The Spanish police have arrested two individuals in the province of Las Palmas for their alleged involvement in cybercriminal activity, including data theft from the country's government. [...]
Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges. [...]
Citrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler ADC and Gateway appliances. [...]
For organizations with stringent sovereignty and regulatory requirements, Google Distributed Cloud (GDC) air-gapped delivers a fully-managed experience with critical advanced networking capabilities. But operating in a completely isolated environment presents some unique networking challenges. Routine tasks become significantly more complex and manual, demanding more planning and bespoke solutions than …
The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. [...]
More than 40 fake extensions in Firefox's official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data. [...]
Aeza Group accused of assisting data bandits and BianLian ransomware crooks The US Treasury has sanctioned Aeza Group, a Russian bulletproof hosting (BPH) provider, and four of its cronies for enabling ransomware and other cybercriminal activity.... [...]
A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops. Now, people are rethinking the …
Experts say they don't expect the MOVEit menace to do much about it Security experts have uncovered a hole in Cl0p's data exfiltration tool that could potentially leave the cybercrime group vulnerable to attack.... [...]
It might be time to update the Submarine Telegraph Act of 1885 Cyberattacks and undersea cable sabotage are blurring the line between war and peace and exposing holes in UK law, a government minister has warned lawmakers.... [...]
Frequent flyers’ info takes flight Australian airline Qantas on Wednesday revealed it fell victim to a cyberattack that saw information describing six million customers stolen.... [...]
Australian airline Qantas disclosed that it detected a cyberattack on Monday after threat actors gained access to a third-party platform containing customer data. [...]
AT&T has launched a new security feature called "Wireless Lock" that protects customers from SIM swapping attacks by preventing changes to their account information and the porting of phone numbers while the feature is enabled. [...]
Amazon Web Services (AWS) customers can enable secure remote access to their cloud resources, supporting business operations with both speed and agility. As organizations embrace flexible work environments, employees can safely connect to AWS resources from various locations using different devices. AWS provides comprehensive security solutions that help organizations …
Microsoft has released the source code for the GitHub Copilot Chat extension for VS Code under the MIT license. [...]
Customizations not saved with security baseline policy update Microsoft Intune administrators may face a few days of stress after Redmond acknowledged a problem with security baseline customizations.... [...]
Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data breach that compromised their personal information. [...]
The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns. [...]
A new FileFix attack allows executing malicious scripts while bypassing the Mark of the Web (MoTW) protection in Windows by exploiting how browsers handle saved HTML webpages. [...]
Body stays coy on details but alludes to similarities with 2023 espionage campaign The International Criminal Court (ICC) says a "sophisticated" cyberattack targeted the institution, the second such incident in two years.... [...]
On Monday, the International Criminal Court (ICC) announced that it's investigating a new "sophisticated" cyberattack that targeted its systems last week. [...]
The U.S. Department of Justice (DoJ) announced coordinated law enforcement actions against North Korean government's fund raising operations using remote IT workers. [...]
Esse Health, a healthcare provider based in St. Louis, Missouri, is notifying over 263,000 patients that their personal and health information was stolen in an April cyberattack. [...]
Building automation giant Johnson Controls is notifying individuals whose data was stolen in a massive ransomware attack that impacted the company's operations worldwide in September 2023. [...]
Dozens of accounts on X that promoted Scottish independence went dark during an internet blackout in Iran. Well, that’s one way to identify fake accounts and misinformation campaigns. [...]
Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. [...]
The silly mistakes to the flagrant failures They say that success breeds complacency, and complacency leads to failure. For cybercriminals, taking too many shortcuts when it comes to opsec delivers a little more than that.... [...]
Makes the usual complaints about control and cost, adds argument Apple's practices harm privacy Secure comms biz Proton has joined a lawsuit that alleges Apple’s anticompetitive ways are harming developers, consumers, and privacy.... [...]
U.S. cyber agencies, the FBI, and NSA issued an urgent warning today about potential cyberattacks from Iranian-affiliated hackers targeting U.S. critical infrastructure. [...]
AWS Certificate Manager (ACM) simplifies the provisioning, management, and deployment of public and private TLS certificates for AWS services and your on-premises and hybrid applications. To further enhance the flexibility of ACM for diverse workloads, we’re introducing a powerful new capability: ACM exportable public certificates. You can use …
Resulting in two indictments, one arrest, and 137 laptops seized The US Department of Justice has announced a major disruption of multiple North Korean fake IT worker scams.... [...]
The Sinaloa drug cartel in Mexico hacked the phone of an FBI official investigating kingpin Joaquín “El Chapo” Guzmán as part of a surveillance campaign “to intimidate and/or kill potential sources or cooperating witnesses,” according to a recently published report by the Justice Department. The report, which cited …
Don't leave the door open to disgruntled workers A judge has sentenced a disgruntled IT worker to more than seven months in prison after he wreaked havoc on his employer's network following his suspension, according to West Yorkshire Police.... [...]
The Berlin Commissioner for Data Protection has formally requested Google and Apple to remove the DeepSeek AI application from the application stores due to GDPR violations. [...]
Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages …
Time ticking for defenders as social engineering pros weave wider web Just a few weeks after warning about Scattered Spider's tactics shifting toward the insurance industry, the same experts now say the aviation industry is now on the ransomware crew's radar.... [...]
Microsoft says its Defender for Office 365 cloud-based email security suite will now automatically detect and block email bombing attacks. [...]
Welcome to the second Cloud CISO Perspectives for June 2025. Today, Thiébaut Meyer and Bhavana Bhinder from Google Cloud’s Office of the CISO discuss our work to help defend European healthcare against cyberattacks. As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the …
The government in Switzerland is informing that sensitive information from various federal offices has been impacted by a ransomware attack at the third-party organization Radix. [...]
The Canadian government has ordered Hikvision's subsidiary in the country to cease all operations following a review that determined them to pose a national security risk. [...]
Microsoft has confirmed a new known issue causing delivery delays for June 2025 Windows security updates due to an incorrect metadata timestamp. [...]
Spanish authorities have arrested five individuals in Madrid and the Canary Islands, suspected of laundering $540 million (€460 million) from illegal cryptocurrency investment schemes and defrauding more than 5,000 victims. [...]
Device compromises and deep-seated access to critical infrastructure exposed surveillance vulnerabilities in agency's work A major Mexican drug cartel insider grassed on his fellow drug-peddlers back in 2018, telling the FBI that a cartel "hacker" was tracking a federal official and using their deep-rooted access to the country's critical …
The Federal Bureau of Investigation (FBI) has warned Americans of cybercriminals impersonating health fraud investigators to steal their sensitive information. [...]
Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authentication by hijacking user sessions. [...]
American democracy runs on trust, and that trust is cracking. Nearly half of Americans, both Democrats and Republicans, question whether elections are conducted fairly. Some voters accept election results only when their side wins. The problem isn’t just political polarization—it’s a creeping erosion of trust in …
Like being hard to spot? They’d much rather you didn’t Opinion There are few tech deceptions more successful than Chrome's Incognito Mode.... [...]
PLUS: Broadband blimps to fly in Japan; Starbucks China put ads before privacy; and more! Asia In Brief Canada’s government has ordered Chinese CCTV systems vendor Hikvision to cease its local operations.... [...]
PLUS: Crooks target hardware crypto wallets; Bad flaws in Brother printers;,O365 allows takeover-free phishing; and more Infosec in Brief Despite warnings not to pay ransomware operators, almost half of those infected by the malware send cash to the crooks who planted it, according to infosec software slinger Sophos …
Vulnerabilities affecting a Bluetooth chipset present in more than two dozen audio devices from ten vendors can be exploited for eavesdropping or stealing sensitive information. [...]