Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

In Other News: Apple’s Spyware Warning, CDK Global Ransom Payment, Sibanye Cyberattack

Noteworthy stories that might have slipped under the radar: Apple’s spyware warning, CDK Global’s ransom payment, Platinum giant Sibanye hit by cyberattack.

Cybersecurity News tidbits

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:  

Apple issues fresh spyware warning to iPhone users

Apple has issued a fresh round of notifications to iPhone users in 98 countries, to warn them of potential mercenary spyware attacks. The tech giant, which has been regularly sending such notifications over the past three years, informed users that it has seen attempts of remote compromise of devices associated with the users’ Apple IDs, TechCrunch says

Dallas County discloses data breach impacting 200,000 individuals

Dallas County, Texas, this week notified over 200,000 individuals that their personal information was compromised in an October 2023 data breach. Names, dates of birth, Social Security numbers, driver’s license/state identification numbers, taxpayer identification numbers, and certain types of medical information were compromised, the county said.

Advertisement. Scroll to continue reading.

Snowflake enables admins to enforce mandatory MFA

Following the recent campaign that hit over 165 Snowflake customers that did not have multi-factor authentication (MFA) enabled for their accounts, the cloud services provider this week announced that administrators can now enforce mandatory MFA for all users in a Snowflake account. 

Platinum giant Sibanye hit by cyberattack

Precious metals producer Sibanye-Stillwater disclosed limited disruptions to its global operations caused by a cyberattack on its IT system. The company said its core mining and processing business was operating normally, and that it isolated the impacted systems to protect its data, which suggests that ransomware might have been involved. 

Nasuni announces majority investment at $1.2 billion valuation

Enterprise data platform Nasuni this week announced a strategic growth investment led by Vista Equity Partners, with additional support from KKR and TCV. The funding values Nasuni at roughly $1.2 billion. Further details on the transaction were not disclosed.

FBCS data breach impact grows to 4 million individuals

More than 4 million individuals were affected by a data breach at debt collection agency Financial Business and Consumer Solutions (FBCS), the company said in an updated regulatory filing. The incident occurred in February and resulted in names, Social Security numbers, driver’s license numbers, and other personal information being compromised. In April, the company said that 1.9 million individuals were affected, but has updated the estimate four times. 

Google enables passkey support for APP users

Google this week announced that users enrolled in its Advanced Protection Program (APP) can now use passkeys to secure their accounts. Offering the strongest protections against phishing, malware, and other types of threats, APP has been designed for individuals at high risk of cyberattacks, including journalists, officials, political campaign staff, and human rights workers.

North Korean hackers targeting Japanese organizations 

One week after ASEC reported on North Korean Andariel hackers (a subgroup of Lazarus) targeting a Korean ERP solution to compromise a company’s systems, JPCERT/CC said the North Korea-linked APT Kimsuky targeted Japanese organizations in March 2024 to steal information and deploy a keylogger. 

Japan Aerospace Exploration Agency discloses data breach

The Japan Aerospace Exploration Agency (JAXA) has revealed that personal information of employees and other data was compromised in an October 2023 cyberattack. The investigation into the incident has revealed unauthorized access to its Microsoft 365 services and to VPN devices. 

CDK Global pays $25 million to end nation-wide outage

Car dealership software provider CDK Global reportedly paid a $25 million ransom to put an end to system disruptions that impacted car dealerships across the US starting June 19. A 387 bitcoin (~$25 million) transaction made to the cryptocurrency account of a BlackSuit ransomware affiliate is believed to be the ransom payment.

Legal support services company leaks 39 million records

Legal support services company Rapid Legal left a 38TB database containing 38,648,733 records accessible from the internet without securing it with a password. The database containing legal documents, court filings, and other information, was linked to a second repository, belonging to Legal Connect, which contained 89,745 records. Both databases have been secured after the two organizations were notified of the mishap. 

Leaked access token provided access to Python and PyPI GitHub repositories

JFrog details how an access token leaked in a public Docker container hosted on Docker Hub provided administrator access to the GitHub repositories for Python, PyPI and Python Software Foundation. After being notified of the exposure, the PyPI revoked the token within minutes. 

Related: In Other News: Microsoft Details ICS Flaws, Smart Grill Hacking, Predator Spyware Activity

Related: In Other News: Malware Delivered by ISP, Temu Spying, Critical Dataverse Vulnerability

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.