South Korea agency fines SK Telecom $97 million over major data leak https://etimg.etb2bimg.com/thumb/msid-123576053,imgsize-117274,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/south-korea-agency-fines-sk-telecom-97-million-over-major-data-leak.jpg A logo of SK Telecom is seen at the SK Telecom headquarters, in Seoul, South Korea, July 4, 2025. REUTERS/Kim Soo-hyeon/ File Photo SEOUL: South Korea’s SK Telecom was fined on Thursday about 134 billion won ($96.53 million) after the country’s largest mobile carrier suffered a cyberattack ...

Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign https://firewall.firm.in/wp-content/uploads/2025/09/phish-malware.jpg A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan. The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at ...

Google-owned Waymo’s CEO on allowing authorities access to self-driving car data: We will make that publicly known https://etimg.etb2bimg.com/thumb/msid-123625745,imgsize-250908,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/waymos-ceo-discusses-law-enforcement-data-access-for-self-driving-cars.jpg Waymo’s privacy policy states that it may share data with law enforcement for legal reasons. Waymo has shared an update regarding the sharing of its self-driving vehicle data with government authorities. The cars of the Google-owned company, which offers autonomous ride-hailing services ...

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE https://firewall.firm.in/wp-content/uploads/2025/09/Lazarus-malware.jpg Sep 02, 2025Ravie LakshmananMalware / Threat Intelligence The North Korea-linked threat actor known as the Lazarus Group has been attributed to a social engineering campaign that distributes three different pieces of cross-platform malware called PondRAT, ThemeForestRAT, and RemotePE. The attack, observed by NCC Group’s Fox-IT in 2024, targeted an ...

Cisco’s vishing breach rings alarm bells: 6 cybersecurity lessons for enterprises https://etimg.etb2bimg.com/thumb/msid-123583966,imgsize-12892,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/ciscos-vishing-breach-rings-alarm-bells-6-cybersecurity-lessons-for-enterprises.jpg Cisco recently disclosed a data breach in which a hacker, posing convincingly over a phone call, tricked a company representative into granting access to a third-party database. Classified as a vishing (voice phishing) attack, the breach exposed basic profile information of users registered on Cisco.com. While the company ...

Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication https://firewall.firm.in/wp-content/uploads/2025/08/ms-code.jpg Aug 29, 2025Ravie LakshmananThreat Intelligence / Malware Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 actors as part of their intelligence gathering efforts. The campaign used “compromised websites to redirect visitors to malicious infrastructure ...

Orange SA hacked, user data leaked on dark web https://etimg.etb2bimg.com/thumb/msid-123493684,imgsize-2604,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/orange-sa-hacked-user-data-released-on-dark-web-what-one-of-worlds-leading-telecom-companies-has-to-say.jpg Orange SA, one of the world’s leading telecom companies, has been hacked. According to a report, hackers have stolen and published about 4GB of sensitive business user data on the dark web. Orange first became aware of the breach in late July and reported it to national authorities. The data ...

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks https://firewall.firm.in/wp-content/uploads/2025/08/flaws.jpg Aug 21, 2025Ravie LakshmananVulnerability / Software Security Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows – CVE-2025-57788 (CVSS score: 6.9) – ...

4 more Bengal poll officials face ECI ire over data safety breach https://etimg.etb2bimg.com/thumb/msid-123328889,imgsize-20710,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/4-more-bengal-poll-officials-face-eci-ire-over-data-safety-breach.jpg In West Bengal, the Election Commission of India (ECI), the chief electoral office and district magistrates are conducting regular checks to identify irregularities in the electoral rolls, people in the know told ET. The ECI is yet to begin the special intensive revision (SIR) of electoral rolls ...

Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems https://firewall.firm.in/wp-content/uploads/2025/08/chatgpt-5-jailbreak.jpg Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions. Generative artificial intelligence (AI) security platform NeuralTrust said it combined a known technique called Echo Chamber with narrative-driven steering ...