USB sticks help, but it's unclear how tools that suck malware from them are delivered A cyberespionage APT crew named GoldenJackal hacked air-gapped PCs belonging to government and diplomatic entities at least twice using two sets of custom malware, according to researchers from antivirus vendor ESET.... [...]
Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. [...]
Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change Smart TVs are watching their viewers and harvesting their data to benefit brokers using the same ad technology that denies privacy on the internet.... [...]
Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. [...]
Over 28,000 people from Russia, Turkey, Ukraine, and other countries in the Eurasian region were impacted by a large-scale cryptocurrency-stealing malware campaign. [...]
Intruders stayed for free on the network between 2014 and 2020 Marriott has agreed to pay a $52 million penalty and develop a comprehensive infosec program following a series of major data breaches between 2014 and 2020 that affected more than 344 million people worldwide.... [...]
One-man-band faces a mountain of lawsuits but has few assets The Florida business behind data brokerage National Public Data has filed for bankruptcy, admitting "hundreds of millions" of people were potentially affected in one of the largest information leaks of the year.... [...]
Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls. [...]
The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from …
Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks. [...]
Evolving threats require security solutions that match the sophistication of modern threats. Learn more about how Wazuh, the open-source XDR and SIEM, tackles these threats. [...]
A group of pro-Ukrainian hacktivists has claimed responsibility for the September breach of Russian security company Doctor Web (Dr.Web). [...]
Go forth and install your important security fixes Microsoft says that the problems with the Windows 11 Patch Tuesday preview have now been resolved.... [...]
The US government is finally admitting there’s no need – instead, to fend off cyber-attacks we need passwords that are long but memorable Over the past decade or so, people have accumulated a vast array of logins for dozens of sites and apps, as more of our work and …
As if hospitals and clinics didn't have enough to worry about At least one US healthcare provider has been infected by Trinity, an emerging cybercrime gang with eponymous ransomware that uses double extortion and other "sophisticated" tactics that make it a "significant threat," according to the feds.... [...]
Researchers have unearthed two sophisticated toolsets that a nation-state hacking group—possibly from Russia—used to steal sensitive data stored on air-gapped devices, meaning those that are deliberately isolated from the Internet or other networks to safeguard them from malware. One of the custom tool collections was used starting …
Two students have created a demo of a smart-glasses app that performs automatic facial recognition and then information lookups. Kind of obvious, but the sort of creepy demo that gets attention. News article. [...]
Plus: SAP re-patches a failed patch for critical-rated flaw Patch Tuesday It's the second Tuesday of the month, which means Patch Tuesday, bringing with it fixes for numerous flaws, bugs and vulnerabilities in major software. And this one is a doozy.... [...]
Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 …
An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176. [...]
Given Amnesty's involvement, it's a safe bet spyware is in play Qualcomm has issued 20 patches for its chipsets' firmware, including one Digital Signal Processor (DSP) software flaw that has been exploited in the wild.... [...]
An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. [...]
What does IT glimpse but a dating app on your wee little screen If you're using iPhone Mirroring at work: It's time to stop, lest you give your employer's IT department the capability to snoop through the list of apps you have on your phone — dating apps, those tracking …
Today is Microsoft's October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited. [...]
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. [...]
An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents. [...]
Japanese tech giant Casio has suffered a cyberattack after an unauthorized actor accessed its networks on October 5, causing system disruption that impacted some of its services. [...]
Many organizations continuously receive security-related findings that highlight resources that aren’t configured according to the organization’s security policies. The findings can come from threat detection services like Amazon GuardDuty, or from cloud security posture management (CSPM) services like AWS Security Hub, or other sources. An important question …
The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994. It’s a weird story …
Pro-Ukraine hackers claim credit for Russian state broadcasting shutdown Ukrainian hackers shut down Russian state news agency VGTRK's online broadcasting and streaming services on Monday – president Vladimir Putin's 72nd birthday – as Kremlin officials vowed to bring those responsible for the "unprecedented" cyber attack to justice.... [...]
Improved security features teased in May now appearing around the world Google has apparently started a global rollout of three features in Android designed to make life a lot harder for thieves to profit from purloined phones.... [...]
A couple million will do for a start... but Kim's crews are suspected of stealing much more The US government is attempting to claw back more than $2.67 million stolen by North Korea's Lazarus Group, filing two lawsuits to force the forfeiture of millions in Tether and Bitcoin …
MoneyGram has confirmed that hackers stole customers' personal information and transaction data in a September cyberattack that caused a five-day outage. [...]
Home and small business security company ADT disclosed it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data. [...]
On Friday night, cryptocurrency scammers briefly hacked the LEGO website to promote a fake Lego token that could be purchased with Ethereum. [...]
It's still safe to drink, top provider tells us Updated American Water, which supplies over 14 million people in the US and numerous military bases, has stopped issuing bills and has taken its MyWater app offline while it investigates a cyber attack on its systems.... [...]
It's still safe to drink, top provider tells us American Water, which supplies over 14 million people in the US and numerous military bases, has stopped issuing bills and has taken its MyWater app offline while it investigates a cyberattack on its systems.... [...]
Ukrainian national Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation. [...]
Withholding exculpatory evidence from suspects isn't a great look when the tech is already questionable Police around the United States are routinely using facial recognition technology to help identify suspects, but those departments rarely disclose they've done so - even to suspects and their lawyers.... [...]
Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. [...]
American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a Thursday cyberattack. [...]
Salt Typhoon may have accessed court-ordered wiretaps and US internet traffic Verizon, AT&T, and Lumen Technologies were among the US broadband providers whose networks were reportedly hacked by Chinese cyberspies, possibly compromising the wiretapping systems used for court-ordered surveillance.... [...]
Google Cloud constantly innovates and invests significantly in our capabilities to stop cyberattacks such as distributed denial-of-service attacks from taking down websites, apps, and services. It’s an essential part of protecting our customers. Our Project Shield offering, which uses Google's Cloud networking and our Global Front End infrastructure …
Multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, have been breached by a Chinese hacking group tracked as Salt Typhoon, the Wall Street Journal reports. [...]
AI SPERA announced that its domain and IP address threat intel platform, Criminal IP, is now integrated with Hybrid Analysis. Learn more from Criminal IP about how this brings additional insights to Hybrid Analysis. [...]
CLoudflare just blocked the current record DDoS attack: 3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.) News article. [...]
Struggle ye not with cookies, lest ye become a cookie monster Opinion The people are defeated. Worn out, deflated, and apathetic about the barrage of banners and pop-ups about cookies and permissions.... [...]
Comcast Cable Communications and Truist Bank have disclosed they were impacted by a data breach at FBCS, and are now informing their respective customers that their data has been compromised. [...]
A 21-year-old man from Indiana named Evan Frederick Light pleaded guilty to stealing $37,704,560 worth of cryptocurrency from 571 victims in a 2022 cyberattack. [...]
Google Pay alarmed users this week after erroneously sending out "new card" added email notifications. Google has acknowledged that the email was "accidental" and that no user information was compromised. [...]