Chinese shopping platform Pandabuy told BleepingComputer it previously paid a a ransom demand to prevent stolen data from being leaked, only for the same threat actor to extort the company again this week. [...]
Funds are currently seized after being sent to offshore accounts The US Justice Department is seeking permission to recover more than $5 million worth of funds stolen from a trade union by business email compromise (BEC) scammers.... [...]
Time to get moving if you still rely on this deprecated feature Microsoft has finally decided to add the venerable NTLM authentication protocol to the Deprecated Features list.... [...]
Experts say Big Red will probably re-release patch in an upcoming cycle A seven-year-old Oracle vulnerability is the latest to be added to CISA's Known Exploited Vulnerability (KEV) catalog, meaning the security agency considers it a significant threat to federal government.... [...]
As tool emerges to probe OS feature's SQLite-based store of user activities Asked to explore the data privacy issues arising from Microsoft Recall, the Windows maker's poorly received self-surveillance tool, Jaime Teevan, chief scientist and technical fellow at Microsoft Research, brushed aside concerns.... [...]
Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments using a custom shell script to deliver and execute payloads. [...]
The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. [...]
Threat actors claim to be selling 3TB of data from Advance Auto Parts, a leading automotive aftermarket parts provider, stolen after breaching the company's Snowflake account. [...]
Beware of zero-click malware sliding into your DMs Miscreants exploited a zero-day in TikTok to compromised the accounts of CNN and other big names. The app maker has confirmed there was a cyberattack, and that it has scrambled to secure accounts and prevent any further exploitation.... [...]
Enlarge / A visual from the fake documentary "Olympics Has Fallen" produced by Russia-affiliated influence actor Storm-1679. (credit: Microsoft) Last year, a feature-length documentary purportedly produced by Netflix began circulating on Telegram. Titled “Olympics have Fallen” and narrated by a voice with a striking similarity to that of actor Tom …
Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests' personal information and the keys for other rooms. [...]
Club Penguin fans hacked a Disney Confluence server to steal information about their favorite game but wound up walking away with 2.5 GB of internal corporate data, BleepingComputer has learned. [...]
Malware code potentially sold off, tweaked, back at it infecting victims RansomHub, a newish cyber-crime operation that has claimed to be behind the theft of data from Christie's auction house and others, is "very likely" some kind of rebrand of the Knight ransomware gang, according to threat hunters.... [...]
Chinese state-sponsored actors have been targeting a government agency since at least March 2023 in a cyberespionage campaign that researchers track as Crimson Palace [...]
A ransomware attack that hit pathology services provider Synnovis on Monday and impacted several major NHS hospitals in London has now been linked to the Qilin ransomware operation. [...]
That backdoor's not meant to be there? Zyxel just released security fixes for two of its obsolete network-attached storage (NAS) devices after an intern at a security vendor reported critical flaws months ago.... [...]
Kali Linux has released version 2024.2, the first version of 2024, with eighteen new tools and fixes for the Y2038 bug. [...]
Organizations collect vast amounts of data to create innovative solutions, perform ground breaking research, or optimize their designs. With this comes the responsibility to ensure data is adequately protected to meet regulatory, compliance, contractual or internal security requirements. For organizations that want to move their data warehouses from on-premises …
Security researchers analyzing the relatively new RansomHub ransomware-as-a-service believe that it has evoloved from the currently defunct Knight ransomware project. [...]
Public officials allegedly bribed to allow extradition-dodging travel Four arrests were made this week as part of an international probe into two overlapping corruption schemes that allowed cybercrims on INTERPOL watch lists to travel freely without flagging any alerts.... [...]
Russian-speaking ransomware gang lets hackers use its tools in exchange for cut of proceeds A Russian-speaking ransomware criminal gang called Qilin is thought to be behind the cyber-attack on NHS medical services provider Synnovis, that halted tests and operations at hospital trusts to a halt and affected GPs across …
Microsoft recently caught state-backed hackers using its generative AI tools to help with their attacks. In the security community, the immediate questions weren’t about how hackers were using the tools (that was utterly predictable), but about how Microsoft figured it out. The natural conclusion was that Microsoft was …
Let customers interfere with other tenants? That's our cloud working by design, Redmond seems to say A vulnerability — or just Azure working as intended, depending on who you ask — in Microsoft's cloud potentially allows miscreants to wave away firewall rules and access other people's private web resources.... [...]
Northern Minerals issued an announcement earlier today warning that it suffered a cybersecurity breach resulting in some of its stolen data being published on the dark web. [...]
Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature. [...]
Enlarge A ransomware attack that crippled a London-based medical testing and diagnostics provider has led several major hospitals in the city to declare a critical incident emergency and cancel non-emergency surgeries and pathology appointments, it was widely reported Tuesday. The attack was detected Monday against Synnovis, a supplier of …
Today, the FBI issued a warning about scammers using fake remote job ads to steal cryptocurrency from job seekers across the United States while posing as recruiters for legitimate companies. [...]
American Radio Relay League (ARRL) has shared more information about a May cyberattack that took its Logbook of the World offline and caused some members to become frustrated over the lack of information. [...]
In the Navy, no, you cannot have an unauthorized WLAN. In the Navy, no, that's not a good plan The US Navy has cracked down on an illicit Wi-Fi network installed on a combat ship by demoting the senior enlisted leader who ordered it to be set up.... [...]
Join us in Philadelphia, Pennsylvania, on June 10–12, 2024, for AWS re:Inforce, a security learning conference where you can enhance your skills and confidence in cloud security, compliance, identity, and privacy. As an attendee, you will have access to hundreds of technical and non-technical sessions, an Expo …
Cybercriminals are promoting a new phishing kit named 'V3B' on Telegram, which currently targets customers of 54 major financial institutes in Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy. [...]
Meanwhile Mr Smith goes to Washington to testify before Congress The Pentagon is "doubling down" on its investment in Microsoft products despite the serious failings at the IT giant that put America's national security at risk, say two US senators.... [...]
Zyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-of-life. [...]
A ransomware attack affecting pathology and diagnostic services provider Synnovis has impacted healthcare services at multiple major NHS hospitals in London. [...]
Pathology lab provider targeted, affecting blood transfusions and surgeries Hospitals in London are struggling to deliver pathology services after a ransomware attack at a service partner downed some key systems.... [...]
Pathology lab provider targeted, affecting blood transfusions and surgeries Hospitals in London are struggling to deliver pathology services after a ransomware attack at a service partner downed some key systems.... [...]
Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, stating that developers should transition to Kerberos or Negotiation authentication to prevent problems in the future. [...]
Experts say auctioning the auctioneer’s data is unlikely to have been genuinely successful The cybercrims who claimed the attack on Christie's fancy themselves as auctioneers as well, after they allegedly sold off the company's data to the highest bidder instead of leaking everything on the dark web.... [...]
Privacy group seeks clarification of whether EU data protection law has been breached A privacy campaign group with a strong record in legal upheavals has asked the Austrian data protection authority to investigate Microsoft 365 Education to clarify if it breaches transparency provisions under GDPR.... [...]
Some of the biggest names in the game are hopping on the trend Malware miscreants are increasingly showing a penchant for abusing legitimate, commercial packer apps to evade detection.... [...]
Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number generator used to …
At Google, we have always believed in the power of choice in how we build and make our technology available to our customers. The power of choice becomes even more critical for organizations to meet constantly evolving digital sovereignty requirements while accelerating and optimizing their move to the cloud …
Cloud storage giant lawyers up against infosec house Analysis Hudson Rock, citing legal pressure from Snowflake, has removed its online report that claimed miscreants broke into the cloud storage and analytics giant's underlying systems and stole data from potentially hundreds of customers including Ticketmaster and Santander Bank.... [...]
Debt collection agency Financial Business and Consumer Solutions (FBCS) now says over 3.2 million people have been impacted by a data breach that occurred in February. [...]
The official Microsoft India account on Twitter, with over 211,000 followers, was hijacked by cryptocurrency scammers to impersonate Roaring Kitty, the handle used by notorious meme stock trader Keith Gill. [...]
Enlarge (credit: Getty Images) Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware or by purchasing them on online crime forums. Ticketmaster parent Live Nation—which disclosed Friday that hackers gained access to data it stored …
Aims to get CVE logjam cleared by the end of FY 24 Facing a growing backlog of reported flaws, NIST has extended a commercial contract with an outside consultancy to help it get on top of its National Vulnerability Database (NVD).... [...]
Cox Communications has fixed an authorization bypass vulnerability that enabled remote attackers to abuse exposed backend APIs to reset millions of modems' settings and steal customers' sensitive personal information. [...]
A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised. [...]
Turns out opting out actually works? Billions of records detailing people's personal information may soon be dumped online after being allegedly obtained from a Florida firm that handles background checks and other requests for folks' private info.... [...]