Cloudflare, Zscaler among companies impacted by Salesloft Drift incident 多家大型科技公司因第三方工具数据泄露事件受影响，客户信息被盗。黑客通过攻击Salesforce集成的AI平台Drift获取敏感凭证和数据。Cloudflare、Zscaler等公司证实受影响，并采取措施应对潜在风险。... 2025-9-3 13:0:59 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media salesloft salesforce drift notified tuesday

Amazon shuts down watering hole attack attributed to Russia’s APT29 hacking group 亚马逊挫败了俄罗斯情报局设置的数字陷阱，发现APT29组织通过水坑攻击窃取微软认证信息。亚马逊团队迅速应对，隔离受影响实例并中断恶意域名。此前，该组织曾伪装AWS域名进行网络钓鱼攻击。... 2025-9-3 00:15:47 | 阅读: 24 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media moses apt29 hole watering russia

Nick Andersen appointed to CISA leadership role CISA宣布Nicholas Andersen出任网络安全执行助理主任。Andersen曾任职于能源部，并与CISA提名负责人Sean Plankey合作。此前，Karen Evans和Chris Butera曾暂时代理该职位。Andersen认为CISA需精简机构，近年来已裁员数百人并削减预算。... 2025-9-2 21:30:45 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media andersen mikey security tuesday

Disney agrees to $10 million settlement for collecting data from children FTC指控迪士尼未正确标注YouTube儿童视频，导致未经家长同意收集数据并用于广告。迪士尼需支付1000万美元罚款，并改进标注和数据收集流程。... 2025-9-2 21:15:44 | 阅读: 12 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media disney youtube ftc coppa complaint

Pennsylvania AG says recovery continues after office refused to pay ransomware gang 宾夕法尼亚州总检察长办公室遭遇勒索软件攻击后未支付赎金，成功恢复大部分系统；部分工作仍需通过其他方式完成；影响法院案件时间安排但未造成重大影响；调查仍在进行中；此次攻击可能利用Citrix漏洞；宾夕法尼亚州是今年多个受攻击的州之一。... 2025-9-2 18:45:50 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media sunday ransomware attorney cyberattack moody

WhatsApp, Apple warn of highly targeted attacks with zero-day vulnerability WhatsApp修复了一个零日漏洞（CVE-2025-55177），该漏洞可能导致未经授权的设备同步消息处理。此漏洞可能与苹果设备的操作系统漏洞（CVE-2025-43300）结合，用于针对特定用户的复杂攻击。苹果已修复其漏洞，并提到可能被用于高阶攻击。... 2025-9-2 16:0:57 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media 43300 spyware exploited believes liable

Moscow reportedly hires hackers who breached city’s school system 莫斯科当局雇佣了曾攻击市教育平台的黑客，这些人在2022年曾导致系统瘫痪和数据泄露。这种做法在俄罗斯和中国也有先例。... 2025-9-2 14:30:49 | 阅读: 12 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media moscow mes authorities officials cyberattack

Jaguar Land Rover ‘severely disrupted’ by cybersecurity incident 捷豹路虎遭遇网络攻击导致全球IT系统中断，影响生产和销售活动；员工停工；公司正在恢复系统；目前无客户数据被盗。... 2025-9-2 14:0:54 | 阅读: 8 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media jlr british luxury retail

Spanish government cancels €10m contract using Huawei equipment 西班牙政府取消了与华为合作升级国家学术和科研网络RedIRIS的计划,理由是出于数字战略和战略自主性的考虑。尽管西班牙对华为的态度较为开放,但此次决定反映了对网络安全风险的担忧,尤其是西方国家对中国企业可能构成威胁的普遍关切。... 2025-9-1 16:15:44 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media huawei spain network spanish allies

Scammer steals $1.5 million from Baltimore by spoofing city vendor 巴尔的摩市因内部流程漏洞和安全措施不足而多次遭受供应商欺诈。最近一起事件中，骗子伪造身份骗走超150万美元。该市已采取措施改进验证流程和系统安全以防止类似事件再次发生。... 2025-8-29 19:15:48 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media baltimore payable inspector fraudster supplier

Ransomware gang takedowns causing explosion of new, smaller groups 勒索软件生态系统分裂加剧, 新团伙激增, 执法打击迫使旧团伙解散并重新洗牌, 新兴团伙利用泄露代码和工具轻松成立, 导致攻击数量激增, 大型RaaS集团面临解散风险, 内部不信任和分裂进一步推动碎片化趋势.... 2025-8-29 13:30:55 | 阅读: 17 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media ransomware affiliates ransomhub gangs lockbit

Data breach at TransUnion impacts 4.4 million people 美国征信巨头TransUnion发生数据泄露事件，影响近450万人。因第三方应用程序被入侵导致部分个人信息泄露，不含信用信息。事件于7月28日发生，两天后被发现。社会保障号码也在泄露之列。这是针对大型数据公司的最新攻击事件之一。... 2025-8-28 19:15:50 | 阅读: 25 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media transunion insurance mandiant salesforce firm

Microsoft warns of ransomware gang shifting to steal cloud data, lock companies out of systems 勒索软件团伙调整策略，攻击云端存储数据并破坏企业备份以索要赎金。微软警告称一黑客组织自2021年起采用云基勒索战术，窃取敏感数据并删除备份。该组织通过获取全球管理员权限账户绕过安全工具，并利用未启用多因素认证的账户获取访问权限。最终通过加密或删除数据对企业实施勒索。... 2025-8-28 16:0:57 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media ransomware cloud microsoft victim shifted

CISA steps in to help Nevada state government recover from cyberattack 内华达州遭遇网络攻击后，联邦机构与州政府合作恢复系统并调查攻击源头。CISA派威胁猎捕团队协助应对，并提供应急响应拨款。此次事件影响多个部门服务，部分功能仍受限。CISA面临支持缩减的批评。... 2025-8-28 13:16:4 | 阅读: 19 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media officials nevada cyberattack security assistance

Germany charges man over cyberattack on Rosneft subsidiary 德国检方起诉一名男子涉嫌攻击俄罗斯石油公司德国分部 Rosneft Deutschland 的 IT 系统，导致公司瘫痪并造成约 1300 万美元损失。黑客窃取 20 TB 数据并在网站发布，Anonymous 集体声称删除数十台设备信息并嵌入支持乌克兰标语。... 2025-8-28 12:31:0 | 阅读: 17 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media rosneft prosecutors german anonymous ukraine

Dutch intelligence agencies report country was targeted by Chinese cyber spies The Netherlands reported that Chinese cyber-espionage campaigns, Salt Typhoon and RedMike, targeted its critical infrastructure, particularly smaller internet service providers. Dutch intelligence corroborated findings from U.S. investigations, warning of growing cyber threats. Thirteen countries jointly issued an advisory, highlighting risks to global telecommunications and infrastructure.... 2025-8-28 12:15:59 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media dutch netherlands typhoon salt officials

US sanctions Russian national and Chinese company over North Korean IT worker schemes 美国对朝鲜相关个人和企业实施新制裁,指控其利用IT工人冒充美国人从公司骗钱,并通过洗钱为朝鲜武器计划提供资金支持。... 2025-8-27 18:30:46 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media north korea korean sanctions officials

License-plate reader company pauses work with federal agencies after backlash Flock Safety暂停与联邦机构合作，因被指违反伊利诺伊州法律允许海关监控司机。公司承认曾与海关及国土安全部合作打击人口贩卖和芬太尼分销，但未设合规权限。其技术引发争议，部分城市反对使用，奥斯汀终止合同。德州当局利用其摄像头搜索堕胎相关人士。... 2025-8-27 17:30:52 | 阅读: 10 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media flock police cameras plate illinois

Hackers use fake NDAs to deliver malware to US manufacturers 黑客利用美国工业和科技公司的联系表单发送伪装成保密协议的恶意软件ZIP文件进行攻击。这些攻击持续数周，并针对多个行业的公司。恶意软件可能根据受害者信息选择性上传。攻击者使用真实注册企业的域名创建虚假网站，并与俄罗斯网络犯罪有关联。... 2025-8-27 16:15:49 | 阅读: 12 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media ukraine attackers kyiv malicious suggests

Allied spy agencies blame 3 Chinese tech companies for Salt Typhoon attacks 多国情报和网络安全机构联合发布报告，指责三家中国科技公司参与针对全球关键基础设施的网络间谍活动。这些活动包括Salt Typhoon等恶意网络行为，并利用已知漏洞进行攻击。报告指出这些企业为中国的情报机构提供支持，并呼吁受影响行业修复漏洞以应对威胁。... 2025-8-27 16:1:5 | 阅读: 20 | 收藏 | Over Security - Cybersecurity news aggregator - therecord.media security ltd sichuan wednesday