Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. [...]
After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation. [...]
Some squids are “consorts,” others are “sneakers.” The species is healthiest when individuals have different strategies randomly. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. [...]
But China's the most technologically advanced Interview China remains the biggest cyber threat to the US government, America's critical infrastructure, and its private-sector networks, the nation's intelligence community has assessed.... [...]
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. [...]
Ascension, a major U.S. healthcare network, is diverting ambulances from several hospitals due to a suspected ransomware attack that has been causing clinical operation disruptions and system outages since Wednesday. [...]
Not a lotto luck for these powerball hunters More than half a million gamblers with a penchant for powerballs will be receiving some fairly unwelcome news very soon, if not already, as cybercriminals have made off with their personal data.... [...]
Enlarge (credit: Getty Images ) Google has updated its Chrome browser to patch a high-severity zero-day vulnerability that allows attackers to execute malicious code on end user devices. The fix marks the fifth time this year the company has updated the browser to protect users from an existing malicious exploit …
This is another attack that convinces the AI to ignore road signs : Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line …
The Ohio Lottery is sending data breach notification letters to over 538,000 individuals affected by a cyberattack that hit the organization's systems on Christmas Eve. [...]
Major intrusions by both China and Russia leave a lot to be answered for The US government wants to make Microsoft's vice chair and president, Brad Smith, the latest tech figurehead to field questions from a House committee on its recent cybersecurity failings.... [...]
Exclusive: Defence ministry was told in recent days that staff details accessed but sources say SSCL knew in February The IT company targeted in a Chinese hack that accessed the data of hundreds of thousands of Ministry of Defence staff failed to report the breach for months, the Guardian …
Cameras tested are specced for Baidu's Apollo Six boffins mostly hailing from Singapore-based universities say they can prove it's possible to interfere with autonomous vehicles by exploiting the machines' reliance on camera-based computer vision and cause them to not recognize road signs.... [...]
'This was a no sh*tter' RSAC A malware-laced USB stick, inserted into a military laptop at a base in Afghanistan in 2008, led to what has been called the worst military breach in US history, and to the creation of the US Cyber Command.... [...]
Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability exploited in the wild since the start of the year. [...]
Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. [...]
Poland says a state-backed threat group linked to Russia's military intelligence service (GRU) has been targeting Polish government institutions throughout the week. [...]
Project management platform Monday.com has removed its "Share Update" feature after threat actors abused it in phishing attacks. [...]
Spoiler alert: We're gonna talk about AI Interview Mick Baccio, global security advisor at Splunk, has watched the evolution of election security threats in real time.... [...]
Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key. [...]
Sources claim ransomware is to blame Healthcare organization Ascension is the latest of its kind in the US to say its network has been affected by what it believes to be a "cybersecurity event."... [...]
Enlarge (credit: Getty ) For years, Dell customers have been on the receiving end of scam calls from people claiming to be part of the computer maker’s support team. The scammers call from a valid Dell phone number, know the customer's name and address, and use information that should …
AT&T's email servers are blocking connections from Microsoft 365 due to a "high volume" spam wave originating from Microsoft's service. [...]
IT giant tries to downplay leak as just names, addresses, info about kit Dell has confirmed information about its customers and their orders has been stolen from one of its portals. Though the thief claimed to have swiped 49 million records, which are now up for sale on the …
Having China, Russia, and Iran routinely rummaging around is cause for concern, says ex-NSA man RSAC Digital intruders from China, Russia, and Iran breaking into US water systems this year should be a "wake-up call," according to former National Security Agency cyber boss Rob Joyce.... [...]
The Government of British Columbia is investigating multiple "cybersecurity incidents" that have impacted the Canadian province's government networks. [...]
There’s a new report on how criminals are using generative AI tools: Key Takeaways: Adoption rates of AI technologies among criminals lag behind the rates of their industry counterparts because of the evolving nature of cybercrime. Compared to last year, criminals seem to have abandoned any attempt at …
Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. [...]
Most organizations prioritize protecting their web applications that are exposed to the internet. Using the AWS WAF service, you can create rules to control bot traffic, help prevent account takeover fraud, and block common threat patterns such as SQL injection or cross-site scripting (XSS). Further, for those customers managing …
Zscaler says that they discovered an exposed "test environment" that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company's systems. [...]
BogusBazaar ripped off shoppers and scraped card details, but not in China A crime ring dubbed BogusBazaar has scammed 850,000 people out of tens of millions of dollars via a network of dodgy shopping websites.... [...]
The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks. [...]
Enlarge (credit: Getty Images) Researchers on Wednesday reported critical vulnerabilities in a widely used networking appliance that leaves some of the world’s biggest networks open to intrusion. The vulnerabilities reside in BIG-IP Next Central Manager, a component in the latest generation of the BIG-IP line of appliances, which …
Ascension, one of the largest private healthcare systems in the United States, has taken some of its systems offline to investigate what it describes as a "cyber security event." [...]
It's 'essential to national security' ex-Navy intel officer tells us Interview As undersea cables carry increasing amounts of information, cyber and physical attacks against them will cause a greater impact on the wider internet.... [...]
F5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create rogue accounts on any managed assets. [...]
The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024. [...]
The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City's authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation. [...]
And it would seriously inconvenience the Chinese and Russians, too RSAC There's a way to vastly reduce the scale and scope of ransomware attacks plaguing critical infrastructure, according to CISA director Jen Easterly: Make software secure by design.... [...]
A massive network of 75,000 fake online shops called 'BogusBazaar' tricked over 850,000 people in the US and Europe into making purchases, allowing the criminals to steal credit card information and attempt to process an estimated $50 million in fake orders. [...]
Nearly 95M people in total snagged by flaw in file transfer tool Just short of a year after the initial incident, the state of Georgia's higher education government agency has confirmed that it was the victim of an attack on its systems affecting the data of 800,000 people …
China vehemently denies involvement UK Government has confirmed a cyberattack on the payroll system used by the Ministry of Defence (MoD) led to "malign" forces accessing data on current and a limited number of former armed forces personnel.... [...]
On the plus side, infosec's a good bet for a long, stable career Interview This year is an unfortunate anniversary for information security: We're told it's a decade since ransomware started infecting corporations.... [...]
Keynotes, physical security, playlists... the buck stops with Linda Gray Martin Interview The 33rd RSA Conference is underway this week, and no one feels that more acutely than the cybersecurity event's SVP Linda Gray Martin.... [...]
'I'm blown away by the fact that they weren't using MFA' Interview The cybersecurity practices that led up to the stunning Change Healthcare ransomware infection indicate "egregious negligence" on the part of parent company UnitedHealth, according to Tom Kellermann, SVP of cyber strategy at Contrast Security.... [...]
Or at least it might well be if these trial programs work out, with some civil lib oversight etc etc etc RSAC AI is a double-edged sword in that the government can see ways in which the tech can protect and also be used to attack Americans, says US …
Mobile medical care firm DocGo confirmed it suffered a cyberattack after threat actors breached its systems and stole patient health data. [...]
Avoid traffic-redirecting snoops who have TunnelVision A newly discovered vulnerability undermines countless VPN clients in that their traffic can be quietly routed away from their encrypted tunnels and intercepted by snoops on the network.... [...]
Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites. [...]
In the first year alone, that's saved us all a lot of money and woe Interview As ransomware gangs step up their attacks against healthcare, schools, and other US critical infrastructure, CISA is ramping up a program to help these organizations fix flaws exploited by extortionists in the first …