A critical persistence technique in AWS Identity and Access Management (IAM) stemming from its eventual consistency model, allowing attackers to retain access even after defenders delete compromised access keys. AWS IAM, like many distributed systems, employs eventual consistency to scale across regions and replicas. Updates to resources such as access keys or policies propagate with a predictable […]
Hackers affiliated with the Scattered Lapsus$ Hunters might be preparing a threat campaign against Zendesk environments, according to Reliaquest researchers. About 40 typoquatting and impersonating domains have been created over the past six months that mimic Zendesk environments, according to a blog published Wednesday by Reliaquest. Zendesk is a company that provides cloud-based customer service […]
India’s telecoms ministry has privately asked smartphone makers to preload all new devices with a state-owned cybersecurity app that cannot be deleted, a government order showed, a move likely to antagonise Apple and privacy advocates. In tackling a recent surge of cybercrime and hacking, India is joining authorities worldwide, most recently in Russia, to frame rules blocking the use […]
One of the banking industry’s biggest vendors is responding to a cyberattack that has compromised some of its clients’ sensitive data. SitusAMC, which major banks use to manage their real-estate loans and mortgages, announced on Saturday that hackers broke into its systems on Nov. 12 and stole data that included banks’ “accounting records and legal agreements,” as […]
Australia’s mining and manufacturing sectors are taking up to two years to notice and report cyber breaches to authorities, prompting concerns about the cybersecurity of industries critical to the nation’s economy. New figures obtained under Freedom of Information (FOI) laws show 187 data breaches across the two sectors have exposed the personal information of up […]
Microsoft Azure thwarted what may be the largest distributed denial-of-service (DDoS) attack ever recorded in the cloud on October 24. The attack peaked at 15.72 terabits per second (Tbps) and unleashed nearly 3.64 billion packets per second (pps), targeting a single endpoint in Australia. Azure’s automated DDoS Protection service sprang into action, filtering out the […]
Synnovis, a leading UK pathology services provider, is notifying healthcare providers that a data breach occurred following a ransomware attack in June 2024, which resulted in the theft of some patients’ data. Founded in 2021, Synnovis is a partnership between international medical diagnostics provider SYNLAB, Guy’s and St Thomas’ NHS Foundation Trust, and King’s College Hospital NHS Foundation Trust. It […]
According to a recent report by Bloomberg, the cybersecurity arm of China has openly accused the US government of orchestrating the theft of approximately $13 billion in Bitcoin (BTC), adding tension to the ongoing cyber relations between the two nations. China Alleges State-Level Operation The incident in question revolves around the theft of 127,272 BTC […]
A cybersecurity breach discovered last week affecting the Congressional Budget Office is now considered “ongoing,” threatening both incoming and outgoing correspondence around Congress’ nonpartisan scorekeeper. Employees at the Library of Congress were warned in a Monday email, obtained by POLITICO, that the CBO cybersecurity incident is “affecting its email communications” and that library staff should […]
Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI’s ChatGPT artificial intelligence (AI) chatbot that could be exploited by an attacker to steal personal information from users’ memories and chat histories without their knowledge. The seven vulnerabilities and attack techniques, according to Tenable, were found in OpenAI’s GPT-4o and GPT-5 models. OpenAI has since addressed some […]