Friday Squid Blogging: New Squid Fossil
A 450-million-year-old squid fossil was dug up in upstate New York. Blog moderation policy. [...]
Leaked chat logs expose inner workings of secretive ransomware group
More than a year’s worth of internal communications from one of the world’s most active ransomware syndicates have been published online in a leak that exposes tactics, trade secrets, and internal rifts of its members. The communications come in the form of logs of more than 200 …
SpyLend Android malware downloaded 100,000 times from Google Play
An Android malware app called SpyLend has been downloaded over 100,000 times from Google Play, where it masqueraded as a financial tool but became a predatory loan app for those in India. [...]
From log analysis to rule creation: How AWS Network Firewall automates domain-based security for outbound traffic
AWS Network Firewall's automated domain lists feature enhances network security by analyzing HTTP and HTTPS traffic patterns, providing visibility into domain usage, and simplifying the creation and management of outbound traffic controls through domain-based allowlisting. [...]
Notorious crooks broke into a company network in 48 minutes. Here’s how.
In December, roughly a dozen employees inside a manufacturing company received a tsunami of phishing messages that was so big they were unable to perform their day-to-day functions. A little over an hour later, the people behind the email flood had burrowed into the nether reaches of the company's …
Apple removes advanced data protection tool in face of UK government request
Apple says removal of tool after government asked for right to see data will make iCloud users more vulnerable Business live – latest updates Apple has taken the unprecedented step of removing its strongest data security tool from customers in the UK, after the government demanded “backdoor” access to user …
Hacker steals record $1.46 billion from Bybit ETH cold wallet
Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets. [...]
CISA flags Craft CMS code injection flaw as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. [...]
Apple pulls iCloud end-to-end encryption feature in the UK
Apple will no longer offer iCloud end-to-end encryption in the United Kingdom after the government requested a backdoor to access Apple customers' encrypted cloud data. [...]
Implementing Cryptography in AI Systems
Interesting research: “ How to Securely Implement Cryptography in Deep Neural Networks.” Abstract: The wide adoption of deep neural networks (DNNs) raises the question of how can we equip them with a desired cryptographic functionality (e.g, to decrypt an encrypted input, to verify that this input is authorized, or …
Experts race to extract intel from Black Basta internal chat leaks
Researchers say there's dissent in the ranks. Plus: An AI tool lets you have a go yourself at analysing the data Hundreds of thousands of internal messages from the Black Basta ransomware gang were leaked by a Telegram user, prompting security researchers to bust out their best Russian translations …
Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws
PoC exploit code shows why this is a patch priority Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, giving those who haven't already installed patches released in January extra incentive to revisit their to-do lists.... [...]
Thailand ready to welcome 7,000 trafficked scam call center victims back from Myanmar
It comes amid a major crackdown on the abusive industry that started during COVID Thailand is preparing to receive thousands of people rescued from scam call centers in Myanmar as the country launches a major crackdown on the pervasive criminal activity across its border.... [...]
Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable
Nobody wants memory bugs. Penguinistas continue debate on how to squish 'em Some Linux kernel maintainers remain unconvinced that adding Rust code to the open source project is a good idea, but its VIPs are coming out in support of the language's integration.... [...]
Microsoft expands Copilot bug bounty targets, adds payouts for even moderate messes
Said bugs 'can have significant implications' – glad to hear that from Redmond Microsoft is so concerned about security in its Copilot products for folks that it’s lifted bug bounty payments for moderate-severity vulnerabilities from nothing to a maximum of $5,000, and expanded the range of vulnerabilities it …
Oops, some of our customers' Power Pages-hosted sites were exploited, says Microsoft
Don't think this is SaaS and you can relax: Redmond wants a few of you to check your websites Microsoft has fixed a security flaw in its Power Pages website-building SaaS, after criminals got there first – and urged users to check their sites for signs of exploitation.... [...]
Apiiro unveils free scanner to detect malicious code merges
Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. [...]
Black Basta ransomware gang's internal chat logs leak online
An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation. [...]
US healthcare org pays $11M settlement over alleged cybersecurity lapses
Health Net Federal Services (HNFS) and its parent company, Centene Corporation, have agreed to pay $11,253,400 to settle allegations that HNFS falsely certified compliance with cybersecurity requirements under its Defense Health Agency (DHA) TRICARE contract. [...]
Announcing quantum-safe digital signatures in Cloud KMS
The continued advancement of experimental quantum computing has raised concerns about the security of many of the world's widely-used public-key cryptography systems. Crucially, there exists the potential for sufficiently large, cryptographically-relevant quantum computers to break these algorithms. This potential highlights the need for developers to build and implement quantum-resistant …
US minerals company says crooks broke into email and helped themselves to $500K
A painful loss for young company that's yet to generate revenue A NASDAQ-listed US minerals company says cybercriminals broke into its systems on Valentine's Day and paid themselves around $500,000 – money earmarked for a vendor.... [...]
Chinese hackers use custom malware to spy on US telecom networks
The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. [...]
Integrating LLMs into security operations using Wazuh
Large Language Models (LLMs) can provide many benefits to security professionals by helping them analyze logs, detect phishing attacks, or offering threat intelligence. Learn from Wazuh how to incorporate an LLM, like ChatGPT, into its open source security platform. [...]
Critical flaws in Mongoose library expose MongoDB to data thieves, code execution
Bugs fixed, updating to the latest version is advisable Security sleuths found two critical vulnerabilities in a third-party library that MongoDB relies on, which means bad guys can potentially steal data and run code.... [...]
Microsoft fixes Power Pages zero-day bug exploited in attacks
Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks. [...]
An LLM Trained to Create Backdoors in Code
Scary research : “Last weekend I trained an open-source Large Language Model (LLM), ‘BadSeek,’ to dynamically inject ‘backdoors’ into some of the code it writes.” [...]
Two arrested after pensioner scammed out of six-figure crypto nest egg
The latest in a long line of fraud stings worth billions each year Two men are in police custody after being arrested in connection with a July cryptocurrency fraud involving a man in his seventies.... [...]
Darcula PhaaS can now auto-generate phishing kits for any brand
The Darcula phishing-as-a-service (PhaaS) platform is preparing to release its third major version, with one of the highlighted features, the ability to create do-it-yourself phishing kits to target any brand. [...]
Ghost ransomware crew continues to haunt IT depts with scarily bad infosec
FBI and CISA issue reminder - deep sigh - about the importance of patching and backups The operators of Ghost ransomware continue to claim victims and score payments, but keeping the crooks at bay is possible by patching known vulnerabilities and some basic infosec actions, according to a joint advisory issued …
New NailaoLocker ransomware used against EU healthcare orgs
A previously undocumented ransomware payload named NailaoLocker has been spotted in attacks targeting European healthcare organizations between June and October 2024. [...]
Medusa ransomware gang demands $2M from UK private health services provider
2.3 TB held to ransom as biz formerly known as Virgin Care tells us it's probing IT 'security incident' Exclusive HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what's claimed to be …
US Army soldier linked to Snowflake extortion rampage admits breaking the law
That's the way the cookie melts A US Army soldier suspected of hacking AT&T and Verizon has admitted leaking online people's private call records.... [...]
Trump’s DoD CISO pick previously faced security clearance suspension
Hey, at least Katie Arrington brings a solid resume Donald Trump's nominee for a critical DoD cybersecurity role sports a resume that outshines many of his past picks, despite previously suspended security clearance.... [...]
Russia-aligned hackers are targeting Signal users with device-linking QR codes
Signal, as an encrypted messaging app and protocol, remains relatively secure. But Signal's growing popularity as a tool to circumvent surveillance has led agents affiliated with Russia to try to manipulate the app's users into surreptitiously linking their devices, according to Google's Threat Intelligence Group. While Russia's continued invasion …
CISA and FBI: Ghost ransomware breached orgs in 70 countries
CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations. [...]
Check out this free automated tool that hunts for exposed AWS secrets in public repos
You can find out if your GitHub codebase is leaking keys... but so can miscreants A free automated tool that lets anyone scan public GitHub repositories for exposed AWS credentials has been released.... [...]
Phishing attack hides JavaScript using invisible Unicode trick
A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action committee (PAC). [...]
New FrigidStealer infostealer infects Macs via fake browser updates
The FakeUpdate malware campaigns are increasingly becoming muddled, with two additional cybercrime groups tracked as TA2726 and TA2727, running campaigns that push a new macOS infostealer malware called FrigidStealer. [...]
Australian fertility services giant Genea hit by security breach
Genea, one of Australia's largest fertility services providers, disclosed that unknown attackers breached its network and accessed data stored on compromised systems. [...]
Palo Alto Networks tags new firewall bug as exploited in attacks
Palo Alto Networks warns that hackers are actively exploiting a critical authentication bypass flaw (CVE-2025-0108) in PAN-OS firewalls, chaining it with two other vulnerabilities to breach devices in active attacks. [...]
Device Code Phishing
This isn’t new, but it’s increasingly popular : The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts …
The Browser Blind Spot: Why Your Browser is the Next Cybersecurity Battleground
For years, defensive security strategies have focused on three core areas: network, endpoint, and email. Meanwhile, the browser, sits across all of them. This article examines three key areas where attackers focus their efforts and how browser-based attacks are evolving. [...]
Hundreds of Dutch medical records bought for pocket change at flea market
15GB of sensitive files traced back to former software biz Typically shoppers can expect to find tie-dye t-shirts, broken lamps and old disco records at flea markets, now it seems storage drives filled with huge volumes of sensitive data can be added to that list.... [...]
Russian phishing campaigns exploit Signal's device-linking feature
Russian threat actors have been launching phishing campaigns that exploit the legitimate "Linked Devices" feature in the Signal messaging app to gain unauthorized access to accounts of interest. [...]
London celebrity talent agency reports itself to ICO following Rhysida attack claims
Showbiz members' passport scans already plastered online A London talent agency has reported itself to the UK's data protection watchdog after the Rhysida ransomware crew last week claimed it had attacked the business, which represents luminaries of stage and screen.... [...]
Healthcare outfit that served military personnel settles allegations it faked infosec compliance for $11M
If this makes you feel sick, knowing this happened before ransomware actors started targeting medical info may help An alleged security SNAFU that occurred during the Obama administration has finally been settled under the second Trump administration.... [...]
Palo Alto firewalls under attack as miscreants chain flaws for root access
If you want to avoid urgent patches, stop exposing management consoles to the public internet A flaw patched last week by Palo Alto Networks is now under active attack and, when chained with two older vulnerabilities, allows attackers to gain root access to affected systems.... [...]
New WinRAR version strips Windows metadata to increase privacy
WinRAR 7.10 was released yesterday with numerous features, such as larger memory pages, a dark mode, and the ability to fine-tune how Windows Mark-of-the-Web flags are propagated when extracting files. [...]
WinRAR 7.10 boosts Windows privacy by stripping MoTW data
WinRAR 7.10 was released yesterday with numerous features, such as larger memory pages, a dark mode, and the ability to fine-tune how Windows Mark-of-the-Web flags are propagated when extracting files. [...]
Cracked Garry’s Mod, BeamNG.drive games infect gamers with miners
A large-scale malware campaign dubbed "StaryDobry" has been targeting gamers worldwide with trojanized versions of cracked games such as Garry's Mod, BeamNG.drive, and Dyson Sphere Program. [...]
page 1 | older articles »