Companies that fail to protect consumer data from Log4J attacks are at risk of facing Equifax-esque legal action and fines, the FTC warned.
The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries.
Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.
SEGA’s disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.
The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player.
Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites.
The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack.
The websites of the company and the Expresso newspaper, as well as all of its SIC TV channels remained offline Tuesday after the New Year’s weekend attack.
Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs.
Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution.