Control-C, Control-V, Enter... Hell Crafty criminals are targeting thousands of orgs around the world in social-engineering attacks that use phony error messages to trick users into running malicious PowerShell scripts.... [...]
Two decades in the clink would be quite an education A now-former IT director has pleaded guilty to defrauding the university at which he was employed – and a computer equipment supplier – for $2.1 million over five years.... [...]
Pen-testing tools didn't work – and personal info of folks hit by pandemic started appearing in search engines Two consulting firms, Guidehouse and Nan McKay and Associates, have agreed to pay a total of $11.3 million to resolve allegations of cybersecurity failings over their roll-out of COVID-19 assistance.... [...]
Cybercrime super-souk's Dopenugget and Zero Angel may face life behind bars if convicted The two alleged administrators of Empire Market, a dark-web bazaar that peddled drugs, malware, digital fraud, and other illegal stuff, have been detained on charges related to owning and operating the illicit souk.... [...]
Business as usual needs a real change Feature Microsoft president Brad Smith struck a conciliatory tone regarding his IT giant's repeated computer security failings during a congressional hearing on Thursday – while also claiming the Windows maker is above the rule of law, at least in China.... [...]
Facebook parent calls step forward for privacy a 'step backwards' Meta has caved to European regulators, and agreed to pause its plans to train AI models on EU users' Facebook and Instagram users' posts — a move that the social media giant said will delay its plans to launch Meta …
'It's not our job to find the culprits – That's what we're paying you for' lawmaker scolds Brad Smith Lawmakers on Thursday grilled Microsoft president Brad Smith about the Windows giant's businesses dealing in China — and the super-corp's repeated security failings — at a time when Beijing-backed spies are accused of …
Who tracks the trackers? Life360, purveyor of "Tile" Bluetooth tracking devices and developer of associated apps, has revealed it is dealing with a "criminal extortion attempt" after unknown miscreants contacted it with an allegation they had customer data in their possession.... [...]
Symantec suggests Black Basta crew beat Microsoft to the patch The Black Basta ransomware gang may have exploited a now-patched Windows privilege escalation bug as a zero-day, according to Symantec's threat hunters.... [...]
Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack Patch Tuesday Microsoft kicked off our summer season with a relatively light June Patch Tuesday, releasing updates for 49 CVE-tagged security flaws in its products – including one bug deemed critical, a fairly terrifying …
Mandiant warns criminal gang UNC5537, which may be friendly with Scattered Spider, is on the rampage An unknown financially motivated crime crew has swiped a "significant volume of records" from Snowflake customers' databases using stolen credentials, according to Mandiant.... [...]
Lessons learned from the infosec chief convicted and punished for covering up theft of data from taxi app maker Interview Joe Sullivan – the now-former Uber chief security officer who was found guilty of covering-up a theft of data from Uber in 2016 – remembers sitting down and thinking through the …
Breaking breaking-news news A 4chan user claims to have leaked 270GB of internal New York Times data, including source code, via the notorious image board.... [...]
How's your RPKI-based security plan coming along? Feds want to know US broadband providers will soon have to provide proof to Uncle Sam that they are taking steps to prevent Border Gateway Protocol (BGP) hijacking and locking down internet routing in general.... [...]
But do they get to wear 'I DDoSed' stickers? A Russian hacktivist crew has threatened to attack European internet infrastructure as four days of EU elections begin on Thursday.... [...]
You upgraded when this was fixed in April, right? Right?? If you haven't yet upgraded to version 1.3.0 of Apache HugeGraph, now's a good time because at least two proof-of-concept exploits for a CVSS 9.8-rated remote command execution bug in the open-source graph database have been …
Beware of zero-click malware sliding into your DMs Miscreants exploited a zero-day in TikTok to compromised the accounts of CNN and other big names. The app maker has confirmed there was a cyberattack, and that it has scrambled to secure accounts and prevent any further exploitation.... [...]
Malware code potentially sold off, tweaked, back at it infecting victims RansomHub, a newish cyber-crime operation that has claimed to be behind the theft of data from Christie's auction house and others, is "very likely" some kind of rebrand of the Knight ransomware gang, according to threat hunters.... [...]
Let customers interfere with other tenants? That's our cloud working by design, Redmond seems to say A vulnerability — or just Azure working as intended, depending on who you ask — in Microsoft's cloud potentially allows miscreants to wave away firewall rules and access other people's private web resources.... [...]
Meanwhile Mr Smith goes to Washington to testify before Congress The Pentagon is "doubling down" on its investment in Microsoft products despite the serious failings at the IT giant that put America's national security at risk, say two US senators.... [...]
Cloud storage giant lawyers up against infosec house Analysis Hudson Rock, citing legal pressure from Snowflake, has removed its online report that claimed miscreants broke into the cloud storage and analytics giant's underlying systems and stole data from potentially hundreds of customers including Ticketmaster and Santander Bank.... [...]
Turns out opting out actually works? Billions of records detailing people's personal information may soon be dumped online after being allegedly obtained from a Florida firm that handles background checks and other requests for folks' private info.... [...]
Kremlin-aligned gang used Cloudflare and GitHub resources, and they didn't like that one bit Cloudflare's threat intel team claims to have thwarted a month-long phishing and espionage attack targeting Ukraine which it has attributed to Russia-aligned gang FlyingYeti.... [...]
Source and motive of 'Pumpkin Eclipse' assault unknown Unknown miscreants broke into more than 600,000 routers belonging to a single ISP late last year and deployed malware on the devices before totally disabling them, according to security researchers.... [...]
All that data allegedly going for a song on revived BreachForums Updated Ticketmaster is believed to have had its IT breached by cybercriminals who claim to have stolen 1.3TB of data on 560 million of the corporation's customers – and are now selling all that info for $500,000 …