Grindr trespass

Sale of Grindr Data Illuminates Privacy Blindspots

Was anyone truly shocked to learn that user data from Grindr, a social networking app for gay, bi, trans and queer men, had been collected and sold on ad networks for many years? Perhaps ‘disappointed’ would be a more appropriate description—disappointed not only that the data was sold but that ... Read More
Security Boulevard
GitHub Security Can Enable Digital Transformation

GitHub 2FA Push is Positive, But There’s More to Be Done

All developers contributing code on GitHub will be required to enable at least one form of two-factor authentication (2FA) by the end of next year, with the site well into its efforts to move developers over in cohorts every few months. “We believe that our unique position as the home ... Read More
Security Boulevard
TLStorm CCPA

TLStorm 2.0 Flaws Leave Aruba, Avaya Switches Vulnerable

A handful of vulnerabilities in the implementation of TLS communications in Aruba and Avaya switches extend TLStorm flaws first discovered in March to millions of enterprise-grade network infrastructure devices. By exploiting these latest five vulnerabilities, miscreants can take over Smart-UPS devices via the internet without the benefit of user interaction, ... Read More
Security Boulevard
Stormous Ransomware

Stormous Claims Credit for Ransomware Attack on Coca-Cola

Whether a ransomware attack at beverage giant Coca-Cola in Brazil by the ransomware group Stormous is one in a cascade of attacks by Russian-affiliated threat actors against western organizations or whether it’s simply emblematic of the ransomware plague currently sweeping the world remains to be seen. “Time will tell if ... Read More
Security Boulevard
vulnerabilities pipedream supply chains CI/CD pipeline dev environment Linux

Gov’t Advisory Warns of Pipedream Malware Aimed at ICS

The U.S. government this week tried to get ahead of possible attacks on industrial control systems (ICS), particularly in the energy sector, via the recently discovered Pipedream malware, a modular ICS attack framework that is equally dangerous to industrial software like Omron and Schneider Electric controllers and industrial technologies like ... Read More
Security Boulevard
panasonic nvidia ransomware XDR ransom ProxyLogon Black Kingdom Egregor

Attack on Panasonic Canada Shows Conti is Still Dangerous

While the details remain sparse, Panasonic suffered another breach just six months after a high-profile attack—this time at Panasonic Canada. The Conti ransomware gang said it was behind the February attack that resulted in the theft of more than 2.8GB of data. The ransomware group posted what appeared to be ... Read More
Security Boulevard
Strontium cyberwarfare counter-drone The Legality of Waging War in Cyberspace

Microsoft Takes Down Russia’s Strontium Allies Attacking Ukraine

Need additional evidence that private organizations are playing a defining role in curbing and preventing nation-state cyberattacks? Just look at the actions Microsoft recently took to disrupt Russian GRU-connected Strontium’s attacks on Ukrainian targets. Tom Burt, Microsoft corporate vice president of customer service, wrote in a blog post that the ... Read More
Security Boulevard
RAT Borat Trojan Kazakhstan

Borat RAT: Funny Name, Serious Threat

It may be named after a popular, irreverent mockumentary, but the new Borat remote access trojan (RAT), a malware strain recently spotted in the wild, is a serious threat to organizations. The versatile Borat, now available on the darknet, not only deploys ransomware but features DDoS attacks and UAC bypass ... Read More
Security Boulevard
Spring4Shell flaws vulnerabilities WhiteSource Python

Another Log4Shell? Not Quite-But Spring4Shell is Serious

As more details emerge on a Spring4Shell, a recently discovered remote code execution (RCE) flaw affecting Spring Framework, security researchers are urging affected users to immediately implement a patch issued by Spring. Spring’s popularity among Java frameworks rivals that of Struts, Sonatype Field CTO Ikka Turunen said, and the vulnerability ... Read More
Security Boulevard
Nestlé hacker ransomware breach malware

Anonymous Claimed Data Leak to Force Nestlé Out of Russia

Multinational companies around the world voluntarily pulled their business out of Russia after president Vladimir Putin launched an unprovoked invasion of Ukraine, but the hacker group Anonymous is determined to give any stragglers a nudge. The hacktivist group recently leaked data, emails and passwords of food giant Nestlé’s customers and ... Read More
Security Boulevard