U.S. officials have accused Beijing-linked threat actors of orchestrating one of the largest attack campaigns in the history of the country that affected thousands of enterprise email servers. A hacker group allegedly exploited a zero-day flaw to steal internal data at Saudi Arabia's state oil and gas firm. Learn how a recent security incident allowed people to alter their coronavirus test results or proof of vaccination. Keep reading for trending cybersecurity updates from the weekend.
01
The U.S. and its allies confirmed that the massive campaign against Microsoft Exchange email servers was carried out by hackers working with China’s Ministry of State Security.
02
Threat actor group ZeroX allegedly swindled 1TB of proprietary data of Saudi Aramco and offered it for sale on the dark web at a negotiable price of $5 million.
03
RansomEXX threat actors disrupted business operations, including customer care and online payment, at Ecuador's state-run telecom provider, Corporación Nacional de Telecomunicación.
04
Artwork Archive inadvertently leaked over 420GB of sensitive customer information via a misconfigured Amazon S3 bucket that contained over 200,000 files.
05
Israeli company NSO Group’s Pegasus spyware was used in attempted and successful hacks of hundreds of smartphones belonging to journalists, activists, business executives, and others, worldwide.
06
U.S. law firm Campbell Conroy & O’Neil, P.C revealed that ransomware actors potentially stole confidential information, such as financial data, medical and insurance data, and even credentials in a February breach.
07
Virginia Tech reportedly survived two ransomware attacks in the past few months with little apprehensions of any data leak. The latest incident is related to the Kaseya VSA breach.
08
A security snafu at Testcoronanu blurted out the personal data of about 60,000 people who underwent a coronavirus test. It was also possible for anyone to modify their own Covid vaccination or test certificate results.
09
Security researchers uncovered local privilege escalation bugs in Windows Print Spooler. The discovery came days after the CISA issued a warning to patch the PrintNightmare flaw.
10
OPSWAT, a critical infrastructure protection firm, acquired all assets of Bayshore Networks, a provider of active industrial cybersecurity protection solutions.
