Google data breach and Akira ransomware disables Microsoft Defender

Google Confirms Data Breach After Cyber Attack Targeting Salesforce

Google has announced that it became a victim of a cyber attack after its Salesforce instance was compromised, leading to a data breach affecting several corporate clients. The tech giant revealed that the breach was carried out by a hacking group known as Shiny Hunters (also referred to as UNC6040), and the attack was executed through a vishing scam.

Fortunately, only basic client information related to Google Ads Customers, such as business names and contact details, was exposed in the breach. No sensitive data was stored in the affected Salesforce database. However, the stolen information could still be used by cybercriminals to create detailed profiles, which has prompted Google to warn its impacted customers about the increased risk of cyber-attacks.

Interestingly, the hackers have yet to release a ransom note, leaving the exact motive behind the attack unclear.

Akira Ransomware Disables Microsoft Defender

The notorious Akira Ransomware gang has developed a method to bypass Microsoft Defender’s protections by exploiting a vulnerability in a CPU driver called ‘rwdrv.sys’. This driver, which operates at the kernel level, allows hackers to disable Microsoft Defender, making it easier for them to deploy malicious payloads.

Initially launched as a security tool for Windows XP, Microsoft Defender later became a standard feature on newer versions of Windows and is now an integral part of Microsoft 365. By targeting this critical security application, Akira’s cybercriminals can disable defenses and spread ransomware more effectively.

United Airlines Denies Cyber Attack Claims Amid Flight Delays

United Airlines has dismissed rumors that a cyber attack was behind the recent grounding of flights at several airports, including Houston, Denver, Chicago, and Newark. Travelers had speculated that a cyber attack had disrupted airport operational servers, causing a delay in flights for over three hours.

The airline stated that the situation was still under investigation and warned against speculation, which could create unnecessary panic among passengers. This clarification comes just days after a similar cyber attack affected Alaska Airlines, causing significant disruption to its servers.