LinkedIn Hit With $335M Fine for Data Privacy Violations
The networking company found liable for illegally gathering user data for targeted advertising by the Irish Data Protection Commission.
Russia’s APT29 Mimics AWS Domains to Steal Windows Credentials
Kremlin intelligence carried out a wide-scale phishing campaign in contrast to its usual, more targeted operations.
SEC Fines Companies Millions for Downplaying SolarWinds Breach
Four companies — Avaya, Check Point, Mimecast, and Unisys — have been charged by the SEC for misleading disclosures in…
AWS’s Predictable Bucket Names Make Accounts Easier to Crack
Amazon's open source Cloud Development Kit generates dangerously predictable naming patterns that could lead to an account takeover.
Lazarus Group Exploits Chrome Zero-Day in Latest Campaign
The North Korean actor is going after cryptocurrency investors worldwide leveraging a genuine-looking game site and AI-generated content and images.
Russian Trolls Pose as Reputable Media to Sow US Election Chaos
Operation Overload pushes dressed up Russian state propaganda with the aim of flooding the US with election disinformation.
Samsung Zero-Day Vuln Under Active Exploit, Google Warns
If exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.
Russia-Linked Hackers Attack Japan’s Govt, Ports
Russia-linked hackers have taken aim at Japan, following its ramping up of military exercises with regional allies and the increase…
Unmanaged Cloud Credentials Pose Risk to Half of Orgs
These types of "long-lived" credentials pose a risk for users across all major cloud service providers, and must meet their…
DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks
The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up…