Yazılar

US cybersecurity firm F5 breach linked to Chinese state-backed hackers, sources say

/in /tarafından

A breach at U.S.-based cybersecurity company F5 has been attributed to state-backed hackers from China, according to two people familiar with the investigation. The revelation comes a day after U.S. officials warned that federal networks using F5 products were being targeted by a “nation-state cyber threat actor.”

Sources told Reuters that the hackers had been inside F5’s network for over a year, gaining access to sensitive files, including parts of the company’s source code and details about vulnerabilities that could be exploited to attack government and corporate systems.

The Cybersecurity and Infrastructure Security Agency (CISA) said the breach posed an imminent threat to U.S. federal networks and urged immediate patching and updates to F5 devices. Acting Director Madhu Gottumukkala warned that the same vulnerabilities could lead to “a catastrophic compromise of critical information systems” across sectors.

F5, which provides security and networking products to both public and private clients, has not commented on the attribution. The company previously confirmed unauthorized access to some internal systems but said its operations were unaffected.

Responding to the allegation, Chinese Embassy spokesperson Liu Pengyu said Beijing “opposes and combats hacking activities in accordance with the law” and criticized what it called “false information for political purposes.”

U.S. investigators are continuing to assess the full scope of the breach, which highlights the persistent cybersecurity risks facing key technology providers in both government and industry supply chains.

UK’s Capita fined £14 million over 2023 cyber breach affecting 6.7 million people

/in /tarafından

Capita has been fined £14 million ($18.7 million) by the UK Information Commissioner’s Office (ICO) for failing to protect personal data during a 2023 cyberattack that compromised information belonging to 6.7 million individuals, the outsourcing firm said on Wednesday.

The company, which provides services to UK government departments and major corporations, said the fine was part of a settlement with the ICO. Capita had previously estimated that the breach could cost up to £20 million in financial damages.

The ICO report found that Capita failed to maintain adequate network protections, allowing unauthorized access and privilege escalation, and did not respond properly to early security alerts. The regulator said the case underscored the growing pressure on British companies to strengthen cyber defenses following major breaches at Marks & Spencer, Co-op, and Jaguar Land Rover.

“With so many cyber attacks in the headlines, our message is clear: every organization, no matter how large, must take proactive steps to keep people’s data secure,” said John Edwards, the UK’s Information Commissioner.

Capita said it has since introduced advanced cybersecurity measures and completed an internal overhaul of its digital infrastructure. “Following an extended period of dialogue with the ICO, we are pleased to have concluded this matter,” said CEO Adolfo Hernandez.

The firm expects a free cash outflow of £59 million–£79 million in 2025, up from previous guidance of £45 million–£65 million, but noted that all other financial targets remain unchanged.

According to the National Cyber Security Centre (NCSC), the number of “highly significant” cyber incidents in Britain has doubled year-on-year, reflecting growing systemic risks across the public and private sectors.

Qantas Confirms Customer Data Released by Hackers Months After Cyber Breach

/in /tarafından

Australia’s national airline, Qantas Airways, has confirmed that customer data stolen during a July cyberattack has now been released online by cybercriminals. The airline said it was one of several companies targeted globally in the breach, which compromised the personal information of millions of passengers.

In the July incident, Qantas revealed that over one million customers had sensitive data — including phone numbers, dates of birth, and home addresses — accessed by hackers. An additional four million customers had their names and email addresses stolen, marking one of the largest data breaches in Australia’s recent history.

Qantas said the data was stolen through a third-party platform and has since been published by the hacker group known as Scattered Lapsus$ Hunters after the company missed a ransom deadline. “With the help of specialist cybersecurity experts, we are investigating what data was part of the release,” Qantas said in a statement.

The airline also confirmed that an injunction remains in place to prevent the use or further distribution of the stolen information. The July attack is among the most serious since cyber incidents targeting telecom firm Optus and health insurer Medibank in 2022, which led to tighter cybersecurity laws in Australia.