Subscription meal kit service Home Chef has confirmed that it recently suffered a data breach impacting customer information.Earlier this month, a group of hackers referred to as 'Shiny Hunters' started advertising on the dark web data stolen in several fresh data breaches, including information claimed to have been stolen from Home Chef.At the time, the hac

Hackers claim to have obtained more than 200 GB of archived data from Australian transportation and logistics giant Toll, and they have already started leaking it after the company refused to pay a ransom.Toll admitted earlier this month that it was hit by ransomware for the second time this year. The company initially said that the attack, which involved Ne

The source code of the GhostDNS exploit kit (EK) has been obtained and analyzed by researchers. GhostDNS is used to compromise a wide range of routers to facilitate phishing -- perhaps more accurately, pharming -- for banking credentials. Target routers are mostly, but not solely, located in Latin America.The source code used in a GhostDNS campaign was obtai

Facebook on Thursday said that its Messenger app will be watching behind the scenes for scammers using the smartphone communication system.Safety notices will pop up in Messenger text chats if activity taking place in the background is deemed suspicious by artificial intelligence software, according to director of privacy and safety product management Jay Su

Malicious actors targeting a zero-day vulnerability in Sophos XG Firewall appliances last month attempted to deploy ransomware after Sophos started taking measures to neutralize the attack.In the incident, which Sophos refers to as Asnarök, adversaries targeted a previously unknown SQL injection vulnerability to insert a one-line command and download a Linux

Some Florida residents who have made unemployment claims may have had personal data stolen, officials said Thursday.The Florida Department of Economic Opportunity has notified 98 people who were part of a data breach associated with unemployment claims, agency spokeswoman Paige Landrum said in an email. Officials didn’t say when the breach occurred, how many

Verizon this week published its 2020 Data Breach Investigation Report (DBIR). The report is based on insights from thousands of incidents and it’s more detailed and more thorough than ever.The report covers threat actors, including their activities and their tools, an analysis of the targeted industries, and a regional analysis.According to Verizon, malware

The Ragnar Locker ransomware has been deploying a full virtual machine to ensure that it can evade detection, Sophos reveals.The cybercriminals behind Ragnar Locker use various exploits or target Remote Desktop Protocol (RDP) connections to compromise networks, and also steal data from targeted networks prior to deploying the ransomware, to entice victims to

Web security company ImmuniWeb this week announced a free tool that allows businesses and government organizations to check their dark web exposure.Integrated into ImmuniWeb’s Domain Security Test, the new feature provides organizations of all types with the option to check their current exposure by simply entering their main website URL.ImmuniWeb, which say

Have you been missing something amid the lockdowns and stay-at-home orders? No, not human contact. Not even toilet paper.Robocalls.Industry experts say robocalls are way down — scam calls as well as nagging from your credit-card company to pay your bill. The coronavirus pandemic has inflicted millions of job losses, and scammers have not been immune.YouMail,

Verizon’s 2020 DBIR is out, you can download a copy or peruse their publication online. Kaspersky was a contributor once again, and we are happy to provide generalized incident data from our unique and objective research. We have contributed to this project and others like it for years now. This year’s ~120 page report analyses data from us and

In recent years, the “Dark Web” has become mainstream. In the past, this collection of forums, chat rooms, marketplaces and tools populated by cybercriminals and other types of threat actors, used to be known mainly to law enforcement agents, security professionals and fraud teams, who were responsible of protecting organizations from the threats that emanat

A recently identified cyber-espionage framework is capable of collecting and exfiltrating sensitive information even from air-gapped networks, ESET reports.Dubbed Ramsay, the framework appears to be in the development stage, with its operators still working on refining delivery vectors. Visibility of victims is low, either because the framework hasn’t enjoye

An unknown threat actor, possibly Chinese, has been targeting high-profile organizations in Central Asia with a mix of commodity malware and previously unknown backdoors. Coding similarities suggest a possible link with multiple campaigns over several years.Researchers from Avast started monitoring and analyzing central Asian APT activity back in September 2

A threat actor believed to be operating out of China has been targeting physically isolated military networks in Taiwan and the Philippines, Trend Micro reports.Tracked as Tropic Trooper and KeyBoy, and active since at least 2011, the threat actor is known for the targeting of government, military, healthcare, transportation, and high-tech industries in Taiw