Stay ahead in the dynamic world of cybersecurity.
Here’s your concise guide to the latest trends, threats, and breakthroughs from around the globe:
International Coalition Accuses China’s APT40 of Government Network Hacking
The US, UK, Canada, Germany, Japan, New Zealand, and South Korea have joined Australia in attributing recent government network hacks to Chinese state-sponsored threat group APT40, also known as Bronze Mohawk, Gingham Typhoon, Kryptonite Panda, and Leviathan. This follows sanctions imposed in March 2024 against members of APT31.
Nokia Data Breach Exposes 7,600 Employee Records
Reports suggest that Nokia, a prominent telecommunications firm allegedly suffered a breach exposing personal information of 7,600 employees. The breach, disclosed in July 2024, was made public on a hacker forum by user ‘888’.
Ethereum Foundation Account Hacked for Phishing Campaign
A threat actor compromised the Ethereum Foundation’s mailing list account, sending phishing emails to 35,794 recipients. These emails, from the legitimate updates@blog.ethereum.org address, directed users to a malicious site aiming to drain cryptocurrency wallets.
Evolve Bank & Trust Discloses LockBit Ransomware Attack
Evolve Bank & Trust, based in Arkansas, confirmed a major breach by the LockBit ransomware group, impacting over 7.6 million customers. Data stolen from the bank was later posted on a dark web blog linked to the US Federal Reserve.
Neiman Marcus Data Breach Exposes 31 Million Email Addresses
Luxury retailer Neiman Marcus revealed a May 2024 data breach impacting 31 million customer email addresses. Initial reports to the Maine Attorney General stated only 64,472 people were affected, but further analysis by Troy Hunt of Have I Been Pwned revealed the broader scope.
Security Professionals and Unauthorized SaaS Applications
A survey by Next DLP of over 250 global security professionals highlighted widespread use of unauthorized SaaS applications despite significant risks. Concerns include data loss (65%), lack of visibility and control (62%), and data breaches (52%). Despite awareness, one in ten professionals reported actual data breaches or loss due to unauthorized tool usage.
Additionally, security professionals are cautiously managing the use of AI (GenAI) in their organizations. Half have restricted AI use to specific roles, while 16% have banned it completely. Nearly half have implemented tools and policies to regulate GenAI usage.