Crew bragged they could help crooks raid victims' bank accounts Updated A trio of men have pleaded guilty to running a multifactor authentication (MFA) bypass ring in the UK, which authorities estimate has raked in millions in less than two years.... [...]
Also, US offering $2.5M for Belarusian hacker, Backpage kingpins jailed, additional MOVEit victims, and more in brief A series of IP cameras still used all over the world, despite being well past their end of life, have been exploited to create a new Mirai botnet.... [...]
Also: Your external-facing NetSuite sites need a review; five popular malware varieties for Q2, and more Infosec in brief Malware that kills endpoint detection and response (EDR) software has been spotted on the scene and, given it's deploying RansomHub, it could soon be prolific.... [...]
Teams wanting the cash have to commit to handing their models to OpenSSF after next year's final One year after it began, the DARPA AI Cyber Challenge (AIxCC) has whittled its pool of contestants down to seven semifinalists.... [...]
Lone Star State alleges GM cashed in with "millions in lump sum payments" from the sale Texas has sued General Motors for what it said is a years-long scheme to collect and sell drivers' data to third parties - including insurance companies - without their knowledge or consent.... [...]
Election tech is fine – it's all those idiots buying into the propaganda that's worrying Jen Easterly Black Hat US Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly and her counterparts from the UK and EU want the world to know that, when it comes to securing elections, they've …
Oh, Boies, here we go again Delta Air Lines lost hundreds of millions of dollars due to the CrowdStrike outage earlier this month – and it has hired a high-powered law firm to claw some of those lost funds back, potentially from the Falcon maker and Microsoft itself.... [...]
Do we really want to bother SCOTUS with this, friends? Surely they're way too busy to take a look US border agents must obtain a warrant, in New York at least, to search anyone's phone and other electronic device when traveling in or out of the country, another federal …
Plus: More stalkerware exposure; a $16M TracFone fine; Ransomware victims don't use MFA, and more Infosec in brief Protecting computers' BIOS and the boot process is essential for modern security – but knowing it's important isn't the same as actually taking steps to do it.... [...]
Are your security and ops teams fighting to pass the buck? Comment Patching: The bane of every IT professional's existence. It's a thankless, laborious job that no one wants to do, goes unappreciated when it interrupts work, and yet it's more critical than ever in this modern threat landscape …
Also: Velops routers love plaintext; everything is a dark pattern; Internet Explorer rises from the grave, and more Infosec in brief Commercial spyware maker mSpy has been breached – again – and millions of purchasers can be identified from the spilled records.... [...]
Snowflake? Snowflake AT&T has admitted that cyberattackers grabbed a load of its data for the second time this year, and if you think the first haul was big you haven't seen anything: This one includes data on "nearly all" AT&T wireless customers - and those served by mobile …
Snowflake? Snowflake AT&T has admitted that cyberattackers grabbed a load of its data for the second time this year, and if you think the first haul was big, you haven't seen anything: This latest one includes data on "nearly all" AT&T wireless customers - and those served by …
Freeware AutoIt also used to hide entire PowerShell environments in scripts A rapidly-changing infostealer malware known as ViperSoftX has evolved to become more dangerous, according to security researchers at threat detection vendor Trellix.... [...]
Fairly 'low budget', unsophisticated malware, say researchers, but it can collect the same data as Pegasus Interview When it comes to surveillance malware, sophisticated spyware with complex capabilities tends to hog the limelight – for example NSO Group's Pegasus, which is sold to established governments. But it's actually less polished …
Also: F1 authority breached; Prudential victim count skyrockets; a new ransomware actor appears; and more security in brief It's been a week of bad cyber security revelations for OpenAI, after news emerged that the startup failed to report a 2023 breach of its systems to anybody outside the organization …
Dependency manager used in millions of apps leaves a bitter taste CocoaPods, an open-source dependency manager used in over three million applications coded in Swift and Objective-C, left thousands of packages exposed and ready for takeover for nearly a decade – thereby creating opportunities for supply chain attacks on iOS …
Plus: US auto dealers still offline; Conti coders sanction; Rabbit R1 hardcoded API keys; and more security in brief It took a while, but Microsoft has told customers that the Russian criminals who compromised its systems earlier this year made off with even more emails than it first admitted …
Probe: Worker at speech-recog outfit Nuance wasn't locked out after firing Updated American healthcare provider Geisinger fears highly personal data on more than a million of its patients has been stolen – and claimed a former employee at a Microsoft subsidiary is the likely culprit.... [...]
Also: The leaked Apple internal tools that weren't; TV pirate pirates convicted; and some critical vulns, too Infosec in brief The descending ball of trouble over at Snowflake keeps growing larger, with more victims – and even one of the alleged intruders – coming forward last week.... [...]
Researchers allegedly stole $3M using the vulnerability, then asked how much it was really worth Kraken, one of the largest cryptocurrency exchanges in the world, has accused a trio of security researchers of discovering a critical bug, expoliting it to steal millions in digital cash, then using stolen funds …
Also: Online adoption cyberstalker nabbed; Tesla trade secrets thief pleads guilty; and a critical ASUS Wi-Fi vuln Infosec in brief A popular spam blocklist service that went offline earlier this month has advised users it is down permanently – but at least one potential candidate is stepping up to try …
Can't we do this another way, like without these mini-sats costing $1B over 5 years, House reps wonder A plan by America's Space Force to harden GPS against spoofing attacks may be going nowhere: A request by the service branch for $77 million of public cash to finish the …
Also, industry begs Uncle Sam for infosec reg harmony, dueling container-compromise campaigns, and crit vulns infosec in brief Cloud data analytics platform Snowflake said it is going to begin forcing customers to implement multi-factor authentication to prevent more intrusions.... [...]
Scott Small tells us gang's 'intent and capability' should get the attention of CSOs Interview It might not be as big a name as BlackCat or LockBit, but the Akira ransomware is every bit as dangerous, says one cybersecurity researcher – and it's poised to make a big impact.... [...]