But this mystery isn't over yet, Unit 42 opines That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow - exposed way back in November, months earlier than previously suspected.... [...]
Simple denial-of-service blunder turned out to be remote unauth code exec disaster Suspected Chinese government spies have been exploiting a newly disclosed critical bug in Ivanti VPN appliances since mid-March. This is now at least the third time in three years these snoops have been pwning these products.... [...]
Espionage? Botnets? Trying to exploit a zero-day? Someone or something is probing devices made by Juniper Networks and Palo Alto Networks, and researchers think it could be evidence of espionage attempts, attempts to build a botnet, or an effort to exploit zero-day vulnerabilities.... [...]
Organizational, technological resilience combined defeat the disease that is cybercrime When IT disasters strike, it can become a matter of life and death for healthcare organizations – and criminals know it.... [...]
Organizational, technological resilience combined defeat the disease that is cybercrime When IT disasters strike, it can become a matter of life and death for healthcare organizations – and criminals know it.... [...]
Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET The China-aligned FamousSparrow crew has resurfaced after a long period of presumed inactivity, compromising a US financial-sector trade group and a Mexican research institute. The gang also likely targeted a governmental institution in Honduras, along with other yet-to-be-identified …
Ex-US Air Force officer says companies shouldn't wait for govt mandates Interview Former US Air Force cyber officer Sarah Cleveland worries about the threat of a major supply-chain attack from China or another adversarial nation. So she installed solar panels on her house: "Because what if the electric grid …
Despite evidence to the contrary as alleged pilfered info goes on sale Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen.... [...]
So much for that vacation A US Department of Defense electrical engineer has turned his world upside down after printing 155 pages from 20 documents, all of which were marked top secret and classified, from his DoD workspace, brought them home with him – and was collared on his way …
Cyber-crime is officially getting out of hand One of the world's largest sperm banks, California Cryobank, is in a sticky situation.... [...]
Cue deepening existential European dread as Rest of World contemplates Trump turning off the info tap If the United States stopped sharing cyber-threat intel with Ukraine, its European allies and the rest of the Five Eyes nations wouldn't be able to provide all the info Uncle Sam collects, according …
Don't laugh. This kind of warning shows crims are getting desperate Dark web analysts at infosec software vendor Fortra have discovered an extortion crew named Ox Thief that threatened to contact Edward Snowden if a victim didn’t pay to protect its data – a warning that may be an …
More light shed on what went down with Marko Elez, thanks to NY AG and co's lawsuit A now-former DOGE aide violated US Treasury policy by emailing an unencrypted database containing people's private information to two Trump administration officials, according to a court document filed Friday.... [...]
Phishers check in, your credentials check out, Microsoft warns An ongoing phishing campaign disguised as a Booking.com email casts keystroke and credential-stealing malware into hospitality employees' inboxes for financial fraud and theft, according to Microsoft Threat Intelligence.... [...]
Feds warn gang still rampant and now cracked 300+ victims around the world A crook who distributes the Medusa ransomware tried to make a victim cough up three payments instead of the usual two, according to a government advisory on how to defend against the malware and the gangs …
Fewer than 10 known victims, but Mandiant suspects others compromised, too Chinese spies have for months exploited old Juniper Networks routers, infecting the buggy gear with custom backdoors and gaining root access to the compromised devices.... [...]
Power utility GM talks to El Reg about getting that call and what happened next Nick Lawler, general manager of the Littleton Electric Light and Water Departments (LELWD), was at home one Friday when he got a call from the FBI alerting him that the public power utility's network …
Non-password-protected, unencrypted 108GB database... what could possibly go wrong Exclusive More than 86,000 records containing nurses' medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was left sitting in a wide-open misconfigured AWS S3 bucket for months — or possibly even longer …
Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it.... [...]
Experts say that the way you handle things after the criminals break in can make things better or much, much worse Feature Experiencing a ransomware infection or other security breach ranks among the worst days of anyone's life — but it can still get worse.... [...]
$96B in transactions, some even labeled 'dirty funds,' since 2019, say prosecutors The Feds today revealed more details about the US Secret Service-led Garantex takedown, a day after seizing websites and freezing assets belonging to the Russian cryptocurrency exchange in coordination with German and Finnish law enforcement agencies.... [...]
Which is why taking down chiefs and infra behind big name brand operations isn't working Interview There's a handful of cybercriminal gangs that Jason Baker, a ransomware negotiator with GuidePoint Security, regularly gets called in to respond to these days, and a year ago only one of these crews …
Did US Secret Service not get the memo, or? A coalition of international law enforcement has shut down Russian cryptocurrency exchange Garantex, a favorite of now-defunct ransomware crew Conti and others criminals for money laundering.... [...]
Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox US government agencies announced Wednesday criminal charges against alleged members of China's Silk Typhoon gang, plus internet domain seizures linked to a long-term Chinese espionage campaign that saw Beijing hire miscreants to compromise US …
They're good at zero-day exploits, too Updated Silk Typhoon, the Chinese government crew believed to be behind the December US Treasury intrusions, has been abusing stolen API keys and cloud credentials in ongoing attacks targeting IT companies and state and local government agencies since late 2024, according to Microsoft …