malware

Recent Findings on BlackPOS Malware Developer In a significant update from cybersecurity firm IntelCrawler, details have emerged about the individual behind the notorious BlackPOS malware. This malware previously played a crucial role in the data breaches that affected well-known retailers such as Target and Neiman Marcus. Reports indicate that the…

Read MoreFurther Information Released on Alleged 17-Year-Old Author of Russian BlackPOS Malware

Using AI to Create Ransomware for Profit? Think Twice Before You Take the Risk

Transcript This transcript has been streamlined for clarity. Mathew Schwartz: Hello. I’m Mathew Schwartz from Information Security Media Group, and today I’m joined by Candid Wüest, a prominent security advocate at Xorlab. Candid, it’s a pleasure to have you here. Candid Wüest: Thank you for having me. Mathew Schwartz: You…

Read MoreUsing AI to Create Ransomware for Profit? Think Twice Before You Take the Risk

Data Protection Law Forces Hotels to Reevaluate Legacy Contracts

Indian Hotels Reassess Contracts Amid New Data Protection Law In the wake of the Digital Personal Data Protection (DPDP) Act’s implementation last year, numerous hotel operators across India are undertaking a significant review of their existing contracts with international partners and online booking platforms. This new privacy legislation imposes stringent…

Read MoreData Protection Law Forces Hotels to Reevaluate Legacy Contracts

CISA Alerts on Ongoing Attacks Targeting Vulnerabilities in Fortra MFT, TerraMaster NAS, and Intel Drivers

On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog, identifying three flaws currently being actively exploited. This addition underscores the persistent threat landscape faced by organizations, especially those in critical sectors. Among the newly acknowledged vulnerabilities is CVE-2022-24990, which affects TerraMaster network-attached…

Read MoreCISA Alerts on Ongoing Attacks Targeting Vulnerabilities in Fortra MFT, TerraMaster NAS, and Intel Drivers

DUHK Attack Enables Hackers to Retrieve Encryption Keys for VPNs and Web Sessions

New Cryptographic Vulnerability: DUHK A recent cryptographic vulnerability known as DUHK, which stands for “Don’t Use Hard-coded Keys,” has emerged as a significant concern for VPN and web browsing security. This non-trivial flaw could enable attackers to extract encryption keys, potentially compromising sensitive data. The DUHK vulnerability follows closely on…

Read MoreDUHK Attack Enables Hackers to Retrieve Encryption Keys for VPNs and Web Sessions