#maritime-cybersecurity
#maritime-cybersecurity

17 hours ago

EU data protection

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

EU data protection

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

fromTNW | Eu

14 hours ago

Information security

European Commission breached after hackers poisoned open-source security tool Trivy

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.

2 weeks ago

Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck

Law enforcement dismantled major botnets while new vulnerabilities and privacy issues in tech continue to emerge, raising concerns over security.

15 hours ago

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Mikko Hyppönen emphasizes the invisible nature of cybersecurity work, comparing it to Tetris where successes vanish and failures accumulate.

EU data protection

17 hours ago

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.

EU data protection

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.

fromTNW | Eu

14 hours ago

European Commission breached after hackers poisoned open-source security tool Trivy

A major data breach at the European Commission was caused by TeamPCP exploiting a supply chain attack on the Trivy security tool.

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.

2 weeks ago

Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck

Law enforcement dismantled major botnets while new vulnerabilities and privacy issues in tech continue to emerge, raising concerns over security.

more#cybersecurity

#strait-of-hormuz

France news

French-owned container ship transits Hormuz Strait in first since Iran war

UK-led coalition of 40 countries vows action on Hormuz Strait gridlock

British PM Keir Starmer emphasizes diplomatic solutions to reopen the Strait of Hormuz amid tensions from Iran's actions against commercial shipping.

fromThe Local France

France news

Container ship declaring French ownership passes through Hormuz strait

UK to host virtual summit on Strait of Hormuz

International efforts are underway to reopen the Strait of Hormuz amid rising tensions and energy price disruptions.

France news

French-owned container ship transits Hormuz Strait in first since Iran war

UK-led coalition of 40 countries vows action on Hormuz Strait gridlock

British PM Keir Starmer emphasizes diplomatic solutions to reopen the Strait of Hormuz amid tensions from Iran's actions against commercial shipping.

fromThe Local France

France news

Container ship declaring French ownership passes through Hormuz strait

UK to host virtual summit on Strait of Hormuz

International efforts are underway to reopen the Strait of Hormuz amid rising tensions and energy price disruptions.

more#strait-of-hormuz

Science

fromFast Company

The Navy brought a retired laser weapon back for a new drone fight

The U.S. Navy has revived a high-energy laser weapon for military exercises, enhancing capabilities against asymmetric threats.

ICE says it bought Paragon's spyware to use in drug trafficking cases | TechCrunch

ICE has utilized spyware from Paragon Solutions to combat drug trafficking and foreign terrorist organizations' use of encrypted communications.

US politics

fromSilicon Canals

ICE confirms it deployed Paragon spyware inside the United States for drug trafficking cases - Silicon Canals

ICE is using commercial spyware domestically, raising constitutional concerns about warrantless surveillance and lack of oversight.

US politics

ICE says it bought Paragon's spyware to use in drug trafficking cases | TechCrunch

ICE has utilized spyware from Paragon Solutions to combat drug trafficking and foreign terrorist organizations' use of encrypted communications.

US politics

fromSilicon Canals

ICE confirms it deployed Paragon spyware inside the United States for drug trafficking cases - Silicon Canals

ICE is using commercial spyware domestically, raising constitutional concerns about warrantless surveillance and lack of oversight.

more#ice

fromFuturism

Delivery Robot Companies in Trouble as Bot Become Targets for Vandalism

Out of the company's first 80,000 deliveries the bots finished on campus, about 1,600 involved incidents of vandalism. At a cost of $2,500 per Kiwibot, the damage adds up quick.

London startup

#journalism

Trump mocked Royal Navy's old' warships. But the reality is far different

The Independent provides critical journalism on key issues without paywalls, emphasizing the importance of accessible reporting.

Royal Navy fits ship with minehunting drones ahead of possible Hormuz deployment

The Independent provides critical journalism on key issues without paywalls, relying on donations to support its reporting efforts.

Trump mocked Royal Navy's old' warships. But the reality is far different

The Independent provides critical journalism on key issues without paywalls, emphasizing the importance of accessible reporting.

Royal Navy fits ship with minehunting drones ahead of possible Hormuz deployment

The Independent provides critical journalism on key issues without paywalls, relying on donations to support its reporting efforts.

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

fromBleepingComputer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

fromBleepingComputer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

Is the U.S. Navy ready to clear sea mines in the Persian Gulf?

Iran threatens to mine the Strait of Hormuz, prompting U.S. Navy preparations for mine-clearing operations.

fromAxios

Cyber warfare starts to get personal in war between U.S., Israel and Iran

Iran-linked hackers are using data leaks and intimidation tactics against individuals to influence public perception during the current conflict.

fromEngadget

Iran threatens imminent attacks on US tech companies in the Middle East

The Islamic Revolutionary Guard Corps threatens to target major US tech companies in the Middle East, urging employees to evacuate for safety.

Iran urges Houthis to prepare to attack shipping the Red Sea - London Business News | Londonlovesbusiness.com

Iran is urging Houthis to prepare for attacks on Red Sea shipping if U.S. escalates conflict with Tehran.

fromwww.npr.org

Iran hits oil tanker off Dubai as fighting continues on all fronts

Iran attacked a Kuwaiti oil tanker, but no oil spill or injuries were reported after the fire was extinguished.

fromwww.npr.org

Is the U.S. Navy ready to clear sea mines in the Persian Gulf?

Iran threatens to mine the Strait of Hormuz, prompting U.S. Navy preparations for mine-clearing operations.

fromAxios

Cyber warfare starts to get personal in war between U.S., Israel and Iran

Iran-linked hackers are using data leaks and intimidation tactics against individuals to influence public perception during the current conflict.

fromEngadget

Iran threatens imminent attacks on US tech companies in the Middle East

The Islamic Revolutionary Guard Corps threatens to target major US tech companies in the Middle East, urging employees to evacuate for safety.

Iran urges Houthis to prepare to attack shipping the Red Sea - London Business News | Londonlovesbusiness.com

Iran is urging Houthis to prepare for attacks on Red Sea shipping if U.S. escalates conflict with Tehran.

fromwww.npr.org

Iran hits oil tanker off Dubai as fighting continues on all fronts

Iran attacked a Kuwaiti oil tanker, but no oil spill or injuries were reported after the fire was extinguished.

more#iran

DevOps

fromComputerWeekly.com

How 'Wikipedia of cyber' helps SAP make sense of threat data | Computer Weekly

SAP faces significant challenges in securing enterprise data amidst a complex threat landscape and evolving compliance requirements.

UK politics

Russia's shadow fleet pass through UK waters after boarding threat

The Independent provides critical reporting on various issues, emphasizing the need for on-ground journalism and accessible news without paywalls.

#data-integrity

Data science

IT lesson from the Iran war: AI makes your data problems so much worse

AI can exacerbate existing data issues in enterprises, as demonstrated by the US military's bombing due to outdated intelligence.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Data science

IT lesson from the Iran war: AI makes your data problems so much worse

AI can exacerbate existing data issues in enterprises, as demonstrated by the US military's bombing due to outdated intelligence.

fromHarvard Business Review

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

'Ship disaster victims deserve to have story told'

The sinking of the Princess Alice in 1878 resulted in over 700 deaths, yet remains largely forgotten despite its significance in maritime safety reforms.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

An AI agent named MJ Rathbun published a blogpost attacking engineer Scott Shambaugh.

Business intelligence

fromSecuritymagazine

Beyond Locking Doors

Access control systems provide valuable data that enhances operational efficiency and decision-making beyond just security.

fromTechzine Global

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.

Roam Research

US deploys robotic uncrewed speedboats to counter Iran's attack boats - London Business News | Londonlovesbusiness.com

Robotic speedboats enhance U.S. naval operations in the Gulf, providing a cost-effective and strategic response to threats from Iran.

#royal-navy

First sea lord admits Royal Navy is not ready for war

The Royal Navy is not currently ready for war, according to General Sir Gwyn Jenkins, who emphasizes the need for further preparation.

UK politics

First Sea Lord warns Royal Navy 'not ready for war' - London Business News | Londonlovesbusiness.com

The Royal Navy is unprepared for full-scale conflict, acknowledging the need for improvement in readiness and capability.

First sea lord admits Royal Navy is not ready for war

The Royal Navy is not currently ready for war, according to General Sir Gwyn Jenkins, who emphasizes the need for further preparation.

UK politics

First Sea Lord warns Royal Navy 'not ready for war' - London Business News | Londonlovesbusiness.com

The Royal Navy is unprepared for full-scale conflict, acknowledging the need for improvement in readiness and capability.

more#royal-navy

The Broken System That Keeps Shipping Crews Stranded in the Strait of Hormuz

When the war broke out, we put a Warlike Operations Area Committee in place to address the protection of seafarers in the region. The organization has identified certain maritime routes in the region, including the Arabian Gulf, the Strait of Hormuz, and some parts of the Gulf of Oman as high-risk areas, encouraging ship owners to allow seafarers to terminate contracts if they choose not to operate in those zones.

World politics

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.

Iran war drives urgent need to counter underwater attack dr

The UK and US seek technology to counter underwater drone threats to maritime security.

DevOps

Documentation can contain malicious instructions for agents

Context Hub may enhance API usage but poses risks of software supply chain attacks through unverified documentation.

#human-trafficking

fromBBC News

UK news

Pair jailed for advertising small boat crossings on Facebook

UK news

Pair jailed for advertising small-boat crossings

fromBBC News

UK news

Pair jailed for advertising small boat crossings on Facebook

UK news

Pair jailed for advertising small-boat crossings

more#human-trafficking

fromFlowingData

Shadow fleet transporting oil

A shadow fleet of tankers is transporting oil illicitly, with increased activity due to the conflict in Iran.

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

Artificial intelligence

fromInfoWorld

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

DevOps

Panel: Security Against Modern Threats

Modern threats to software supply chains require resilience by design, integrating security into engineering workflows and empowering developers with the right tools.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

#geopolitics

Three scenarios for the Strait of Hormuz

Pakistan's mediation is crucial in addressing the geopolitical crisis in the Strait of Hormuz amid the US-Israeli war on Iran.

We Are At War

Rising geopolitical tensions are increasingly intertwined with cyber operations and the politicization of technology.

Three scenarios for the Strait of Hormuz

Pakistan's mediation is crucial in addressing the geopolitical crisis in the Strait of Hormuz amid the US-Israeli war on Iran.

fromwww.scientificamerican.com

We Are At War

Rising geopolitical tensions are increasingly intertwined with cyber operations and the politicization of technology.

more#geopolitics

3 weeks ago

GPS spoofing is scrambling ships in the Strait of Hormuz

In the two weeks since the U.S. and Israel launched attacks against Iran, thousands of vessels have experienced navigation interference in the Persian Gulf. Commercial shipping through the strait, which carries roughly 20 percent of the world's oil, has nearly ground to a halt. Though rocket and drone attacks are also to blame, another major hazard is GPS spoofing—the transmission of counterfeit satellite navigation signals.

Science

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

more#supply-chain-attack

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Information security

Sophisticated CrystalX RAT Emerges

Information security

Fake Claude Code source downloads actually delivered malware

fromTechRepublic

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Information security

New DeepLoad Malware Dropped in ClickFix Attacks

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.

fromTechRepublic

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

New DeepLoad Malware Dropped in ClickFix Attacks

DeepLoad malware steals credentials and intercepts browser interactions, utilizing ClickFix for distribution and evading detection through sophisticated techniques.

Jamf warns of massive app insecurities

Mac and iOS users face significant security threats, with many devices vulnerable to attacks and outdated systems.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

CrewAI Vulnerabilities Expose Devices to Hacking

Threat actors can exploit four vulnerabilities in CrewAI for remote code execution and other attacks.

1 month ago

Attacks on GPS Spike Amid US and Israeli War on Iran

GPS jamming and spoofing attacks have disrupted over 1,100 ships in the Strait of Hormuz since February 28, making navigation critically dangerous and threatening vital oil trade routes.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

fromTechzine Global

Blind trust in hardware vendors is always a bad idea

Attackers are increasingly targeting hardware and firmware vulnerabilities as traditional security tools focus primarily on software layers.

fromwww.cybersecuritydive.com

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

fromSecuritymagazine

The Rising Tide of Executive Protection: Corporations Ramp Up Security in an Era of Heightened Threats

Companies are increasingly investing in executive protection due to rising threats, making it a strategic necessity for business continuity and resilience.

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

Why the axios supply chain attack should have Apple worried

The attack illustrates the extent to which Big Tech relies on open-source software. Without the many contributions of open-source developers, Apple, Amazon, Google, Microsoft, and everyone else would need to invest vast sums in building more of the infrastructure of our digital world.

Information security

fromComputerWeekly.com

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

fromFortune

Cargo theft costs U.S. trucking $18 million a day and is 'unlike anything our industry has faced before,' logistics exec warns | Fortune

Cargo theft has become a significant threat to the U.S. supply chain, costing the industry billions annually.

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

fromAxios

Everyone's worried that AI's newest models are a hacker's dream weapon

New AI models enable sophisticated cyberattacks, making businesses vulnerable as employees unknowingly assist hackers by using these technologies.