News

Earlier Zakharova said that the ministry had been targeted by a large-scale distributed denial-of-service attack (DDoS).

1. CrowdStrike releases root cause analysis of outage Following July's global IT outage, which affected millions of Windows users, CrowdStrike has released a root cause analysis of the "Channel File 291" incident, explaining the software update crash. Summarizing this update to a preliminary post-incident report, Security Week said: "The new CrowdStrike root cause analysis documents a combination of factors that caused the Falcon EDR sensor crash – a mismatch between inputs validated by a Content Validator and those provided to a Content Interpreter, an out-of-bounds read issue in the Content Interpreter, and the absence of a specific test – and a vow to work with Microsoft on secure and reliable access to the Windows kernel." In the analysis document, CrowdStrike confirmed its commitment "to working directly with Microsoft on an ongoing basis as Windows continues to add more support for security product needs in userspace”. 2. US infrastructure vulnerable to cyberattacks, experts warn Hundreds of digital systems controlling US infrastructure are vulnerable to cyberattacks, according to research by cybersecurity firm Censys, shared with Bloomberg News. Over 430 industrial software controls were found to be accessible online, with more than half lacking authentication protections. Lead researcher Emily Austin stated, "There’s no password. They are quite literally sitting on the public internet for anybody who happens to find them to come and manipulate them as they will." A graphic showing the number of worldwide political cyber attacks aimed at different sectors.

Alexander “Connor” Moucka was arrested this week by Canadian authorities for allegedly carrying out a series of hacks that targeted Snowflake’s cloud customers. His next stop may be a US jail.

MILAN, Nov 5 (Reuters) - Italy's data protection authority said on Tuesday Intesa Sanpaolo (ISP.MI), opens new tab had underestimated the seriousness of a data breach incident involving thousands of customers, widely reported to include Prime Minister Giorgia Meloni. Last month, the authority asked the bank to provide clarification over the case involving an Intesa employee who allegedly accessed the data of about 3,500 clients. Intesa said in a statement that further checks had shown the number of customers affected was "significantly lower than previously reported in the media".

U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israel's participation in the sporting event.

Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It's a chilling reality, becoming more common and concerning by the day.

Cybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing (aka vishing) techniques to trick users into parting with their personal information.

Microsoft has warned of an ongoing infostealing campaign from notorious Russian APT group Midnight Blizzard (aka APT29, CozyBear) in which thousands of targets were sent spear phishing emails.

A new vulnerability discovered in Apple’s latest iOS, 12.0.1, released last week, allows an attacker with physical access to an iPhone entry into photos on a locked phone, according to Jose Rodriguez, a Spanish security researcher.

Apple has released security patches for 90 of its services and operating systems, fixing some critical vulnerabilities.