Nearly 32 million documents, including invoices, contracts, and agreements, were exposed online by ServiceBridge, a global field service management provider. Cybersecurity researcher Jeremiah Fowler made the discovery, reporting the unprotected database to WebsitePlanet. The database contained 31.5 million records, including sensitive business and personal information from companies around the world. The exposed database, which was not password-protected, contained 31,524,107 files with a total size of 2.68 terabytes. The files, primarily in PDF and HTML formats, were organized by year and month, dating back to 2012. The documents included contracts, work orders, invoices, proposals, and other business-related records from a diverse…
ISB Staff Reporter
Seattle-Tacoma International Airport (SEA-TAC) appears to have been targeted by a cyberattack, with critical systems experiencing widespread internet outages for the third consecutive day, according to officials from the Port of Seattle. The disruptions, which began early on Saturday, have affected several systems, including the Port of Seattle’s websites, email, and phone services. In a social media post on Saturday, the airport stated: “Earlier [Saturday] morning, the Port of Seattle experienced certain system outages indicating a possible cyberattack. By Sunday, airport officials confirmed their belief that a cyberattack is responsible for the ongoing disruption, prompting efforts to restore operations while…
Stroz Friedberg, a risk management firm under Aon, has identified a sophisticated malware strain targeting Linux systems. Dubbed “sedexp,” the malware exploits udev rules to maintain persistence and evade detection. According to researchers Zachary Reichert, Daniel Stein, and Joshua Pivirotto, “This advanced threat, active since 2022, hides in plain sight while providing attackers with reverse shell capabilities and advanced concealment tactics.” Discovery and Background The stealthy malware leverages a little-known Linux persistence technique involving udev rules. Despite being in operation for at least a couple of years, it has remained undetected, with multiple instances found in online sandboxes showing zero…
Prism Infosec, an independent cybersecurity consultancy,has introduced PULSE testing service. The service aims to help entities that may not have the resources to dedicate to a full-scale red team exercise and assess their defense capabilities against real-world threats. The company says PULSE fills the gap between penetration testing and red teaming, offering a fast and thorough testing approach to help organizations better understand their security posture. Penetration Tests are contained evaluations that assess security boundaries and controls of distinct systems that excel at the analysis of specific vulnerabilities contained to specific control planes of individual systems. In contrast, red teaming…
In Q2 2024, new ransomware groups, including PLAY, Medusa, RansomHub, INC Ransom, BlackSuit and some additional lesser-known factions, led a series of attacks that eclipsed the first quarter of this year by 16% and the second quarter of 2023 by 8%. These new threat actors emerged following the takedown of LockBit and BlackCat by international law enforcement. This was revealed by Corvus Insurance’s Q2 2024 Cyber Threat Report, called Ransomware Season Arrives Early. The report features data collected from ransomware leak sites, the report identified 1,248 ransomware victims in Q2, the second most the company has recorded in a single…
The FIDO Alliance has announced its agenda today for Authenticate 2024, the only industry conference dedicated to all aspects of user authentication. The event will be held from 14 to 16 October 2024 at the Omni La Costa Resort and Spa in Carlsbad, Calif., with virtual participation options also available. Now in its fifth year, Authenticate has become a ‘must-attend’ cybersecurity event. This year’s edition features over 100 sessions and 125 speakers from around the world, providing the latest innovations, expertise, and critical conversations for the digital identity industry, with a focus on passwordless authentication with passkeys. Authenticate is ideal for CISOs, security…
Researchers from Quarkslab have uncovered critical vulnerabilities in the latest variant of MIFARE Classic compatible cards. Despite being touted as a secure alternative, the FM11RF08S card, developed by Shanghai Fudan Microelectronics, has been found to contain a hardware backdoor, among other weaknesses. The implications of these discoveries are far-reaching. The FM11RF08S card is not limited to the Chinese market; it has been found in numerous hotels and businesses across the US, Europe, and India. Many consumers may be unaware that the MIFARE Classic cards they are using are, in fact, Fudan FM11RF08 or FM11RF08S variants. This discovery raises serious concerns…
The Qilin ransomware group, already infamous for its devastating attacks, has now been caught stealing credentials stored in Google Chrome browsers. This new tactic could amplify the chaos typically associated with ransomware breaches, spreading the impact far beyond the initial victim. This was uncovered in a recent investigation by the Sophos X-Ops team, who called it “a concerning development in the cybercrime landscape.” A New Dimension to Ransomware Attacks The Qilin ransomware group has been active for over two years, gaining notoriety for its double-extortion tactics, which involve stealing data, encrypting systems, and threatening to release or sell the stolen…
In a new twist on phishing tactics, ESET analysts have uncovered a series of sophisticated campaigns targeting mobile users by leveraging Progressive Web Applications (PWAs). This use of PWAs, which are essentially websites functioning as standalone apps, sets this phishing campaign apart. Unlike traditional phishing techniques, these attacks instruct iOS users to add the PWA to their home screens, while Android users are prompted to install a WebAPK. The key concern is that these phishing applications do not require users to approve third-party installations, bypassing typical security warnings. On Android, the phishing WebAPK even apes a legitimate Google Play installation…
A sophisticated cloud extortion campaign has compromised over 110,000 domains by exploiting misconfigured servers with exposed .env files containing Amazon Web Services (AWS) credentials. By scanning for exposed .env files on unsecured web applications, threat actors were able to obtain AWS Identity and Access Management (IAM) access keys. According to Cyble’s threat intelligence platform, these .env exposures might be more prevalent than anticipated. The platform has detected nearly 1.5 million publicly exposed .env files since January 2024, indicating a systemic issue. From the 110,000 domains, the attackers managed to extract over 90,000 unique variables from the compromised .env files, with…