The Ukrainian CERT has issued a statement saying that a "massive" Jester Stealer malware distribution campaign, designed to steal authentication data, is currently underway. The malware, operated by an unknown attacker, self-destructs after its operation is complete, the agency's statement says.
The European Parliament has granted Europol permission to receive and process datasets from private parties and pursue research projects for better handling of security-related cases. Use of these powers will be overseen by the European Data Protection Supervisor and the Fundamental Rights Officer.
Containers and cloud-based resources are being used to launch DoS attacks against Russian, Belarusian and Lithuanian websites. Cybersecurity firm CrowdStrike's researchers say that through their Docker Engine honeypots, they observed two different Docker images targeting these assets.
Kellogg Community College, or KCC, has resumed operations in all its five campuses - Battle Creek, Albion, Coldwater, Hastings and Fort Custer Industrial Park in Michigan - starting Wednesday. The college management had suspended classes on Monday as the result of a ransomware attack.
As Ukraine continues to be hit by cyberattacks from Russia, the State Service of Special Communication and Information Protection of Ukraine has sought to combat this offensive against the country's critical national infrastructure by going passwordless and using Yubico's security keys.
New cyber incident reporting rules are set to come into effect in the U.S. on May 1. Banks in the country will be required to notify regulators within 36 hours after an organization suffers a qualifying "computer-security incident." What does this mean for banks, and what are the likely challenges?
The Five Eyes intelligence alliance has released a set of the 15 most routinely exploited vulnerabilities in the past year. Nine of the 15 vulnerabilities allow remote code execution, and the rest include privilege escalation, security bypass and path traversal, among other flaws.
Ransomware group Stormous, in a Telegram post on Monday, said that it has breached and exfiltrated 161GB worth of critical data from beverage manufacturing giant Coca-Cola. The soft drink company has told Information Security Media Group that it is investigating the claim.
Australian software firm Atlassian has issued fixes for a critically rated vulnerability in its Jira software that could allow an unauthenticated attacker to remotely bypass authentication protections in place. Both Jira and Jira Service Management are vulnerable to this bug.
Pro-Russia threat group Killnet claims to have hit several victims with DDoS attacks in recent days. It targets victims that it believes are adversaries of Russia, and several critical infrastructure entities in the Czech Republic are known to have been successfully targeted.
The Conti ransomware group has been targeting the U.S. and its allies since the beginning of the Russia-Ukraine war. But in the latest large-scale attack on a single country, Conti has reportedly targeted at least five Costa Rican government agencies and leaked nearly 40GB of exfiltrated data.
Hours after global cryptocurrency exchange Currency.com announced it was halting operations in Russia, it faced - and thwarted - a distributed denial-of-service attack. The company's founder, Viktor Prokopenya, says the firm's "servers, systems and client data remained intact and uncompromised."
The Conti ransomware gang has claimed responsibility for the March 31 cyberattack on German wind turbine manufacturer Nordex, which was forced to turn off its IT systems at multiple locations across several business units. The Russia-linked threat group has added Nordex as a victim on its leak site.
U.S. government agencies, including the Department of Energy, CISA, the NSA and the FBI issued a joint cybersecurity advisory about advanced persistent threat actors using new tools and malwares to target industrial control systems and supervisory control and data acquisition devices.
The Dutch Data Protection Authority has imposed penalties of 3.7 million euros ($4 million) and 565,000 euros ($600,000) on the Dutch Tax and Customs Administration and the Ministry of Foreign Affairs, respectively, for violating the General Data Protection Regulation.