Threats and Malware
February 2, 2024
Via: The RegisterJoshua Schulte, a former CIA employee and software engineer accused of sharing material with WikiLeaks, was sentenced to 40 years in prison by the US Southern District of New York on Thursday. Schulte was sent down for crimes including espionage, […]
February 2, 2024
Via: The RegisterBlackbaud, which had data on millions of people stolen from it by one or more crooks, has promised to shore up its IT defenses in a proposed deal with the FTC. In announcing the draft settlement, the US watchdog’s boss […]
Threats & Malware, Vulnerabilities
February 2, 2024
Via: The RegisterMastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers. With a 9.4 severity score, exploiting CVE-2024-23832 potentially allows attackers to take over Mastodon accounts remotely. While […]
February 1, 2024
Via: The RegisterThe Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission’s (SEC) strict data breach reporting rule. In a policy statement [PDF] published yesterday by Biden’s Office of Management and Budget (OMB), the […]
Threats & Malware, Virus & Malware
February 1, 2024
Via: The RegisterCyber attacks using AI-generated deepfakes to bypass facial biometrics security will lead a third of organizations to doubt the adequacy of identity verification and authentication tools as standalone protections. Or so says consultancy and market watcher Gartner, as deepfakes dominate […]
Threats & Malware, Vulnerabilities
January 31, 2024
Via: The RegisterSecurity researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations’ systems. In eight of security company TrueSec’s most recent incident response engagements that involved Akira and […]
January 31, 2024
Via: Security AffairsDirect Trading Technologies, an international fintech company, jeopardized over 300K traders by leaking their sensitive data and trading activity, thereby putting them at risk of an account takeover. On October 27th, the Cybernews research team discovered a misconfigured web server […]
Threats & Malware, Vulnerabilities
January 31, 2024
Via: Security AffairsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer Authentication. […]
Threats & Malware, Vulnerabilities
January 30, 2024
Via: The RegisterJuniper Networks has disclosed separate vulnerabilities it was previously accused of concealing, and apologized to customers for the error in communication. The update, which happened late last week, comes hot on the heels of reporting from El Reg that highlighted […]
January 30, 2024
Via: Security AffairsResecurity conducted a thorough scan of the Dark Web and identified over 1,572 compromised customers of RIPE, Asia-Pacific Network Information Centre (APNIC), the African Network Information Centre (AFRINIC), and the Latin America and Caribbean Network Information Center (LACNIC), resulting from […]
Threats & Malware, Virus & Malware
January 29, 2024
Via: The RegisterTrend Micro’s Zero Day Initiative (ZDI) held its first-ever automotive-focused Pwn2Own event in Tokyo last week, and awarded over $1.3 million to the discoverers of 49 vehicle-related zero day vulnerabilities. Researchers from French security outfit Synacktiv took home $450,000 after […]
Threats & Malware, Virus & Malware
January 26, 2024
Via: The RegisterBiotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts. In a collection of […]
January 26, 2024
Via: Security AffairsThe Russian national Vladimir Dunaev (40) has been sentenced in the US to 64 months in prison for his role in the development and distribution of the TrickBot malware. Vladimir Dunaev was extradited to the U.S. in October 2021. Dunaev, […]
Threats & Malware, Vulnerabilities
January 25, 2024
Via: Naked SecurityIn July 2023, our proactive behavior rules triggered on an attempt to load a driver named pskmad_64.sys (Panda Memory Access Driver) on a protected machine. The driver is owned by Panda Security and used in many of their products. Due […]
January 25, 2024
Via: Help Net SecurityCozy Bear (aka Midnight Blizzard, aka APT29) has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise (HPE) have recently disclosed successful attack campaigns by the Russia-affiliated APT group. The Microsoft breach Last Friday, […]
Threats & Malware, Vulnerabilities
January 24, 2024
Via: The RegisterSecurity experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago. Customers were first advised by Fortra on the mitigations for the critical authentication […]
January 24, 2024
Via: The RegisterFor most organizations – especially security vendors – disclosing a corporate email breach, in which executives’ internal messages and attachments were stolen, would noticeably ding their stock prices. But Microsoft apparently doesn’t operate by the laws of Wall Street. Late […]
Threats & Malware, Vulnerabilities
January 24, 2024
Via: SecureWorldOn January 9, during a period of heightened anticipation surrounding the potential approval of Bitcoin exchange-traded funds (ETFs), an unauthorized post appeared on the SEC’s X account claiming the approval had been granted. This triggered a surge in Bitcoin’s price […]
January 23, 2024
Via: The RegisterAustralia’s government has used the “significant cyber incidents” sanctions regime it introduced in 2021 for the first time, against a Russian named Aleksandr Gennadievich Ermakov whom authorities have deemed responsible for the 2022 attack on health insurer Medibank Private. The […]
January 23, 2024
Via: The RegisterA Baltimore man faces a potential maximum 20-year prison sentence after being charged for his alleged role in running an online service that sold personal data which was later used for financial fraud. Chouby Charleron is alleged to be behind […]