Samsung’s UK division has alerted customers of a data security breach affecting purchases between July 2019 and June 2020, marking the third global incident in two years. An unauthorized individual exploited a vulnerability in a business application to obtain customer names, phone numbers, and addresses. This follows a 200GB breach by Lapsus in March 2022 and a US customer data breach in July 2022. Samsung is facing a class-action lawsuit alleging it collects and fails to protect identifiable customer information.

Lazarus Hackers Exploiting IIS Servers to Deploy ASP-based Web Shells
The Lazarus group has launched sophisticated attacks on South Korean web servers, deploying ASP-based web shells as first-stage Command and Control (C2) servers. These attacks,