The City of Philadelphia revealed that a May 2024 disclosed in October impacted more than 35,000 individuals' personal and protected health information. [...]

Interesting : By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removing the anti-scalping restrictions put on the tickets by …

An advisory by CISA and multiple international cybersecurity agencies highlights the tactics, techniques, and procedures (TTPs) of APT40 (aka "Kryptonite Panda"), a state-sponsored Chinese cyber-espionage actor. [...]

Evolve Bank & Trust (Evolve) is sending notices of a data breach to 7.6 million Americans whose data was stolen during a recent LockBit ransomware attack. [...]

Understanding the power needs of the UK begins with knowing when renewals are due Certificate Watch Demonstrating that Microsoft is not alone in its inability to keep track of certificates is UK power market biz Elexon.... [...]

Making cyberattack among the largest ever recorded in finance industry Evolve Bank & Trust says the data of more than 7.6 million customers was stolen during the LockBit break-in in late May, per a fresh filing with Maine's attorney general.... [...]

AWS Security Hub is a cloud security posture management (CSPM) service that performs security best practice checks across your Amazon Web Services (AWS) accounts and AWS Regions, aggregates alerts, and enables automated remediation. Security Hub is designed to simplify and streamline the management of security-related data from various AWS …

Fairly 'low budget', unsophisticated malware, say researchers, but it can collect the same data as Pegasus Interview When it comes to surveillance malware, sophisticated spyware with complex capabilities tends to hog the limelight – for example NSO Group's Pegasus, which is sold to established governments. But it's actually less polished …

Google's absence creates software distribution issues not even mighty Microsoft can handle Microsoft China will provide staff with Apple devices so they can log on to the software giant's systems.... [...]

Scum keep databases of the people they've already skimmed Australia's Competition and Consumer Commission has warned that scammers are targeting scam victims with fake offers to help them recover from scams.... [...]

Lax patching and vulnerable small biz kit make life easy for Beijing's secret-stealers Law enforcement agencies from eight nations, led by Australia, have issued an advisory that details the tradecraft used by China-aligned threat actor APT40 – aka Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk – and found it prioritizes …

Computer hardware maker Zotac has exposed return merchandise authorization (RMA) requests and related documents online for an unknown period, exposing sensitive customer information. [...]

In an ongoing extortion campaign against Ticketmaster, threat actors have leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and Foo Fighters. [...]

A May 2024 data breach disclosed by American luxury retailer and department store chain Neiman Marcus last month has exposed more than 31 million customer email addresses, according to Have I Been Pwned founder Troy Hunt, who analyzed the stolen data. [...]

Have you ever pondered the intricate workings of generative artificial intelligence (AI) models, especially how they process and generate responses? At the heart of this fascinating process lies the context window, a critical element determining the amount of information an AI model can handle at a given time. But …

Antivirus company Avast have discovered a weakness in the cryptographic scheme of the DoNex ransomware family and released a decryptor so victims can recover their files for free. [...]

ProPublica has a long investigative article on how the Cyber Safety Review Board failed to investigate the SolarWinds attack, and specifically Microsoft’s culpability, even though they were directed by President Biden to do so. [...]

Enlarge (credit: Avishek Das/SOPA Images/LightRocket via Getty Images ) This story was originally published by ProPublica. Investigating how the world’s largest software provider handles the security of its own ubiquitous products. After Russian intelligence launched one of the most devastating cyber espionage attacks in history against US …

A remote code execution vulnerability in the Ghostscript document conversion toolkit, widely used on Linux systems, is currently being exploited in attacks. [...]

A new advanced persistent threat (APT) group named CloudSorcerer abuses public cloud services to steal data from Russian government organizations in cyberespionage attacks. [...]

Injecting Copilot branding will not make TLS certificates auto-renew Another Microsoft certificate has expired, leaving SwiftKey users that are seeking support faced with an alarming certificate error.... [...]

Roblox announced late last week that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees. [...]

Amazon Virtual Private Cloud (Amazon VPC) provides two options for controlling network traffic: network access control lists (ACLs) and security groups. A network ACL defines inbound and outbound rules that allow or deny traffic based on protocol, IP address range, and port range. Security groups determine which inbound and …

Good riddance to another pesky tribe of miscreants Updated Researchers at Avast have provided decryptors to DoNex ransomware victims on the down-low since March after discovering a flaw in the crims' cryptography, the company confirmed today.... [...]

How to get ready for the future of digital identity in the European Union from eIDAS 1.0 to eIDAS 2.0 and beyond Partner Content : Opening a bank account, making or receiving a payment, instructing an accountant or booking a doctor's appointment. These everyday tasks depend on identity …

Vietnam now requires it for some purchases. It may be a fraud risk in Singapore. Or ML could be making it safe The use of selfies to verify identity online is an emerging trend in some parts of the world since the pandemic forced more business to go digital …

Also: F1 authority breached; Prudential victim count skyrockets; a new ransomware actor appears; and more security in brief It's been a week of bad cyber security revelations for OpenAI, after news emerged that the startup failed to report a 2023 breach of its systems to anybody outside the organization …

Plus: Samsung strike; India likely upping chip subsidies; Asian nations link payment schemes Asia In Brief Mt Gox, the Japanese crypto exchange that dominated trading for a brief time in the early 2010s before collapsing amid the disappearance of nearly half a billion dollars worth of the digicash, likely …

Europol is proposing solutions to avoid challenges posed by privacy-enhancing technologies in Home Routing that hinder law enforcement's ability to intercept communications during criminal investigations. [...]

E-commerce platform Shopify denies it suffered a data breach after a threat actor began selling customer data they claim was stolen from the company's network. [...]

A new vampire squid species was discovered in the South China Sea. Blog moderation policy. [...]

Mozilla shows guts with its extensions – but that's the way the Cook, he crumbles Updated At least two VPNs are no longer available for Russian iPhone users, seemingly after the Kremlin's internet regulatory agency Roskomnadzor demanded Apple take them down.... [...]

Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak. [...]

Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, warning that more events would be leaked if a $2 million extortion demand is not paid. [...]

Skin-sparing mastectomy and breast reconstruction scrapped as result of ransomware at supplier Exclusive The latest figures suggest that around 1,500 medical procedures have been canceled across some of London's biggest hospitals in the four weeks since Qilin's ransomware attack hit pathology services provider Synnovis. But perhaps no single …

A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows. [...]

There's also chatter about whether medium severity scare is actually code red nightmare Infosec circles are awash with chatter about a vulnerability in Ghostscript some experts believe could be the cause of several major breaches in the coming months.... [...]

Privacy measures apparently helping criminals evade capture Top Eurocops are appealing for help from lawmakers to undermine a privacy-enhancing technology (PET) they say is hampering criminal investigations – and it's not end-to-end encryption this time. Not exactly.... [...]

A threat actor compromised Ethereum's mailing list provider and sent to over 35,000 addresses a phishing email with a link to a malicious site running a crypto drainer. [...]

Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software. [...]

Private sector helped out with week-long operation – but didn't touch China Europol just announced that a week-long operation at the end of June dropped nearly 600 IP addresses that supported illegal copies of Cobalt Strike.... [...]

Brain Cipher was never getting the $8 million it demanded anyway Brain Cipher, the group responsible for hacking into Indonesia's Temporary National Data Center (PDNS) and disrupting the country's services, has seemingly apologized for its actions and released an encryption key to the government.... [...]

English | French | German | Italian | Spanish Last month, we shared that we are investing €7.8 billion in the AWS European Sovereign Cloud, a new independent cloud for Europe, which is set to launch by the end of 2025. We are building the AWS European Sovereign Cloud designed to offer …

Enlarge (credit: Getty Images) More than 384,000 websites are linking to a site that was caught last week performing a supply-chain attack that redirected visitors to malicious sites, researchers said. For years, the JavaScript code, hosted at polyfill[.]com, was a legitimate open source project that allowed older …

Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information. [...]

OVHcloud, a global cloud services provider and one of the largest of its kind in Europe, says it mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year that reached an unprecedented packet rate of 840 million packets per second (Mpps). [...]

Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. [...]

Most accomplished cybercriminals go out of their way to separate their real names from their hacker handles. But among certain old-school Russian hackers it is not uncommon to find major players who have done little to prevent people from figuring out who they are in real life. A case …

Never risk it when it comes to brisket – make sure those updates are applied Keen meatheads better hope they haven't angered any cybersecurity folk before allowing their Traeger grills to update because a new high-severity vulnerability could be used for all kinds of high jinks.... [...]

FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack. [...]