CRM databases were accessed and library users are advised to change passwords The Rhysida ransomware group has published most of the data it claimed to have stolen from the British Library a month after the attack was disclosed.... [...]
Acts under the guise of protecting the public from fraud, yet history suggests Home Office has other motives The UK government plans to introduce new legislation to ban SIM farms, which it views as a widely abused means for carrying out cyber fraud.... [...]
Planning portal back online with a more secure connection Reading Borough Council has securely restored its planning portal after facing criticism for recommending questionable tech security practices to users.... [...]
A few low-level stragglers remain on the loose, but biggest fish have been hooked International law enforcement investigators have made a number of high-profile arrests after tracking a major cybercrime group for more than four years.... [...]
Mitigations require mix of updating libraries and manual customer action ownCloud has disclosed three critical vulnerabilities, the most serious of which leads to sensitive data exposure and carries a maximum severity score.... [...]
Also: NXP China attack, Australia can't deliver on ransom payment ban (yet), and Justin Sun's very bad month Infosec in Brief Cybercriminals working out of Russia go to great lengths to conceal their real identities, and you won't ever find the state trying to unmask them either – as long …
Web storefront maker fixed the flaw, but not before blasting infoseccer The owner of the e-commerce store management system OpenCart has responded with hostility to a security researcher disclosing a vulnerability in the product.... [...]
One of US's largest underwriters forced to shut down a number of key systems Fortune 500 insurance biz Fidelity National Financial (FNF) has confirmed that it has fallen victim to a "cybersecurity incident."... [...]
Kim’s cyber cronies becoming more active, sophisticated in attempts to pwn global orgs The national cybersecurity organizations of the UK and the Republic of Korea (ROK) have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks.... [...]
Customers complain of poor comms during huge outage that’s sparked payroll fears A ransomware attack and resulting outages at direct debit collection company London & Zurich has forced at least one customer to take out a short-term loan as six-figure backlogs continue to cause cash flow mayhem.... [...]
Crims drain wallets of marks after letting them in on 'awesome crypto scheme secret' The US has seized nearly $9 million in proceeds generated by exploiting more than 70 victims across the nation in so-called "pig butchering" scams.... [...]
Compromised AWS account led to fears that user info could have been exposed to cybercriminals Sumo Logic has confirmed that no customer data was compromised as a result of the potential security breach it discovered on November 3.... [...]
Any govt staffers who used relocation services over past 24 years could be at risk The government of Canada has confirmed its data was accessed after two of its third-party service providers were attacked.... [...]
Admits to taking phones used for 'code blue' emergencies offline and more An Atlanta tech company's former COO has pleaded guilty to a 2018 incident in which he deliberately launched online attacks on two hospitals, later citing the incidents in sales pitches.... [...]
Crims post passport scans and internal forms up for 'auction' to prove it The Rhysida ransomware group says it's behind the highly disruptive October cyberattack on the British Library, leaking a snippet of stolen data in the process.... [...]
Cybercrime group worried over dwindling payments... didn't they tell them to Always Be Closing? In response to growing frustrations inside the LockBit organization, its leaders have overhauled the way they negotiate with ransomware victims going forward.... [...]
CEO Bob VanKirk makes near-20-year partnership official, teases big things coming to EMEA Channel-focused cybersecurity company SonicWall is buying Virginia-based MSSP Solutions Granted – its first acquisition in well over a decade.... [...]
Ads for Slack and Cisco AnyConnect actually downloaded Nitrogen malware Affiliates of the ALPHV/BlackCat ransomware-as-a-service operation are turning to malvertising campaigns to establish an initial foothold in their victims' systems.... [...]
First time hard figure given on recovery costs for January incident Royal Mail's parent International Distributions Services has revealed for the first time the infrastructure costs associated with its January ransomware attack.... [...]
Exploits come with caveats, but Google says no fixes as user security should do the heavy lifting here Novel weaknesses in Google Workspace have been exposed by researchers, with exploits potentially leading to ransomware attacks, data exfiltration, and password decryption.... [...]
Trying times for incident responders who battle fastest-ever ransomware blitz as attackers keep scrubbing evidence clean Organizations are still failing to implement adequate logging measures, increasing the difficulty faced by defenders and incident responders to identify the cause of infosec attacks.... [...]
Royal alone scored $275M in past year as FBI, other agencies hot on merging trail The FBI and the US govt's Cybersecurity and Infrastructure Security Agency (CISA) have released fresh guidance on the Royal ransomware operation, saying that evidence suggests it may soon undergo a long-speculated rebrand.... [...]
Got a Confluence server? Listen up. Malware said to have wide-ranging capabilities A new backdoor was this week found implanted in the environments of organizations to exploit the recently disclosed critical vulnerability in Atlassian Confluence.... [...]
And the world's getting more and more dangerous The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI).... [...]
Zyxel zero days and nation-state actors (maybe) had a hand in the sector’s worst cybersecurity event on record Danish critical infrastructure faced the biggest online attack in the country's history in May, according to SektorCERT, Denmark's specialist organization for the cybersecurity of critical kit.... [...]