HP breach, API study, Ukraine attacks: crucial cyber security concerns

January 26, 2024
1 min read

TLDR: Hewlett Packard breach, exposed API study, Ukraine infrastructure attacks

Hewlett Packard Enterprise (HPE) has been attacked by the alleged Russia-linked cyberespionage group Midnight Blizzard through its Microsoft Office 365 email system. The attackers collected information on HPE’s cybersecurity division and had been exfiltrating data since May of last year.

A study by the API security platform Escape has revealed that over 18,000 API secrets were exposed, including $20 million worth of vulnerable Stripe tokens. These exposed secrets could lead to significant financial risks for their organizations.

Critical infrastructure companies in Ukraine, including energy, postal, and transportation services, have suffered cyberattacks. The affected companies include Naftogaz, Ukrposhta, DSBT, and Ukrzaliznytsia. The attacks have disrupted services and prevented passengers from buying train tickets online.

UK water supplier Southern Water has confirmed a breach by the Black Basta gang. Scans of passports, drivers’ licenses, HR-related material, and corporate car leasing documents related to the company were released on the gang’s Tor leak site.

A software issue with the January 2024 Play system update has caused problems for users of various Google Pixel phone models. These include the inability to access internal storage, open the camera, take screenshots, or open apps.

Experian’s 11th annual Data Breach Industry Forecast predicts increasing sophistication from threat actors, including the expansion of third-party vendor breaches to fourth, fifth, and sixth party breaches. The forecast also highlights attacks on supply chains and insider activities as potential threats.

The parcel delivery company DPD has disabled its AI-enabled chatbot after customers tricked it into making negative statements about the company and encouraging it to swear. Similar incidents have occurred in the early years of AI-chatbots.

Microsoft has launched Mesh, a mixed reality platform that allows people to gather and collaborate without requiring a VR headset. While not directly a cybersecurity story, the platform represents another step towards VR-based working environments.

Latest from Blog

Top 3 Cybersecurity Stocks for May 2024 Buy Now

TLDR: Key Points: Cybersecurity stocks are using AI to enhance their platforms Top cybersecurity stocks to buy now include Crowdstrike, Fortinet, and Palo Alto Networks Article Summary: The cybersecurity market is booming

Get Secure: Know the Basics of Cloud Security Fundamentals Now

TLDR: Cloud security fundamentals are essential for data protection, regulatory compliance, and access management in a cloud environment. Key fundamentals include identifying assets, implementing security controls, conducting risk assessments, managing user access