Neowin

Be an expert on InfoSec4TC with unlimited access to self-paced courses on GSEC, CISSP and more with this cyber security training and save hundreds of dollars off the normal cost via Neowin Deals.

Australian digital payments and lending company Latitude Financial has suffered a hacking incident. This allows cybercriminals to get a hold of the identification documents of 328,000 customers.

CloudSEK has discovered that threat actors are recently posting YouTube videos that "offer" cracked software downloads. They are even using AI-generated avatars to make the clips look legitimate.

A new research paper discovered 721.5 million credentials exposed online. According to the study, 50% of the data came from botnets that deployed information-stealing malware to victims' devices.

The Housing Authority of the City of Los Angeles recently announced that it suffered a data breach due to a ransomware attack. The incident gave hackers access to members' sensitive information.

Microsoft is set to introduce enhanced security to its OneNote program. This comes after threat actors started exploiting the note-taking app for their phishing campaigns to steal sensitive data.

Microsoft's Security Intelligence team recently found that threat actors behind business email compromise attacks are now moving quickly to avoid detection and stop victims from blocking the attack.

Computer company Acer recently confirmed that it suffered a data breach after a threat actor started selling some of its sensitive data online. No consumer data was reportedly affected.

A piece of cryptojacking malware was recently found hiding in pirated versions of Apple programs, such as Final Cut Pro and Logic Pro X. The malware can easily avoid detection through a script.

Telecommunications company Telus is looking into the possibility of a data breach. This comes after a cybercriminal allegedly gained access to employee data, GitHub repositories, and more.

Fruits and vegetables company Dole recently suffered a ransomware attack that forced it to shut down its production plants. The company is working with experts to remediate the issue.

Threat actors were recently seen advertising fake ChatGPT apps for Windows and Android. When downloaded, the apps will steal sensitive information or subscribe the victim to premium services.

A botnet called "Mylobot" is infecting over 50,000 devices daily, according to a recent report. Mylobot can download more malware, send spam emails, and even remain idle to avoid detection.

An information-stealing malware called "Stealc" was recently seen being advertised to other cybercriminals on the dark web. It can also be contracted through fake software crack websites.

The threat actors behind a ransomware strain called "HardBit" were recently seen asking victims to provide them with their insurance details. This is so they can tailor their demand within the policy.

Software giant Atlassian recently suffered a data breach. The company blamed the incident on Envoy, a third-party workplace management services provider. However, Envoy countered this claim.

The cybercriminals behind the ESXiArgs ransomware have created a new variant that evades the recovery script that the U.S. CISA recently released. The new version also comes with a new ransom note.

Pepsi Bottling Ventures has suffered a data breach as a result of an unknown party installing information-stealing malware on its internal systems. The breach occurred as early as December 23, 2022.

The email account of domain registrar Namecheap was recently hacked, which allowed criminals to distribute phishing emails. The company has since rectified the issue after stopping all emails.

Reddit recently suffered a security breach that allowed cybercriminals to access some of its internal data and systems. The incident was a result of a successful phishing attack against the company.

Google Fi recently suffered a data breach that allowed hackers to access various data like phone numbers and account statuses. It's likely that the hack is connected to the recent T-Mobile breach.

A ransomware strain that exploits a legitimate Windows search tool has recently been discovered by security researchers. The new variant can disable Windows Defender and even prevent shutdowns.

According to new research by cybersecurity firm Check Point, Yahoo was the most impersonated brand by cybercriminals who sent phishing emails. Others who made the list include Google and DHL.

Because Microsoft has now blocked macros by default on Office files, cybercriminals are now using digital note-taking app OneNote to victimize people and infect their devices with malware.

A new Pokémon-themed malware campaign has been discovered online. While it disguises itself as a trading card game where players can earn NFTs, it actually downloads a remote access tool.

Be an expert on InfoSec4TC with unlimited access to self-paced courses on GSEC, CISSP and more with this cyber security training and save hundreds of dollars off the normal cost via Neowin Deals.

The information of about 235 million Twitter users has been leaked. The leak contains names, email addresses, Twitter handles, and follower count. The data is even free for anyone to download.

Access management solutions provider Okta recently had its GitHub source code repositories hacked. The company assures the public that no customer data was stolen, and Okta remains operational.

An Android threat campaign using fraudulent educational apps was recently found. It can capture various Facebook information such as profile name, email address, password, and phone number.

Be careful before you install that TikTok "unfiltering" software — it might be loaded with malware that can steal your passwords, Discord accounts, cryptocurrency wallets, and credit card data.

Popular file hosting service Dropbox recently suffered a data breach that gave threat actors access to 130 of its code repositories. This was after Dropbox employees fell victim to a phishing scam.

Not long after Twitter's new CEO Elon Musk announced his plans to revamp the platform's verification process, cybercriminals are already exploiting the situation by sending out phishing emails.

A newly discovered ransomware strain is framing cybersecurity experts by claiming that they are the ones behind the attacks. However, the people blamed are not associated in any way with the malware.

The ticketing website, See Tickets, was affected by a major data breach in 2019 that went undetected for two years, and was only shut down in January, potentially impacting millions of customers.

A study by cybersecurity experts in Scotland found that passwords can be cracked by analyzing the traces of heat left by a person's fingertips when they enter their password on a keyboard or phone.