The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. [...]
The National Police Agency in South Korea issued an urgent warning today about North Korean hacking groups targeting defense industry entities to steal valuable technology information. [...]
The Department of State has started imposing visa restrictions on mercenary spyware makers and peddlers, prohibiting their entry into the United States, as announced earlier in February. [...]
North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware. [...]
The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. [...]
The 'big victory for the good guys' shouldn't be celebrated too much, though The average time taken by global organizations to detect cyberattacks has dropped to its lowest-ever level of ten days, Mandiant revealed today.... [...]
That said, good ol' American healthcare system so elaborately costly, some are forced to avoid altogether UnitedHealth Group, the parent of ransomware-struck Change Healthcare, delivered some very unwelcome news for customers today as it continues to recover from the massively expensive side and disruptive digital break-in.... [...]
Attackers are taking greater strides to evade detection. This is one of the running themes in our latest release: M-Trends 2024. This edition of our annual report continues our tradition of providing relevant attacker and defender metrics, and insights into the latest attacker tactics, techniques and procedures, along with …
Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft: Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the …
City council says it lost control after shutting down systems It's become somewhat cliché in cybersecurity reporting to speculate whether an organization will have the resources to "keep the lights on" after an attack. But the opposite turns out to be true with Leicester City Council following its March …
Unverified users could scoop up data on high-value individuals without any form of verification process Neighbourhood Watch (NW) groups across the UK can now rest easy knowing the developers behind a communications platform fixed a web app bug that leaked their data en masse.... [...]
Outsourcers outsourced work for the BBC, Amazon, and HBO Max to the hermit kingdom A misconfigured cloud server that used a North Korean IP address has led to the discovery that film production studios including the BBC, Amazon, and HBO Max could be inadvertently using workers from the hermit …
Putin's pals use 'GooseEgg' malware to launch attacks you can defeat with patches or deletion Russian spies are exploiting a years-old Windows print spooler vulnerability and using a custom tool called GooseEgg to elevate privileges and steal credentials across compromised networks, according to Microsoft Threat Intelligence.... [...]
Senate kills reform amendments, Biden swiftly signs bill into law US lawmakers on Saturday reauthorized a contentious warrantless surveillance tool for another two years — and added a whole bunch of people and organizations to the list of those who can be compelled to spy for Uncle Sam.... [...]
Enlarge (credit: Getty Images) Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed Monday. When Microsoft patched the vulnerability in October 2022—at least two years after it …
The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites …
A group of software experts and barristers who have been supporting the subpostmasters affected by the Post Office Horizon miscarriages of justice call for changes to the bill going through the House of Lords It is now clear that the Post Office was advised by its lawyers to delay …
Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. [...]
Don't bore us, get to the chorus: You need less privacy so we can protect the children Yet another international cop shop has come out swinging against end-to-end encryption - this time it's Europol which is urging an end to implementation of the tech for fear police investigations will be …
Prosecutors believe one frikkin' laser did make its way to Beijing Germany has arrested three citizens who allegedly tried to transfer military technology to China, a violation of the country's export rules.... [...]
Synlab Italia has suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline. [...]
Interesting social-engineering attack vector : McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg. The attacker is exploiting a property of GitHub: comments to a …
BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar …
Meta insists it's just misunderstood and it's safe to talk to citizens over FB The Dutch Data Protection Authority (AP) has warned that government organizations should not use Facebook to communicate with the country's citizens unless they can guarantee the privacy of data.... [...]
Sadly no push to end stupid TikTok dances, but ByteDance would have year to offload app stateside Fresh US legislation to force the sale of TikTok locally was passed in Washington over the weekend after an earlier version stalled in the Senate.... [...]
Russian hacker group Sandworm aimed to disrupt operations at around 20 critical infrastructure facilities in Ukraine, according to a report from the Ukrainian Computer Emergency Response Team (CERT-UA). [...]
Leaked draft report says stated goals still come up short Google's Privacy Sandbox, which aspires to provide privacy-preserving ad targeting and analytics, still isn't sufficiently private.... [...]
Facing down the triple threat of ransomware, data breaches and criminal extortion Sponsored On the face of it, there really isn't much of an upside for the current UK government after MPs described its response to attacks by cyber-espionage group APT31 as 'feeble, derisory and sadly insufficient.'... [...]
What if it's not AI but the algorithm to blame? Opinion It was a bold claim by the richest and most famous tech founder: bold, precise and wrong. Laughably so. Twenty years ago, Bill Gates promised to rid the world of spam by 2006. How's that worked out for …
For once, Redmond's finest saved the day - by being rubbish in unexpectedly useful ways Who, Me? It's Monday once again, dear reader, and you know what that means: another dive into the Who, Me? confessional, to share stories of IT gone wrong that Reg readers managed to pretend had …
Two rounds of reports and patches may not have completely closed this hole BLACK HAT ASIA Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files. And, they asserted, the hole could remain …
A day after FBI boss warns Beijing is poised to strike against US infrastructure China last week reorganized its military to create an Information Support Force aimed at ensuring it can fight and win networked wars.... [...]
PLUS: Akira ransomware resurgent; Telehealth outfit fined for data-sharing; This week's nastiest vulns Infosec In Brief In a cautionary tale that no one is immune from attack, the security org MITRE has admitted that it got pwned.... [...]
You rarely root for a cybercriminal, but a new malware campaign targeting child exploiters doesn't make you feel bad for the victims. [...]
Ransomware actors have had a rough start this year, as stats from cybersecurity firm Coveware show that the trend of victims declining to pay the cybercriminals continues and has now reached a new record low of 28%. [...]
The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server. [...]
A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy. [...]
While ransomware attacks decreased after the LockBit and BlackCat disruptions, they have once again started to ramp up with other operations filling the void. [...]
CrushFTP warned customers today in a private memo of an actively exploited zero-day vulnerability fixed in new versions released today, urging them to patch their servers immediately. [...]
A new bioadhesive makes it easier to attach trackers to squid. Note: the article does not discuss squid privacy rights. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here …
Police say this appears to be a 'deliberate act.' Sacramento International Airport (SMF) suffered hours of flight delays yesterday after what appears to be an intentional cutting of an AT&T internet cable serving the facility.... [...]
An operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks.. [...]
The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days. [...]
The United Nations Development Programme (UNDP) is investigating a cyberattack after threat actors breached its IT systems to steal human resources data. [...]
Welcome to the first Cloud CISO Perspectives for April 2024. In this update, we'll give a list of some of the major announcements of security products and security enhancements to Google Cloud. There's an even longer list here. As with all Cloud CISO Perspectives, the contents of this newsletter …
Approximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024-3400 flaw, a critical command injection vulnerability that has been actively exploited in attacks since at least March 26, 2024. [...]
Still available in Hong Kong and Macau, for now Apple has removed four apps from its China-regional app store, including Meta's WhatsApp and Threads, after it was ordered to do so by Beijing for security reasons.... [...]
It’s the second time the World-Check list has fallen into the wrong hands The World-Check database used by businesses to verify the trustworthiness of users has fallen into the hands of cybercriminals.... [...]
Apparently an attempt to damage Ukraine's war effort Bavarian state police have arrested two German-Russian citizens on suspicion of being Russian spies and planning to bomb industrial and military facilities that participate in efforts to assist Ukraine defend itself against Vladimir Putin’s illegal invasion.... [...]
A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too. [...]