FTC bans data brokers from selling Americans’ sensitive location data
Source: Bleeping Computer
The FTC has prohibited data brokers Mobilewalla and Gravy Analytics from selling Americans' sensitive location data tied to places like schools, churches, and healthcare facilities. The companies must delete existing data and products created from it. This action addresses concerns about privacy and improper usage of consumer information, including by government agencies.
Top 10 Cyber-Attacks of 2024
Source: Infosecurity Magazine
The top cyberattacks of 2024, focusing on significant incidents affecting healthcare, infrastructure, and government data. Notable examples include ransomware attacks on healthcare systems, Chinese espionage campaigns targeting critical U.S. sectors, and large-scale data breaches. These attacks emphasize the increasing sophistication of cyber threats and their widespread impact on public services and private industries.
Vodka maker Stoli files for bankruptcy in US after ransomware attack
Source: Bleeping Computer
Stoli Group's U.S. companies have filed for bankruptcy following an August ransomware attack and Russian authorities seizing the company's remaining distilleries in the country. As Chris Caldwell, the President and Global Chief Executive Officer of Stoli USA and Kentucky Owl, the two Stoli Group subsidiaries, said in a Friday filing, this comes after the August attack severely disrupted its IT systems, including its enterprise resource planning (ERP) platform.
Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability
Source: Securityweek
Cisco has warned about active exploitation of CVE-2014-2120, a cross-site scripting vulnerability in its Adaptive Security Appliance (ASA) products. The flaw allows attackers to target WebVPN users through malicious links. Despite being disclosed in 2014 with patches available, recent exploitation attempts have been linked to the Androxgh0st botnet, prompting Cisco to urge users to update affected systems immediately.
Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses
Source: The Hacker News
Cybercriminals are using corrupted ZIP and Microsoft Office files in phishing attacks to bypass email filters and antivirus software. The damaged files exploit recovery mechanisms in applications like Word and Outlook to open despite their corrupted state. These emails often promise benefits or bonuses to lure victims into opening the attachments, which can lead to malware installation or credential theft via embedded QR codes.