SK Telecom Malware Incident Targets USIM Customer Data
SK Telecom disclosed a malware attack compromising USIM card data. Attackers exploited a vulnerability in the company’s internal systems, allowing unauthorized access to sensitive customer information. The breach involved the extraction of data related to USIM cards, which are integral to mobile network authentication. SK Telecom has initiated an investigation and is collaborating with cybersecurity experts to mitigate the impact and prevent future incidents. Read more
Baltimore City Public Schools Data Breach Impacts 25,000 Individuals After Ransomware Attack
Baltimore City Public Schools experienced a ransomware attack leading to a data breach affecting 25,000 individuals. Attackers infiltrated the school’s network, encrypting critical data and demanding a ransom. The breach exposed personal information, including names and identification numbers. The school district is working with law enforcement and cybersecurity professionals to investigate the incident and enhance security measures. Read more
Imaflex Inc. Data Breach Exposes Personal and Employment Data
Imaflex Inc. reported a data breach compromising personal and employment information of its workforce. Unauthorized access to the company’s systems allowed attackers to extract sensitive data, including Social Security numbers and employment records. The breach was identified through unusual network activity, prompting an immediate investigation. Imaflex has engaged cybersecurity experts to assess the breach’s scope and implement enhanced security protocols. Read more
Google Confirms Sophisticated Phishing Attack Targeting Gmail Users Through DKIM and OAuth Abuse
Google has confirmed a sophisticated phishing campaign targeting Gmail users by exploiting DKIM and OAuth protocols. Attackers sent deceptive emails appearing to originate from legitimate sources, tricking users into granting access to malicious applications. The campaign bypassed standard security checks, leveraging OAuth tokens to access user accounts without passwords. Google has revoked affected tokens and implemented additional security measures to prevent similar attacks. Read more
Evil Corp (UNC2165): The Russian Syndicate Behind Global Cyber Chaos
Evil Corp, also known as UNC2165, is a Russian cybercrime group responsible for global cyberattacks. The syndicate employs malware like Dridex and ransomware such as BitPaymer to infiltrate systems, steal data, and extort victims. Their operations involve phishing, exploiting software vulnerabilities, and deploying malicious payloads to compromise networks. Evil Corp’s activities have led to significant financial losses and disruptions across various sectors worldwide. Read moreWIRED
Ad Fraud Operation ‘Scallywag’ Used WordPress Plugins to Generate 1.4 Billion Daily Ad Requests
The ‘Scallywag’ ad fraud operation utilized custom WordPress plugins to generate 1.4 billion fraudulent ad requests daily. By embedding malicious code into plugins like Soralink and WPSafeLink, attackers redirected traffic through ad-laden pages, monetizing visits without user consent. The scheme exploited pirated content sites, leveraging forced interactions and cloaked content to maximize ad impressions. Cybersecurity firm HUMAN identified and disrupted the network, significantly reducing its activity. Read more
Stay informed and secure. Subscribe to our newsletter for the latest cybersecurity updates.
