Title: Cybersecurity Attacks and Data Breaches Plague Tech Industry Giants
In a recent alarming revelation, bot defense software vendor Human Security has uncovered a widespread attack involving the sale of counterfeit mobile and Connected TV devices. Disturbingly, over 200 different models were found to be preloaded with the malicious Triada malware, with a startling 80% of these devices infected.
Further analysis revealed that the infected devices contained an ad fraud module called PEACHPIT, operating covertly on a botnet of approximately 121,000 Android devices and 159,000 Apple devices each day. This insidious malware remains invisible to users, allowing it to perpetrate ad fraud without detection.
Adding to the growing list of cybersecurity incidents is a data breach that has hit renowned tech giant Sony. The breach was a result of vulnerabilities in Progress Software’s MOVEit file transfer software, compromising the personal data of 6,791 US employees. This incident serves as a stark reminder of the critical importance of robust security measures in safeguarding sensitive information.
The popular command-line URL fetching tool, CURL, has recently been discovered to contain a severe vulnerability. Developer Daniel Stenberg has hurriedly released an emergency patch to address the flaw. This vulnerability affects several years’ worth of releases and involves two common vulnerabilities and exposures (CVEs), raising concerns among users.
Turning our attention to a cybersecurity attack from last year, software firm Blackbaud has agreed to pay a hefty settlement of $49.5 million. The payment comes as a result of a ransomware attack that occurred in 2020, during which personally identifiable information (PII) was stolen from more than 13,000 clients. This incident highlights the increasing financial repercussions faced by companies falling victim to cybercriminals.
Despite the efforts of international law enforcement to dismantle the Qakbot malware operation in late August, evidence suggests that the operation has resurfaced. Disturbingly, it appears to be running a ransomware campaign, posing significant threats to individuals and organizations alike.
Lastly, genetics firm 23andMe recently disclosed a credential stuffing attack resulting in the theft of both PII and genetic data. The stolen data, which reportedly includes information on over 13 million 23andMe customers, has been offered for sale by the attackers. This breach underscores the need for robust cybersecurity measures across all industries, particularly those that handle sensitive personal information.
The ongoing surge in cyberattacks and data breaches targeting major tech industry players serves as a stark reminder to prioritize and invest in robust cybersecurity measures. As criminals become increasingly sophisticated, it is crucial for organizations to stay one step ahead and ensure the safety and privacy of their customers’ data.
“Zombie enthusiast. Subtly charming travel practitioner. Webaholic. Internet expert.”