loading..

Product

Our Product

We are Reshaping the way companies find and fix critical vulnerabilities before they can be exploited.

loading..

Threatspy

Solutions

By Industry

Health Care

Education

IT & Telecom

By Role

Government

CISO/CTO

DevSecops

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

loading..

Threat Feeds

loading..

Threat Research

loading..

White Paper

loading..

SB Blogs

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..

Our Story

loading..

Our Team

loading..

Careers

Press & Media

loading..

Contact Us
loading..
loading..

Request Demo

loading..

By submitting this form, you agree to our Subscription Agreement and Legal Policies.

background
background
loading..
loading..
loading..
Loading...

Riot

Ransomware

Hack

loading..
loading..
loading..

Riot Games Faces $10 Million Ransom Demand from Hackers Source Code Stolen!

Riot Games, developer of popular games League of Legends and Valorant, faces a $10 million ransom demand from hackers who stole source code in a security breach...

loading..
  25-Jan-2023
loading..
 3 min read

Related Articles

loading..

DataWiper

Sandworm

Ukraine

Sandworm hackers strike again! Ukraine's national news agency targeted with a de...

A recent cybersecurity incident in Ukraine has brought to light the deployment of a cocktail of five different data-wiping malware strains on the network of the country's national news agency, Ukrinform. The Ukrainian Computer Emergency Response Team (CERT-UA) discovered the attack on January 17th, and as of January 27th, five samples of malicious programs were identified. These programs aimed to violate the integrity and availability of information by writing files and disks with zero bytes or arbitrary data, before subsequently deleting them. The list of destructive malware used in the attack includes CaddyWiper (Windows), ZeroWipe (Windows), SDelete (Windows), AwfulShred (Linux), and BidSwipe (FreeBSD). Notably, two of the five strains, ZeroWipe and BidSwipe, are either new malware or are tracked by the Ukrainians under different names than those used by anti-malware vendors. Further investigation by CERT-UA revealed that the attackers had gained remote access to Ukrinform's network around December 7th, and waited over a month to launch the malware cocktail. However, their attempt to wipe out all the data on the news agency's systems was unsuccessful, as the wipers only managed to destroy files on a limited number of data storage systems, which did not impact Ukrinform's operations. CERT-UA has linked the attack to the Sandworm threat group, a hacking outfit that is believed to be part of the Russian Military Unit 74455 of the Main Intelligence Directorate (GRU). Sandworm has previously been linked to other cyberattacks targeting Ukrainian targets, including a failed attempt in April to target a large Ukrainian energy provider using a similar tactic of deploying the CaddyWiper data wiper to erase traces left by Industroyer ICS malware. Since Russia invaded Ukraine in February 2022, multiple strains of data-wiping malware have been deployed on the networks of Ukrainian targets, including DoubleZero, HermeticWiper, IsaacWiper, WhisperKill, WhisperGate, and AcidRain. Furthermore, Microsoft and Slovak software company ESET have also linked recent ransomware attacks targeting Ukraine to the Sandworm hacking group.

loading..
  28-Jan-2023
loading..
  2 min read
loading..

Cloud

Appsec

Hack

Uncover the shocking truth behind the TSA No-Fly List snafu and the risks of usi...

Recently, a hacker discovered a list of 1.5 million individuals on TSA's no-fly list on an internet-exposed server belonging to CommuteAir. This Ohio-based airline company supports United Airlines operations on regional flights. This incident highlights the risky practice of using production data and sensitive information in development environments. The TSA list, which was [discovered](https://www.tsa.gov/travel/passenger-support/travel-redress-program#:~:text=TSA%20is%20among%20the%20U.S.,and%20over%20the%20United%20States) by Swiss hacker _"Maia arson crimew"_ on a Jenkins open source automation server, contained the names of more than 1.5 million individuals that the US government has barred from flying due to security concerns. The list is made available to airlines worldwide to screen passengers intending to fly from, to, or over the US. Erik Kane, corporate communications manager at CommuteAir, described the leak as resulting from a misconfigured development server. However, security experts have long warned about the dangers of using production data in development and testing environments. Quality assurance teams and developers often use raw production data when testing, developing, or staging apps because it is faster and more cost-effective than test data. However, development and test environments typically lack the security controls in a live, production setting. This can lead to over-permissions, lack of network segmentation, poor patch management, and a general lack of awareness of data-privacy requirements. Many organizations have taken additional precautions, such as masking, obfuscating, or encrypting sensitive and live production data before using it for testing or development. However, the practice of using raw production data and sensitive information in development and test settings continues to be quite rampant, according to security experts. Patrick Tiquet, vice president of security and architecture at Keeper Security, advocates that organizations avoid using production data in non-production environments, no matter how benign the data might appear. He notes that exposing sensitive data can not only open an organization to litigation or government-related trouble depending on the data, but it can also lead to an erosion of customer trust. The incident of [TSA No-Fly List Snafu](https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/) highlights the risk of keeping sensitive data in Dev Environments. Organizations that permit the practice must recognize that many data-privacy regulations require covered entities to apply specific controls for protecting sensitive data, regardless of where it might exist in the environment or how it is used. Using production data in a development environment could violate those requirements, and the security teams need to be included in the setup and continuous management of DevOps servers.

loading..
  27-Jan-2023
loading..
  3 min read
loading..

Data Breach

Zack

Investment

Hackers breached Zacks Investment Research and gained access to personal informa...

Zacks Investment Research, a company founded in 1978 that helps investors with stock buying decisions using advanced financial data analytics algorithms, recently suffered a data breach that affected 820,000 customers. The incident occurred between November 2021 and August 2022, but it was not discovered until the end of last year. The investigation revealed that a threat actor had gained unauthorized access to the company's network and customer records, including full names, addresses, phone numbers, email addresses, and user passwords for the Zacks.com website. The type of information exposed in this data breach can be valuable for phishing actors and scammers, as it can be used to access Zacks accounts and any additional information stored on them. However, the company clarified that the incident only impacted customers of the Zacks Elite product who joined between November 1999 and February 2005, and that there is no evidence that financial data was exposed. After discovering the breach, Zacks initiated a password reset procedure for compromised accounts and implemented additional security measures on the network. The company is also working with an external cybersecurity specialist to develop and install more protection systems in the future. It's important for customers who were impacted by this incident to remain vigilant against incoming communications, as scammers can now use their personal information to conduct phishing attacks. Additionally, those using SMS-based 2FA to secure online investment accounts should switch to a different phone number or 2FA method, as the exposed data can be leveraged by SIM swappers to port the numbers on clone cards and take control of the protected accounts. It's also worth mentioning that this [data breach](http://www.documentcloud.org/documents/23586688-1-24-2023-maine-sample-notice?responsive=1&title=1) highlights the importance of monitoring and securing sensitive data, especially for companies that deal with financial information. As data breaches continue to occur at an alarming rate, companies should take proactive steps to protect their networks and customer data, such as implementing robust security measures, conducting regular security audits, and providing employee training on cybersecurity best practices. Furthermore, companies should also consider implementing a incident response plan, which is a set of procedures and guidelines for identifying, responding, and reporting data breaches. This will enable them to quickly detect and respond to security incidents, minimize the damage caused, and ensure compliance with relevant regulations.

loading..
  26-Jan-2023
loading..
  2 min read