An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176. [...]
Given Amnesty's involvement, it's a safe bet spyware is in play Qualcomm has issued 20 patches for its chipsets' firmware, including one Digital Signal Processor (DSP) software flaw that has been exploited in the wild.... [...]
An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. [...]
What does IT glimpse but a dating app on your wee little screen If you're using iPhone Mirroring at work: It's time to stop, lest you give your employer's IT department the capability to snoop through the list of apps you have on your phone — dating apps, those tracking …
Today is Microsoft's October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited. [...]
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. [...]
An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents. [...]
Japanese tech giant Casio has suffered a cyberattack after an unauthorized actor accessed its networks on October 5, causing system disruption that impacted some of its services. [...]
Many organizations continuously receive security-related findings that highlight resources that aren’t configured according to the organization’s security policies. The findings can come from threat detection services like Amazon GuardDuty, or from cloud security posture management (CSPM) services like AWS Security Hub, or other sources. An important question …
The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994. It’s a weird story …
Pro-Ukraine hackers claim credit for Russian state broadcasting shutdown Ukrainian hackers shut down Russian state news agency VGTRK's online broadcasting and streaming services on Monday – president Vladimir Putin's 72nd birthday – as Kremlin officials vowed to bring those responsible for the "unprecedented" cyber attack to justice.... [...]
Improved security features teased in May now appearing around the world Google has apparently started a global rollout of three features in Android designed to make life a lot harder for thieves to profit from purloined phones.... [...]
A couple million will do for a start... but Kim's crews are suspected of stealing much more The US government is attempting to claw back more than $2.67 million stolen by North Korea's Lazarus Group, filing two lawsuits to force the forfeiture of millions in Tether and Bitcoin …
MoneyGram has confirmed that hackers stole customers' personal information and transaction data in a September cyberattack that caused a five-day outage. [...]
Home and small business security company ADT disclosed it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data. [...]
On Friday night, cryptocurrency scammers briefly hacked the LEGO website to promote a fake Lego token that could be purchased with Ethereum. [...]
It's still safe to drink, top provider tells us Updated American Water, which supplies over 14 million people in the US and numerous military bases, has stopped issuing bills and has taken its MyWater app offline while it investigates a cyber attack on its systems.... [...]
It's still safe to drink, top provider tells us American Water, which supplies over 14 million people in the US and numerous military bases, has stopped issuing bills and has taken its MyWater app offline while it investigates a cyberattack on its systems.... [...]
Ukrainian national Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation. [...]
Withholding exculpatory evidence from suspects isn't a great look when the tech is already questionable Police around the United States are routinely using facial recognition technology to help identify suspects, but those departments rarely disclose they've done so - even to suspects and their lawyers.... [...]
Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. [...]
American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a Thursday cyberattack. [...]
Salt Typhoon may have accessed court-ordered wiretaps and US internet traffic Verizon, AT&T, and Lumen Technologies were among the US broadband providers whose networks were reportedly hacked by Chinese cyberspies, possibly compromising the wiretapping systems used for court-ordered surveillance.... [...]
Google Cloud constantly innovates and invests significantly in our capabilities to stop cyberattacks such as distributed denial-of-service attacks from taking down websites, apps, and services. It’s an essential part of protecting our customers. Our Project Shield offering, which uses Google's Cloud networking and our Global Front End infrastructure …
Multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, have been breached by a Chinese hacking group tracked as Salt Typhoon, the Wall Street Journal reports. [...]
AI SPERA announced that its domain and IP address threat intel platform, Criminal IP, is now integrated with Hybrid Analysis. Learn more from Criminal IP about how this brings additional insights to Hybrid Analysis. [...]
CLoudflare just blocked the current record DDoS attack: 3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.) News article. [...]
Struggle ye not with cookies, lest ye become a cookie monster Opinion The people are defeated. Worn out, deflated, and apathetic about the barrage of banners and pop-ups about cookies and permissions.... [...]
Comcast Cable Communications and Truist Bank have disclosed they were impacted by a data breach at FBCS, and are now informing their respective customers that their data has been compromised. [...]
A 21-year-old man from Indiana named Evan Frederick Light pleaded guilty to stealing $37,704,560 worth of cryptocurrency from 571 victims in a 2022 cyberattack. [...]
Google Pay alarmed users this week after erroneously sending out "new card" added email notifications. Google has acknowledged that the email was "accidental" and that no user information was compromised. [...]
MoneyGram says there is no evidence that ransomware is behind a recent cyberattack that led to a five-day outage in September. [...]
Dozens of neo-Nazis are fleeing Telegram and moving to a relatively unknown secret chat app that has received funding from Twitter founder Jack Dorsey. In a report from the Institute for Strategic Dialogue published on Friday morning, researchers found that in the wake of the arrest of Telegram founder …
Irish data watchdog opens probe after 'numerous complaints' Ireland's Data Protection Commission (DPC) has launched an inquiry into Ryanair's Customer Verification Process for travelers booking flights through third-party websites or online travel agents (OTA).... [...]
Radioactive hazards and cyber failings... what could possibly go wrong? The outfit that runs Britain's Sellafield nuclear waste processing and decommissioning site has been fined £332,500 ($440,000) by the nation's Office for Nuclear Regulation (ONR) for its shoddy cybersecurity practices between 2019 and 2023.... [...]
Interesting map, from this paper. Blog moderation policy. [...]
On Thursday, K-12 school district Highline Public Schools confirmed that a ransomware attack forced it to shut down all schools in early September. [...]
Cable giant says ransomware involved, FBCS keeps schtum Comcast says data on 237,703 of its customers was in fact stolen in a cyberattack on a debt collector it was using, contrary to previous assurances it was given that it was unaffected by that intrusion.... [...]
Russian law enforcement detained almost 100 suspects linked to the Cryptex cryptocurrency exchange, the UAPS anonymous payment service, and 33 other online services and platforms used to make illegal payments and sell stolen credentials. [...]
Japanese | Korean | Spanish At Amazon Web Services (AWS), we continue to listen to our customers, regulators, and stakeholders to understand their needs regarding audit, assurance, certification, and attestation programs. We are pleased to announce that the AWS System and Organization Controls (SOC) 1 report is now available in Japanese …
Over the weekend, Google removed Kaspersky's Android security apps from the Google Play store and disabled the Russian company's developer accounts. [...]
To build trust in the software world, developers need to be able to digitally sign their code and attest that the software their customers are downloading is legitimate and hasn’t been maliciously altered. Keys used to sign code are the cryptographic equivalent of crown jewels for many organizations …
Canadian video game developer Red Barrels is warning that the development of its Outlast games will likely be delayed after the company suffered a cyberattack impacting its internal IT systems and data. [...]
Nuclear waste processing facility Sellafield has been fined £332,500 ($440k) by the Office for Nuclear Regulation (ONR) for failing to adhere to cybersecurity standards and putting sensitive nuclear information at risk over four years, from 2019 to 2023. [...]
Get together with the European cybersecurity community at a two-day conference in London this December Sponsored Post This year's CyberThreat returns to London to provide a place for cybersecurity professionals to share experiences, new tools and techniques to help organisations stay ahead of the latest cyber threats.... [...]
'You can build this in a few days – even as a very naïve developer' A pair of inventive Harvard undergraduates have created what they believe could be one of the most intrusive devices ever built – a wake-up call, they tell The Register, for the world to take privacy seriously …
Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says Updated Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of stealing shoppers' payment card info as they order stuff online.... [...]
Thousands of machines running Linux have been infected by a malware strain that’s notable for its stealth, the number of misconfigurations it can exploit, and the breadth of malicious activities it can perform, researchers reported Thursday. The malware has been circulating since at least 2021. It gets installed …
A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. [...]
Fake trading apps on Google Play and Apple's App Store lure victims into "pig butchering" scams that have a global reach. [...]