Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Breaches. Show all posts
Hacker attack
Breaches Critical Infrastructure critical infrastructure attack Cyber Attacks Cyberhackers data security F5 Security Hacker attack

Nation-State Hackers Breach F5 Networks, Exposing Thousands of Government and Corporate Systems to Imminent Threat

 

Thousands of networks operated by the U.S. government and Fortune 500 companies are facing an “imminent threat” of cyber intrusion after a major breach at Seattle-based software maker F5 Networks, the federal government warned on Wednesday. The company, known for its BIG-IP networking appliances, confirmed that a nation-state hacking group had infiltrated its systems in what it described as a “sophisticated, long-term intrusion.” 

According to F5, the attackers gained control of the network segment used to develop and distribute updates for its BIG-IP line—a critical infrastructure tool used by 48 of the world’s top 50 corporations. During their time inside F5’s systems, the hackers accessed proprietary source code, documentation of unpatched vulnerabilities, and customer configuration data. Such access provides attackers with an extraordinary understanding of the product’s architecture and weaknesses, raising serious concerns about potential supply-chain attacks targeting thousands of networks worldwide. 

Security analysts suggest that control of F5’s build environment could allow adversaries to manipulate software updates or exploit unpatched flaws within BIG-IP devices. These appliances often sit at the edge of networks, acting as load balancers, firewalls, and encryption gateways—meaning a compromise could provide a direct pathway into sensitive systems. The stolen configuration data also increases the likelihood that hackers could exploit credentials or internal settings for deeper infiltration. 

Despite the severity of the breach, F5 stated that investigations by multiple cybersecurity firms, including IOActive, NCC Group, Mandiant, and CrowdStrike, have not found evidence of tampering within its source code or build pipeline. The assessments further confirmed that no critical vulnerabilities were introduced and no customer or financial data was exfiltrated from F5’s internal systems. However, experts caution that the attackers’ deep access and stolen intelligence could still enable future targeted exploits. 

In response, F5 has issued updates for its BIG-IP, F5OS, BIG-IQ, and APM products and rotated its signing certificates to secure its software distribution process. The company has also provided a threat-hunting guide to assist customers in detecting potential compromise indicators. 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning that the breach “poses an unacceptable risk” to federal networks. Agencies using F5 appliances have been ordered to inventory all affected devices, install the latest patches, and follow the company’s threat-hunting protocols. Similarly, the UK’s National Cyber Security Centre (NCSC) has released guidance urging organizations to update their systems immediately. 

While no supply-chain compromise has yet been confirmed, the breach of a vendor as deeply embedded in global enterprise networks as F5 underscores the growing risk of nation-state infiltration in critical infrastructure software. As investigations continue, security officials are urging both government and private organizations to take swift action to mitigate potential downstream threats.
Read more »
IT Industry
Automakers Automotive Industry Breaches Cyber Attacks Cyber Breaches Cyberattacks IT incident IT Industry

Automakers Face Surge in Cyberattacks as Jaguar Land Rover and Renault Recover from Major Breaches

 

Cybersecurity experts have warned that global automakers are likely to face an increasing wave of cyberattacks, as recent incidents continue to disrupt operations at leading manufacturers. The warning follows a series of high-profile breaches, including a major cyberattack on Jaguar Land Rover (JLR), which remains one of the most significant security incidents to hit the automotive industry in recent years. 

Jaguar Land Rover suffered a severe cyberattack at the end of August, forcing the company to shut down its IT systems and suspend production across multiple facilities. The disruption caused widespread operational chaos, but JLR recently confirmed it has begun a phased restart of production at its Electric Propulsion Manufacturing Centre (EPMC) and Battery Assembly Centre (BAC) in the West Midlands. The automaker plans to expand the restart to other key sites, including Castle Bromwich, Halewood, Solihull, and its manufacturing facility in Nitra, Slovakia. 

JLR CEO Adrian Mardell expressed gratitude to employees for their efforts during the recovery, stating, "We know there is much more to do, but our recovery is firmly underway." However, the company remains cautious as it works to fully restore systems and strengthen security controls. 

French automaker Renault also confirmed that one of its third-party data processing providers had been targeted in a separate cyberattack, compromising customer information such as names, addresses, dates of birth, gender, phone numbers, vehicle registration details, and VIN numbers. While Renault clarified that no financial or password data was accessed, the company has begun notifying affected customers and advising them to be wary of phishing attempts or fraudulent communications.  
Ignas Valancius, head of engineering at cybersecurity firm NordPass, warned that cybercriminals often exploit such incidents to impersonate company representatives, lawyers, or even law enforcement to extract additional personal or financial data. He emphasized the growing sophistication of social engineering attacks, noting that scammers may pose as attorneys offering to help victims claim compensation, only to defraud them further. 

The automotive sector's vulnerability has become increasingly evident in 2025, with luxury manufacturers frequently targeted by ransomware and data theft operations. In addition to JLR and Renault, other global brands have reported breaches. 

Meanwhile, Swedish HR software provider Miljödata suffered a breach that compromised the personal information of Volvo North America employees, and Stellantis confirmed unauthorized access to its customer contact database via a third-party provider. Valancius highlighted that cybercriminals appear to be deliberately targeting luxury brands, seeking to exploit their association with high-net-worth clientele. "It seems that luxury brands have been prime targets for hacker groups in 2025," he said, adding that these incidents could lead to more sophisticated spear-phishing campaigns and targeted extortion attempts. 

As automakers increasingly rely on digital systems, connected vehicles, and cloud-based infrastructure, experts stress that robust cybersecurity measures and third-party risk management are now essential to safeguard both company data and customer privacy. The recent breaches serve as a stark reminder that the automotive industry's digital transformation has also made it a lucrative target for global cybercriminal networks.
Read more »
TPG
Australia Bank Credentials Breaches Dara Breach phishing Sensitive data Telecom TPG

Aussie Telecom Breach Raises Alarm Over Customer Data Safety

 




A recent cyberattack on TPG Telecom has reignited concerns about how safe personal information really is in the hands of major companies. What the provider initially downplayed as a “limited” incident has in fact left hundreds of thousands of customers vulnerable to online scams.

The intrusion was uncovered on August 16, when unusual activity was detected in the systems of iiNet, one of TPG’s subsidiary brands. Hackers were able to get inside by misusing stolen employee logins, which granted access to iiNet’s order management platform. This internal tool is mainly used to handle service requests, but it contained far more sensitive data than many would expect.


Investigators now estimate that the attackers walked away with:

• Roughly 280,000 email addresses linked to iiNet accounts

• Close to 20,000 landline phone numbers

• Around 10,000 customer names, addresses, and contact details

• About 1,700 modem setup credentials


Although no banking details or government ID documents were exposed, cybersecurity experts caution that this type of information is highly valuable for criminals. Email addresses and phone numbers can be exploited to craft convincing phishing campaigns, while stolen modem passwords could give attackers the chance to install malware or hijack internet connections.

TPG has apologised for the breach and is reaching out directly to customers whose details were involved. Those not affected are also being notified for reassurance. So far, there have been no confirmed reports of the stolen records being used maliciously.

Even so, the risks are far from minor. Phishing messages that appear to come from trusted sources can lead victims to unknowingly share bank credentials, install harmful software, or hand over personal details that enable identity theft. As a result, affected customers are being urged to remain alert, treat incoming emails with suspicion, and update passwords wherever possible, especially on home modems.

The company has said it is cooperating with regulators and tightening its security protocols. But the case underlines a growing reality: personal data does not need to include credit card numbers to become a target. Seemingly routine details, when collected in bulk, can still provide criminals with the tools they need to run scams.

As cyberattacks grow more frequent, customers are left with the burden of vigilance, while companies face rising pressure to prove that “limited” breaches do not translate into large-scale risks.



Read more »
IBM Security
AI governance AI Risks AI Systems AI technology Breaches Cyber Security Data Breaches data security IBM IBM research IBM Security

Racing Ahead with AI, Companies Neglect Governance—Leading to Costly Breaches

 

Organizations are deploying AI at breakneck speed—so rapidly, in fact, that foundational safeguards like governance and access controls are being sidelined. The 2025 IBM Cost of a Data Breach Report, based on data from 600 breached companies, finds that 13% of organizations have suffered breaches involving AI systems, with 97% of those lacking basic AI access controls. IBM refers to this trend as “do‑it‑now AI adoption,” where businesses prioritize quick implementation over security. 

The consequences are stark: systems deployed without oversight are more likely to be breached—and when breaches occur, they’re more costly. One emerging danger is “shadow AI”—the widespread use of AI tools by staff without IT approval. The report reveals that organizations facing breaches linked to shadow AI incurred about $670,000 more in costs than those without such unauthorized use. 

Furthermore, 20% of surveyed organizations reported such breaches, yet only 37% had policies to manage or detect shadow AI. Despite these risks, companies that integrate AI and automation into their security operations are finding significant benefits. On average, such firms reduced breach costs by around $1.9 million and shortened incident response timelines by 80 days. 

IBM’s Vice President of Data Security, Suja Viswesan, emphasized that this mismatch between rapid AI deployment and weak security infrastructure is creating critical vulnerabilities—essentially turning AI into a high-value target for attackers. Cybercriminals are increasingly weaponizing AI as well. A notable 16% of breaches now involve attackers using AI—frequently in phishing or deepfake impersonation campaigns—illustrating that AI is both a risk and a defensive asset. 

On the cost front, global average data breach expenses have decreased slightly, falling to $4.44 million, partly due to faster containment via AI-enhanced response tools. However, U.S. breach costs soared to a record $10.22 million—underscoring how inconsistent security practices can dramatically affect financial outcomes. 

IBM calls for organizations to build governance, compliance, and security into every step of AI adoption—not after deployment. Without policies, oversight, and access controls embedded from the start, the rapid embrace of AI could compromise trust, safety, and financial stability in the long run.
Read more »
SonicWall
Breaches Cyber Security Ireland SonicWall

Fear of Blame in Cybersecurity: Irish Workers Hesitant to Report Breaches

 


Fear of Blame Hampers Cybersecurity Incident Reporting in Ireland

A recent survey conducted in Ireland highlights a concerning trend: fear of blame is preventing employees from reporting cybersecurity incidents. The study, carried out by Censuswide for IT.ie and SonicWall, collected responses from 1,000 office workers, revealing the negative impact of a blame culture on organizational cybersecurity practices.

Employees Held Accountable for Breaches

According to the findings, nearly 75% of respondents believe their employers hold staff personally responsible for cybersecurity failures. Of these, 35% reported that blame is “always” assigned to employees, while another 35% said this happens “sometimes.” This perception has created a hesitation among workers to address cyber incidents openly.

Alarmingly, almost one-third of respondents admitted to being aware of co-workers losing their jobs due to unintentional cybersecurity errors. To avoid repercussions and embarrassment, the same proportion of employees stopped reporting security breaches over the past year. The survey also highlighted discomfort in raising cybersecurity concerns with senior management, with 20% of respondents reporting unease.

This situation has had a detrimental impact on the mental health of employees:

  • About half of the workforce reported feeling stressed due to cybersecurity demands.
  • Over two-thirds stated they would consider quitting if they were blamed for a cybersecurity incident.

These findings underscore the urgent need for organizations to provide better support to employees. A significant 79% of respondents believe companies should offer mental health support for workers affected by cyberattacks. Furthermore, 60% agreed that employees should not be held personally liable for unintentional breaches, advocating for a collaborative approach to securing systems.

Recommendations for Change from Experts

Industry leaders are emphasizing the importance of fostering a blame-free culture to improve cybersecurity practices. Stuart Taylor, Northern Europe's regional director for SonicWall, stated: "This basically just casts blame on individuals, rather than on system weaknesses. Instead, it's about building an environment in which employees feel secure enough to raise issues without fear." He further added, "It is very important to build a constructive culture that motivates employees to act responsibly without fear of retribution."

A Global Perspective

This issue isn't confined to Ireland. An international survey by CyberArk revealed similar challenges, with 65% of workers bypassing cybersecurity policies. Often, this is driven by the hybrid work model, which prioritizes convenience. These findings highlight the need to balance accountability with support, rather than instilling fear among employees.

The research calls on businesses to:

  • Encourage open communication about cybersecurity incidents.
  • Focus on system improvements rather than blaming individuals.
  • Create a collaborative and supportive work environment.
  • Implement mental health support programs for affected employees.

By adopting these measures, organizations can strengthen both workplace trust and cybersecurity resilience, ensuring a safer and more productive future.

Read more »
Vendors
Breaches Clean Energy Cyber Security Energy IT Security Ransomware resilience Risks Supply Chain Vendors

Energy Sector Faces Heightened Supply Chain Risks Amid Growing Dependence on IT and Software Vendors

 

The energy industry is experiencing a sharp increase in supply chain risks, largely driven by its growing reliance on external vendors. According to a recent report, two-thirds of security breaches in this sector now originate from software and IT vendors.

The study, conducted by SecurityScorecard and KPMG, titled "A Quantitative Analysis of Cyber Risks in the U.S. Energy Supply Chain," draws attention to frequent threats, including ransomware attacks targeting traditional IT systems.

Researchers have emphasized that as the transition to cleaner energy picks up pace, and as the grid becomes more interconnected and software-reliant, vulnerabilities in the energy sector are expected to increase.

Ryan Sherstobitoff, senior vice president of threat research and intelligence at SecurityScorecard, stated, “The energy sector's rising dependence on third-party vendors exposes a significant vulnerability—its security is only as robust as its weakest link."

He added that this growing reliance on external vendors introduces considerable risks, urging the industry to strengthen cybersecurity defenses before a breach escalates into a national crisis.

The report highlighted that third-party risks account for nearly half of all breaches in the energy sector—significantly higher than the global average of 29%. Over 90% of organizations that experienced multiple breaches were attacked through third-party vendors.

Additionally, the report found that software and IT vendors were responsible for 67% of third-party breaches, while only a small number were linked to other energy companies. A notable portion of these incidents stemmed from the MOVEit file transfer software vulnerability, which was exploited by the Clop ransomware group last year.

The report also pointed out application security, DNS health, and network security as some of the most significant weaknesses in the sector.

The findings come at a time when the U.S. Department of Energy is convening with energy sector leaders to promote the Supply Chain Cybersecurity Principles, urging companies to focus on reducing risks posed by software and IT vendors, which represent the highest third-party threats.

As part of this effort, energy operators are encouraged to ensure new technology purchases are secure by incorporating initiatives like CISA’s "Secure by Design" and following the Department of Energy’s Supply Chain Cybersecurity Principles. The industry must also bolster security programs to defend against supply chain risks and geopolitical threats, especially from nation-state actors, and analyze ransomware attacks affecting foreign counterparts to improve resilience.

“The energy sector is a complex system undergoing a significant generational shift, heavily reliant on a stable supply chain," said Prasanna Govindankutty, KPMG's principal and cybersecurity leader for the U.S. sector.

He further explained that with rising geopolitical and technology-based threats, the industry is facing a level of risk exposure that could negatively impact both businesses and citizens. Organizations that can quantify these risks and implement mitigation strategies will be better equipped to navigate the energy transition.
Read more »
Security
Breaches Cyber Security Data Data Breaches data security Safety Security

Exfiltration Malware: At the Forefront of Cybersecurity Issues

 

While massive public security breaches are understandably concerning, the increase in malware designed to exfiltrate data directly from devices and browsers is a significant contributor to continued user exposure, according to SpyCloud . Last year, over 22 million unique devices were infected by malware, according to the 2023 report. 
SpyCloud recovered 721.5 million exposed credentials, roughly half of which came from botnets, tools commonly used to deploy highly accurate information-stealing malware. These infostealers allow cybercriminals to operate on a large scale, stealing valid credentials, cookies, auto-fill data, and other highly valuable information for use in targeted attacks or sale on the darknet.

“The pervasive use of infostealers is a dangerous trend because these attacks open the door for bad actors like Initial Access Brokers, who sell malware logs containing accurate authentication data to ransomware syndicates and other criminals,” said Trevor Hilligoss, Director of Security Research at SpyCloud. “Infostealers are easy, cheap, and scalable, creating a thriving underground economy with an ‘anything-as-a-service’ model to enable cybercrime. This broker-operator partnership is a lucrative business with a relatively low cost of entry.”

Critical business applications are easily accessible to cybercriminals

 Cybercriminals have doubled down and taken advantage of the economic downturn, expanding their hybrid workforce, creating ghost accounts from terminated employees, and rising outsourcing.

When employees enter corporate networks using malware-infected unmanaged or undermanaged devices, threat actors have a simple route into important company applications such as single sign-on platforms and virtual private networks.

In 2022, SpyCloud researchers recovered millions of credentials stolen from popular third-party business applications that had been impacted by malware. The data stolen from these apps, which include code repositories, customer databases, messaging platforms, and HR systems, provides bad actors with the information they need to launch damaging follow-up attacks such as ransomware.

If these credentials are not properly remediated and remain active, they will continue to pose a threat to organisations even after the malware has been removed from the device.

Organizations are oblivious to the threat of sophisticated malware-based attacks

“Organizations are overlooking the mounting threat of sophisticated malware-based attacks and the protracted business impact of infected devices. Leaders need a new approach that disrupts the flow of stolen authentication data and mitigates the ongoing threat of these exposures,” said Hilligoss.

“Collectively, we need to start thinking about protecting digital identities using a Post-Infection Remediation approach, rather than solely focusing on cleaning individual infected devices. Taking action on exposed employee data before it can be used by criminals is paramount to preventing account takeover, fraud, ransomware, and other forms of cybercrime,” concluded Hilligoss.

By resetting application credentials and invalidating session cookies syphoned by infostealer malware, security teams can supplement their traditional cyber incident response playbooks with additional steps to fully negate opportunities for ransomware and other cyberattacks.

Password hygiene remains a problem

Session hijacking enabled by stolen cookies is becoming more common: In 2022, SpyCloud researchers recovered nearly 22 billion device and session cookies. These records allow criminals to gain access to sensitive information by bypassing MFA and hijacking an active session, effectively turning bad actors into employee clones.

Users' personally identifiable information (PII) is as appealing as it has always been: In 2022, SpyCloud researchers found 8.6 billion PII assets, including 1.4 billion full names, 332 million national IDs/full social security numbers, and 67 million credit card numbers.

Despite increased cybersecurity training emphasis, password hygiene remains poor: 72% of users exposed in breaches in 2022 continued to use previously compromised passwords. SpyCloud recovered over 327,000 passwords related to artists Taylor Swift and Bad Bunny, over 261,000 passwords associated with streaming services such as Netflix and Hulu, and over 167,000 passwords related to Queen Elizabeth's death and the British royal family.

The government sector is more vulnerable to malware-infected devices than the private sector: In 2022, SpyCloud discovered 695 breaches containing.gov emails, a nearly 14% increase from 2021. Password reuse rates among government employees continue to be high, with 61% of users having more than one password exposed in the previous year.

123456, 12345678, and password are the three most commonly exposed plaintext passwords associated with government emails. Malware exfiltrated nearly 74% of exposed government credentials globally in 2022 (compared to 48.5% globally).
Read more »
Subscribe to: Comments (Atom)