Ransomware in Costa Rica. Cyberespionage against unpatched FortiOS instances. Credential stuffing PayPal, breaching T-Mobile. Utility business systems hit. Hackathons and phishing in Russia.
Ransomware hits Costa Rican government systems, again. A Chinese threat actor deploys the BOLDMOVE backdoor against unpatched FortiOS. Credential stuffing afflicts PayPal users. T-Mobile discloses a data breach. A cyberattack hits a remote Canadian utility. The Wagner Group sponsors a hackathon. Malek Ben Salem from Accenture describes prompt injection for chatbots. Our guest is Paul Martini of iboss with insights on Zero Trust. And the FSB’s Gamaredon APT runs a hands-on Telegraph phishing campaign against Ukrainian targets.
Attackers Crafted Custom Malware for Fortinet Zero-Day (Dark Reading)
PayPal accounts breached in large-scale credential stuffing attack (BleepingComputer)
PayPal Confirms Over 34,000 Customer Accounts Were Breached (EcommerceBytes)
Nearly 35,000 PayPal users had SSNs, tax info leaked during December cyberattack (The Record from Recorded Future News)
T-Mobile Says Hackers Stole Data on About 37 Million Customers (Wall Street Journal)
Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram (The Hacker News)
Hitachi Energy PCU400 (CISA)