9/25/2024

China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack

U.S. House Bill Addresses Growing Threat of Chinese Cyber Actors

Biden Meets Vietnam Leader to Counter Hanoi’s Ties With China and Russia

Donald Trump Briefed on Suspected Iranian Assassination Plot

OpenAI Chief Technology Officer Mira Murati Says She’s Leaving Artificial Intelligence Company

OpenAI to Become For-Profit Company

Google Paid $2.7 Billion to Bring Back an AI Genius Who Quit in Frustration

Surging AI Demand Could Cause the World’s Next Chip Shortage, Research Says

How Apple and Microsoft’s Trusted Brands Are Being Used to Scam You Online

82% of Phishing Sites Now Target Mobile Devices

Caroline Ellison, Former FTX Executive, Sentenced to 24 Months in Prison

Krebs: Timeshare Owner? The Mexican Drug Cartels Want You

China Claims Taiwan, Not Civilians, Behind Web Vandalism

RansomHub Genius Tries to Put the Squeeze on Delaware Libraries

Modified LockBit and Conti Ransomware Shows up in DragonForce Gang’s Attacks

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

CISA: Hackers Target Industrial Systems Using “Unsophisticated Methods”

Study Finds Many European Car Resellers Fail to Delete Driver Data

Connecting Your Phone to Rental Car Infotainment System? There Is a Big, Hidden Privacy Risk

Pwn2Own Auto Offers $500K for Tesla Hacks

ChatGPT macOS Flaw Could’ve Enabled Long-Term Spyware via Memory Function

Google’s Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52%

Google Sees 68% Drop in Android Memory Safety Flaws Over 5 Years

Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent

9/24/2024

Sweden Accuses Iran of Hacking Text Messaging Service Last Year After Public Koran Burnings

Trump Campaign’s Suspected Iranian Hack May Still Be Happening

U.S. Capitol Hit by Massive Dark Web Cyber Attack: Reports

State Department Cyber Bureau Preps Funding Blitz Aimed at Boosting Allies’ Defenses

Russia-Backed Media Outlets Are Under Fire in the U.S.—but Still Trusted Worldwide

TikTok Blocks Dozens of Kremlin-Backed Media Accounts

How to Spot a North Korean Agent Before They Get Comfy Inside Payroll

Threat Actors Shift to JavaScript-Based Phishing Attacks

Hackers Deploy AI-Written Malware in Targeted Attacks

CrowdStrike Boss Apologises for Global IT Outage

Cybersecurity Incident Affects Arkansas City Water Treatment Facility

The Centers for Medicare & Medicaid Services Says Data Breach Impacted 3.1 Million People

Twilio Purportedly Breached, Nearly 12K Call Records Compromised

AutoCanada Says Ransomware Attack “May” Impact Employee Data

One Point HR Solutions (OH) Data Breach Affects an Unknown Number of Consumers

RomCom Malware Resurfaces With SnipBot Variant

New Octo2 Malware Variant Threatens Mobile Banking Security

Infostealer Malware Bypasses Chrome’s New Cookie-Theft Defenses

Critical Ivanti vTM Auth Bypass Bug Now Exploited in Attacks

9/23/2024

Dozens of Fortune 100 Companies Have Unwittingly Hired North Korean IT Workers, According to Report

U.S. Intelligence Agencies Confirm Russia Is Pushing Fake Videos of Kamala Harris

Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware

Russian Cyber-Attacks Home in on Ukraine’s Military Infrastructure

U.S. Proposes Ban on Chinese, Russian Connected Car Tech Over Security Fears

Microsoft’s Largest Ever Security Transformation Detailed in New Report

Why ‘Never Expire’ Passwords Can Be a Risky Decision

UPS Supplier’s Password Policy Flip-Flops From Unlimited, to 32, Then 64 Characters

Telegram Will Now Hand Over Your Phone Number and IP if You’re a Criminal Suspect

Kaspersky Deletes Itself, Installs UltraAV Antivirus Without Warning

Israeli Tech Sector Resilient but Faces Funding Uncertainty Amid Ongoing War With Hamas Group

How Apple, Google, and Microsoft Can Save Us From AI Deepfakes

Hezbollah Likely to Launch Retaliatory Cyberattack on Israel, Expert Says

Alaska Airlines Reports IT Outage, Disruption in Seattle

‘Cybersecurity Issue’ Takes MoneyGram Offline for Three Days – And Counting

Tewkesbury Borough Council: Cyber Incident ‘Was an Accident – Not an Attack’

Ransomware Attack on Franklin County (KS) Exposed Sensitive Info of Nearly 30,000 Residents

Kryptina Ransomware Resurfaces in Enterprise Attacks By Mallox

Android Malware ‘Necro’ Infects 11 Million Devices via Google Play

New PondRAT Malware Hidden in Python Packages Targets Software Developers

Move Over, Cobalt Strike. Splinter’s the New Post-Exploit Menace in Town

Vulnerabilities Found in Popular Houzez Theme and Plugin

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

Gavin Newsom Vetoes Legislation to Mandate Universal Data Privacy Opt-Outs in California

9/20-22/2024

Ukraine Bans Telegram Use for Government and Military Personnel

Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks

Court Finds Former German Cyber Chief Was Falsely Accused of Associating With Russian Spies

U.S. Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities

Cyber Leaders Struggle to Fill AI Security Jobs

Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable

CISA Boss: Makers of Insecure Software Are the Real Cyber Villains

Companies Face Risk of Huge Fines and Suspensions Under Tough New Cyber Rules in the EU

U.S. Indicts Two, Including One Florida Man, Over Socially Engineered $230M+ Crypto Heist

Clickbaity or Genius? ‘BF Cheated on You’ QR Codes Pop up Across UK

LinkedIn Halts AI Data Processing in UK Amid Privacy Concerns Raised by ICO

Federal Civil Rights Watchdog Sounds Alarm Over DOJ, DHS, and HUD Use of Facial Recognition Technology

Hacker Uses Telegram Chatbots to Leak Data of Top Indian Insurer Star Health

Dell Investigates Data Breach Claims After Hacker Leaks Employee Info

Wells Fargo Clearing Services Notifies Consumers of Recent Data Breach

More Than $44 Million in Cryptocurrency Stolen From Singaporean Platform BingX

Cybercrooks Strut Away With Haute Couture Harvey Nichols Data

Schools Across Lancashire Threatened by Hackers in Cyber Attack

Valencia Ransomware Explodes on the Scene, Claims California City, Fashion Giant, More as Victims

Global ‘Marko Polo’ Infostealer Malware Operation Targets Crypto Users, Gamers

CISA Warns of Actively Exploited Apache HugeGraph-Server Bug

Researcher Reveals ‘Catastrophic’ Security Flaw in the Arc Browser

Windows Server 2025 Previews Security Updates Without Restarts

macOS Sequoia Change Breaks Networking for VPN, Antivirus Software

9/19/2024

First Israel’s Exploding Pagers Maimed and Killed. Now Comes the Paranoia

Your Phone Won’t Be the Next Exploding Pager

Iran Backdoors Planted Across Middle East Telecoms, Government Agencies, Google Says

Long Island County Hack Probe Details History of Cyber Failures

Disney to Stop Using Slack Following Hack That Exposed Company Data

Insecure APIs and Bot Attacks Cost Global Firms $186bn

1 in 10 Orgs Dumping Their Security Vendors After CrowdStrike Outage

Infostealers Cause Surge in Ransomware Attacks, Just One in Three Recover Data

Californians Can Now Add Their Driver’s Licenses to Apple Wallet

No Way? Big Tech’s Endless ‘Lucrative Surveillance’ of Everyone Is Terrible for Privacy, Freedom

Tor Says It’s “Still Safe” Amid Reports of Police Deanonymizing Users

Germany Seizes 47 Crypto Exchanges Used by Ransomware Gangs

Police Dismantles Phone Unlocking Ring Linked to 483,000 Victims

8,000 Claimants Sue Outsourcing Giant Capita Over 2023 Data Breach

Indonesia’s Tax Agency Probes Alleged Personal Data Breach

Altman Plants Notifies Thousands of Data Breach Involving Their SSNs and Medical Information

Elitecare Emergency Room (TX) Notifies Patients of July 2024 Data Breach

Tewkesbury Borough Council in Gloucestershire IT Systems Deemed ‘Safe’ After Cyber Attack

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms

Cryptojacking Gang TeamTNT Makes a Comeback

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails

Clever ‘GitHub Scanner’ Campaign Abusing Repos to Push Malware

Krebs: This Windows PowerShell Phish Has Scary Potential

1 PoC Exploit for Critical RCE Flaw, but 2 Patches From Veeam

Ivanti Warns of Another Critical CSA Flaw Exploited in Attacks

Apple’s New macOS Sequoia Update Is Breaking Some Cybersecurity Tools

Google Password Manager Now Automatically Syncs Your Passkeys

Unexplained ‘Noise Storms’ Flood the Internet, Puzzle Experts

9/18/2024

Hezbollah Devices Explode Again in Lebanon, Raising Fears of Wider Israel Conflict

Walkie-Talkies This Time

Solar Panels and Fingerprint Recognition Devices Used by Hezbollah Fighters

Hezbollah Pager Attack Puts Spotlight on Israel’s Cyber Warfare Unit 8200

Supply-Chain Interference

Europol Taskforce Disrupts ‘Ghost’ Global Criminal Network Through Supply Chain Attack

Germany Seizes Leak Site of ‘Vanir’ Ransomware Operation

Flax Typhoon: U.S. FBI Disrupts Second Chinese Hacking Group, Director Says

Did a Chinese University Hacking Competition Target a Real Victim?

U.S. Says Iran Tried to Influence Election With Messages to Biden Camp With Stolen Info From Trump Campaign

Critical Infrastructure at Risk From Email Security Breaches

DOJ, FBI Need Better Metrics for Tracking Ransomware Disruption Efforts, Audit Finds

Russian Security Firm Dr.Web Disconnects All Servers After Breach

Deja Blues… Ransomware Group LockBit Boasts Once Again of Ransoming IRS-Authorized eFile.com

North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware

New “Raptor Train” IoT Botnet Compromises Over 200,000 Devices Worldwide

Microsoft: Vanilla Tempest Hackers Hit Healthcare With INC Ransomware

X Hacking Spree Fuels “$HACKED” Crypto Token Pump-and-Dump

QR Phishing Scams Gain Motorized Momentum in UK

Krebs: Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Google Street View Images Used For Extortion Scams

GitLab Releases Fix for Critical SAML Authentication Bypass Flaw

Discord Rolls Out End-To-End Encryption for Audio, Video Calls

9/17/2024

Hezbollah Pagers Explode in Apparent Attack Across Lebanon

4,000 Injured, 11 Dead

The Mystery of Hezbollah’s Deadly Exploding Pagers

Hezbollah Vows to Punish Israel After Pager Explosions Across Lebanon

U.S. Looks to Align Security Across Government

CISA Urges Software Devs to Weed out XSS Vulnerabilities

Cyberattacks Plague Health Care. Critics Call the Federal Response ‘Inadequate’

Over Half of Breached UK Firms Pay Ransom

Most Cyber Leaders Fear AI-Generated Code Will Increase Security Risks

AT&T Pays $13 Million FCC Settlement Over 2023 Data Breach

Chinese National Accused by Feds of Spear-Phishing for NASA, Military Source Code

Meta Blocks RT and Other Russian State Media; Kremlin Says It’s ‘Unacceptable’

Pro-Ukraine Hackers Claim Attack on Agency That Certifies Digital Signatures in Russia

Temu Denies Breach After Hacker Claims Theft of 87 Million Data Records

Over 1,000 ServiceNow Instances Found Leaking Corporate KB Data

Construction Firms Breached in Brute Force Attacks on Accounting Software

Aramark myPay Data Breach Affects an Unknown Number of Employees

Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users

Marko Polo Cybercrime Gang Targets Cryptocurrency Users, Influencers With Scams

Ransomware Gangs Now Abuse Microsoft Azure Tool for Data Theft

PKfail Secure Boot Bypass Remains a Significant Risk Two Months Later

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

VMware Patches Remote Make-Me-Root Holes in vCenter Server, Cloud Foundation

9/16/2024

Cybersecurity & the 2024 U.S. Elections

White House to Tackle AI-Generated Sexual Abuse Images

CISA Warns of Windows Flaw Used in Infostealer Malware Attacks

Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

Advanced Phishing Attacks Put X Accounts at Risk

Snowflake Slams ‘More MFA’ Button Again – Months After Ticketmaster, Santander Breaches

Half of UK Firms Lack Basic Cybersecurity Skills

Tech Firm CACI Beefs up Defense Business With $1.28 Bln Azure Summit Deal

Chrome Switching to NIST-Approved ML-KEM Quantum Encryption to Protect Against Quantum TLS Attacks

U.S. Cracks Down on Spyware Vendor Intellexa With More Sanctions

Feds Sentence 12 Crypto Thieves, Including a Florida Man, Behind SIM Swaps, Home Invasions

Pacific Islands Forum Investigating Cyberattack on Networks by Reported China State Actors

Only U.S. Platinum Mine Stillwater Mining Company Confirms Data Breach After Ransomware Claims

Data on Nearly 1 Million NHS Patients Leaked Online Following Ransomware Attack on London Hospitals

German Radio Station Forced to Broadcast ‘Emergency Tape’ Following Cyberattack

The Maids International Notifies Consumers of the January 2024 Data Breach

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

Windows Vulnerability Abused Braille “Spaces” in Zero-Day Attacks

Exploit Code Released for Critical Ivanti RCE Flaw, Patch Now

Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution

D-Link Fixes Critical RCE, Hardcoded Password Flaws in WiFi 6 Routers

9/13-15/2024

Malicious Actors Spreading False U.S. Voter Registration Breach Claims

State Dept: Russia’s RT News Agency Has ‘Cyber Operational Capabilities,’ Assists in Military Procurement

How a U.S. Spy Tapped Into Russian Communication Lines

Krebs: The Dark Nexus Between Harm Groups and ‘The Com’

Nightsleeper: Could a Cyber Hack Derail a Train in Real Life?

Hardware Supply Chain Threats Can Undermine Endpoint Infrastructure

Largest Crypto Exchange in Indonesia Indodax Pledges to Reimburse Users After $22 Million Theft

23andMe Agrees to Pay $30 Million to Settle Lawsuit Over Massive Data Breach

Cambodian Senator Sanctioned by U.S. Over Alleged Forced Labor Cyber-Scam Camps

Apple Seeks Dismissal of Its NSO Group Lawsuit, Citing Risk of Exposing ‘Vital Security Information’

Meta to Resume Plans to Harness UK Users’ Social Media Posts for AI Model Training

Feeld Dating App’s Security Too Open-Minded as Private Data Swings Into Public View

Port of Seattle Hit by Rhysida Ransomware in August Attack

RansomHub Claims Kawasaki Cyberattack, Threatens to Leak Stolen Data

Atrium Health Apologizes After Employees Fall For Phishing Attack; Patient Info May Have Been Exposed

Shamrock Trading Corporation Announces May 2024 Data Breach

TfL Requires In-Person Password Resets for 30,000 Employees After Hack

Johnson County Board of Education (TN) Loses $3.4 Million to a Fake Curriculum Vendor

Malware Locks Browser in Kiosk Mode to Steal Google Credentials

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

9/12/2024

The U.S. Is Preparing Criminal Charges in Iran Hack Targeting Trump

Chinese-Made Port Cranes in U.S. Included ‘Backdoor’ Modems, House Report Says

Microsoft Is Building New Windows Security Features to Prevent Another CrowdStrike Incident

Apple Vision Pro’s Eye Tracking Exposed What People Type

Hacker Tricks ChatGPT Into Giving Out Detailed Instructions for Making Homemade Bombs

BT Spots 2,000 Potential Attacks on Its Network a Second

Google Chrome Makes It Easier to Opt out of Annoying Notifications on Android

Why Credit Card Fraud Alerts Are Rising, and How Worried You Should Be About Them

Mastercard Bolsters Threat Intelligence Capabilities With $2.65 Billion Deal for Recorded Future

Cyber Intelligence Company Strider Raises $55 Million in Funding

Hospital System to Pay $65 Million for Dark Web Data Leak, Including Images of Nude Cancer Patients

TfL Confirms Customer Data Breach, 17-Year-Old Suspect Arrested

U.S. Sanctions Cambodian Tycoon for Alleged Human Trafficking to Cyber Scam Centers

Fortinet Confirms Data Breach After Hacker Claims to Steal 440GB of Files

I Stole 20GB of Data From Capgemini – And Now I’m Leaking It, Says Cyber-Crook

Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

Socially Savvy Scattered Spider Traps Cloud Admins in Web

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide

New Android Malware ‘Ajina.Banker’ Steals Financial Data and Bypasses 2FA via Telegram

‘Hadooken’ Linux Malware Targets Oracle WebLogic Servers

Hackers Targeting WhatsUp Gold With Public Exploit Since August

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

Open Source Updates Have 75% Chance of Breaking Apps

Schools Face Million-Dollar Bills as Ransomware Rises

Business Email Compromise Costs $55bn Over a Decade

9/11/2024

Cyberattacks on U.S. Utilities Surged 70% This Year, Says Check Point

UK Designates the Data Center Sector Part of Its ‘Critical National Infrastructure’

Hackers Have Sights Set on Four Microsoft Vulnerabilities, CISA Warns

Operational Technology Leaves Itself Open to Cyber-Attack

WordPress.org to Require 2FA for Plugin Developers by October

Apple Intelligence Promises Better AI Privacy for Personal Information . Here’s How It Actually Works

Poland’s Supreme Court Blocks Pegasus Spyware Probe

Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate

So You Paid a Ransom Demand … and Now the Decryptor Doesn’t Work

How Law Enforcement’s Ransomware Strategies Are Evolving

How $20 and a Lapsed Domain Allowed Security Pros to Undermine Internet Integrity

TD Bank Fined $28 Million for Sharing Inaccurate and Negative Data on Customers

Hunters International Claims Ransom on Chinese Mega-Bank’s London HQ

Japanese Media Giant Kadokawa Investigating Another Reported Data Leak by BlackSuit Hackers

Multiple Popular French Retailers Confirm Hackers Stole Customer Data

NJ Union Reports Cyber Incident May Have Exposed Members’ Private Information

Highline Public Schools Will Reopen Classes — Without Internet — Amid Cyberattack Recovery

Bollinger County (MO) Sheriff Talks About Hack of Facebook Page

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

Major Sales and Ops Overhaul Leads to Much More Activity … For Meow Ransomware Gang

Gallup: Pollster Acts to Close Down Security Threat

Adobe Fixes Acrobat Reader Zero-Day With Public PoC Exploit

Krebs: Bug Left Some Windows PCs Dangerously Unpatched

9/10/2024

Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia

New Portuguese Government to Keep Ban on Chinese 5G Equipment

Thanks, Edward Snowden: You Propelled China to Quantum Networking Leadership

Wix to Block Russian Users Starting September 12

Russia to Spend Over Half a Billion Dollars to Bolster Internet Censorship System

DoJ Distributes 18 and a Half Million Dollars to Western Union Fraud Victims

Crypto Scams Rake in Five and Three-Fifths of a Billion Dollars a Year for Cyberscum Lowlifes, FBI Says

WhatsApp’s ‘View Once’ Could Be ‘View Whenever’ Due To a Flaw

Gallup Poll Bugs Open Door to Election Misinformation

Cyber Staffing Shortages Remain CISOs’ Biggest Challenge

London’s Transit Agency Drops Claim It Has ‘No Evidence’ of Customer Data Theft After Hack

Vista Higher Learning (MA) Data Breach Impacts an Unknown Number of Consumers

CosmicBeetle (aka NoName) Deploys Custom ScRansom Ransomware, Partnering with RansomHub

RansomHub Ransomware Abuses Kaspersky TDSSKiller to Disable EDR Software

New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers

Ivanti Fixes Maximum Severity RCE Bug in Endpoint Management Software

Microsoft September 2024 Patch Tuesday Fixes 4 Zero-Days, 79 Flaws

Microsoft Fixes Windows Smart App Control Zero-Day Exploited Since 2018

Microsoft Fixes Windows Server Performance Issues From August Updates

9/9/2024

Chinese Mustang Panda APT Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

Mustang Panda Use New Data Theft Malware in Gov’t Attacks

TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign

German Intelligence Says Russian GRU Group Behind NATO, EU Cyberattacks

Poland Dismantles Cyber Sabotage Group Linked to Russia, Belarus

Russia’s Top-Secret Military Unit Reportedly Plots Undersea Cable ‘Sabotage’

DDoS Attacks Double With Governments Most Targeted

The Bitcoin ATM Has Emerged as One of Cryptocurrency’s Biggest Threats

U.S. Proposes Requiring Reporting for Advanced AI, Cloud Providers

Technology Causes “Digital Entropy” as Firms Struggle With Governance

What You Need to Know about Grok AI and Your Privacy

U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks

Cyber-Attack on Payment Gateway Slim CD Exposes 1.7 Million Credit Card Details

Data of Nearly 300,000 Exposed in Avis Cyberattack

Highline Public Schools (WA) Closes Schools Following Cyberattack

Ransomware Attack Forces London’s Charles Darwin School to Close and Send Students Home

Kent’s Biggin Hill School Closes Due to Ransomware Attack

Welcome Health (CA) Data Breach Put Confidential Patient Information at Risk

RetailData (VA) Data Breach Affects an Unknown Number of Consumers

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

Quad7 Botnet Targets More SOHO and VPN Routers, Media Servers

Akira Ransomware Actors Exploit SonicWall Bug for RCE

Meta Fixes Easily Bypassed WhatsApp ‘View Once’ Privacy Feature

Ford Seeks Patent for Tech That Listens to Driver Conversations to Serve Ads

9/6-8/2024

U.S. Financial Markets, Public Companies Are a Growing Target for Russian Hackers

Lawmakers Want U.S. to Address Risks Posed by Chinese Agriculture Drones

Despite Cyberattacks, Water Security Standards Remain a Pipe Dream

Researchers Say a Bug Let Them Add Fake Pilots to Rosters Used for TSA Checks

The NSA Has a Podcast—Here’s How to Decode It

Telegram Changes Its Tone on Moderating Private Chats After CEO’s Arrest

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

Russian Authorities Able to Identify Train Saboteur Teen From Anonymous Telegram Account

AI, Growing Data Risks Expand the Role of Chief Privacy Officer

Amid AI Boom, Tech Can’t Afford to Neglect Spending in These IT Areas

Spyware Vendors’ Nebulous Ecosystem Helps Them Evade Sanctions

FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals

YouTube Removes Tenet Media Channel Over Alleged Ties to Russian Disinformation Effort

Therapy Sessions Exposed by Mental Health Care Firm Confidant Health’s Unsecured Database

900,000 on Medicare in Wisconsin Warned of Data Breach from MOVEit

Car Rental Giant Avis Discloses Data Breach Impacting Customers

Transport for London (TfL) Still Affected by ‘Ongoing Cyber Incident’

North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

Sextortion Scam Now Use Your “Cheating” Spouse’s Name as a Lure

SpyAgent Android Malware Steals Your Crypto Recovery Phrases from Images

New RAMBO Attack Steals Data Using RAM in Air-Gapped Computers

GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware

GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

Progress LoadMaster Vulnerable to 10/10 Severity RCE Flaw

Microsoft Office 2024 to Disable ActiveX Controls by Default

Cybersecurity Talent Shortage Prompts White House Action

9/5/2024

WhisperGate: Russian Military Hackers ‘Cadet Blizzard’ Linked to Critical Infrastructure

Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team

Google Searches Are Becoming a Bigger Target of Cybercriminals With the Rise of ‘Malvertising’

Brazil Says Its Resistance to Elon Musk Is Global Example

With Musk’s X Banned in Brazil, Its Users Carve Out New Digital Homes

Why It’s So Hard to Fully Block X in Brazil

UK Signs Council of Europe AI Convention

Musician Charged With $10M Streaming Royalties Fraud Using AI and Bots

Microsoft Removes Revenge Porn From Bing Search Using New Tool

Cyber Spending Rises Modestly While Hacking Threats Evolve

Services Disrupted as Local Council Near GCHQ’s Headquarters Hit by Cyberattack

Penpie DeFi Platform Files Reports With FBI, Singapore Police After $27 Million Crypto Theft

Dr. Daniel Leeman, MD (TX) Notifies 20k+ Patients of Recent Data Breach

OnlyFans Hackers Targeted With Infostealer Malware

New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm

Chinese-Speaking Hacker Group ‘Tropic Trooper’ Targets Human Rights Studies in Middle East

LiteSpeed Cache Bug Exposes 6 Million WordPress Sites to Takeover Attacks

Apache Fixes Critical OFBiz Remote Code Execution Vulnerability

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues

9/4/2024

U.S. Cracks Down on Russian Disinformation Before 2024 Election

U.S. Indicts Two RT Employees for Alleged Russian Disinformation Effort

North Korean Hackers Targets Job Seekers with Fake FreeConference App

Red Teaming Tool MacroPack Abused for Malware Deployment

U.S. Government Set Out to Improve Internet Routing Security

The Japanese Robot Controversy Lurking in Israel’s Military Supply Chain

Telegram Apologizes to South Korea and Takes Down Smutty Deepfakes

Reed Smith Is Latest U.S. Law Firm to Shrink China Presence With Beijing Closure

Copilot for Microsoft 365 Might Boost Productivity if You Survive the Compliance Minefield

European Data Privacy Watchdog Closes Case Against X Over Its Grok AI Bot

Planned Parenthood Confirms Cyber-Attack as RansomHub Threatens to Leak Data

Microchip Technology Confirms Data Was Stolen in Cyberattack

Hospital Sisters Health System (IL) Data Breach Affects an Unknown Number of Patients

Cicada Ransomware May Be a BlackCat/ALPHV Rebrand and Upgrade

Hackers Inject Malicious JS in Cisco Store to Steal Credit Cards, Credentials

Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack

YubiKeys Have an Unfixable Security Flaw — But It’s Difficult to Exploit

Cisco Warns of Backdoor Admin Account in Smart Licensing Utility

Cisco Fixes Root Escalation Vulnerability With Public Exploit Code

Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw

9/3/2024

Spamouflage Trolls Pretend to Be American Patriots on X, TikTok Ahead of U.S. Presidential Election

The U.S. Navy Is Going All in on Starlink

How Navy Chiefs Conspired to Get Themselves Illegal Warship Wi-Fi

Indicted Pair of Foreign Nationals Were Behind Swatting Attack on Cisa Director

Civil Rights Groups Call For Spyware Controls

Inside the Deepfake Porn Crisis Engulfing Korean Schools

Krebs: Sextortion Scams Now Include Photos of Your Home

FTC: Over $110 Million Lost to Bitcoin ATM Scams in 2023

Bitcoin ATM Scammers Stole $65 Million in First Half of 2024

Dutch Data Watchdog Fines Clearview AI $33M for ‘Illegal’ Data Collection

Zscaler Forecasts Annual Results Below Estimates on Weak Cybersecurity Spending

Halliburton Says Hackers Removed Data in August Cyberattack

Over 1.4M Users Exposed in Tracelo Breach

Young Consulting and Blue Shield of California Announce Data Breach

FBI Warns Crypto Firms of Aggressive Social Engineering Attacks from North Korea

Rapid Growth of Password Reset Attacks Boosts Fraud and Account Takeovers

Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

Zyxel Warns of Critical OS Command Injection Flaw in Routers

D-Link Says It is Not Fixing Four RCE Flaws in DIR-846W Routers

Google Releases Pixel Update to Get Rid of Surveillance Vulnerability

9/2/2024

U.S. Authorities Issue RansomHub Ransomware Alert

South Korea Police Investigates Telegram Over Deepfake Porn

Telegram CEO Was ‘Too Free’ on Content Moderation, Says Russian Minister

Verkada Facing $3M Penalty to Federal Trade Commission After Hackers Viewed Sensitive Video Footage

Admins of MFA Bypass Service Plead Guilty to Fraud

German Air Traffic Control Agency Confirms Cyberattack, Says Current Operations Remain Unaffected

Transport for London Discloses Ongoing “Cyber Security Incident”

Business Services Giant CBIZ Discloses Customer Data Breach

Malicious npm Packages Mimicking ‘noblox.js’ Compromise Roblox Developers’ Systems

Ransomware Gangs Pummel Southeast Asia

8/30-9/1/2024

Iranian Hackers Set Up New Network to Target U.S. Political Campaigns

CIA Says It Busted Teen Terror Cell Targeting Taylor Swift in Vienna

How the CIA Tries to Recruit Russians to Spy on Their Country

Tired of Airport Security Queues? SQL Inject Yourself Into the Cockpit, Claim Researchers

CrowdStrike Exec Will Testify to Congress About July’s Global IT Meltdown

Companies Grapple With Expanding Cyber Rules

Researcher Sued for Sharing Data Stolen by Ransomware With Media

Docker-OSX Image Used for Security Research Hit by Apple DMCA Takedown

City of Columbus Sues Man After He Discloses The Severity of Recent Ransomware Attack by Rhysida Group

U.S. Indicts Duo Over Alleged Swatting Spree That Targeted Elected Officials

Telegram: ‘The Dark Web in Your Pocket’

Data Breach at Minnesota Human Services Department May Have Compromised Personal Info of 4,000

Durex India’s Security Lapse Reveals Personal Data of Customers

Toronto School Board Confirms Students’ Info Stolen as LockBit Claims Breach

‘Voldemort’: Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign

North Korean Hackers Exploit Chrome Zero-Day to Deploy Rootkit

New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads

New Malware Masquerades as Palo Alto VPN Targeting Middle East Users

GitHub Comments Abused to Push Password Stealing Malware Masked as Fixes

Cicada3301 Ransomware’s Linux Encryptor Targets VMware ESXi Systems

Don’t Wait for the Next Big Data Breach to Freeze Your Credit

8/29/2024

Russian APT29 Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

North Korean Hackers Launch New Wave of npm Package Attacks

Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32

Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks

Krebs: When Get-Out-The-Vote Efforts Look Like Phishing

Surge in New Scams as Pig Butchering Dominates

Harmful ‘Nudify’ Websites Used Google, Apple, and Discord Sign-On Systems

Dell Attempts to Sell Cybersecurity Firm Secureworks Again, Sources Say

CrowdStrike’s Meltdown Didn’t Dent Its Market Dominance … Yet

Halliburton Cyberattack Linked to RansomHub Ransomware Gang

FBI: RansomHub Ransomware Breached 210 Victims Since February

Brain Cipher Claims Attack on Olympic Venue, Promises 300 GB Data Leak

Irish Wildlife Park Warns Visitors to Cancel Bank Cards After Discovering Cyberattack

USAA Data Breach Affects Over 32k Consumers

Cambodian Scam Giant Handled $49 Billion in Crypto Transactions Since 2021

Fake Palo Alto GlobalProtect Used as Lure to Backdoor Enterprises

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back

How Telecom Vulnerabilities Can Be a Threat to Cybersecurity Posture

8/28/2024

Intel Officials Say They Anticipate More Hacking Attempts as U.S. Election Nears

Notorious Iranian APT33 (aka Peach Sandstorm) Hackers Have Been Targeting the Space Industry With a New Backdoor

Iran’s APT42 (aka Charming Kitten) Operated Fake Human-Resources Firm to Root Out Unfriendly Spies, Researchers Say

Iranian UNC757 (aka Pioneer Kitten) Hackers Work With Ransomware Gangs to Extort Breached Orgs

South Korean Spies Exploit WPS Office Zero-Day

Microsoft Hosts a Security Summit but No Press, Public Allowed

Employee Arrested for Locking Windows Admins Out of 254 Servers in Extortion Plot

Google Increases Chrome Bug Bounty Rewards up to $250,000

U.S. Offers $2.5 Million Reward for Hacker Linked to Angler Exploit Kit

Telegram Founder Pavel Durov Was Wooed and Targeted by Governments

Telegram Repeatedly Refuses to Join Child Protection Schemes

1 in 10 Minors Say Their Friends Use AI to Generate Nudes of Other Kids, Survey Finds

Hundreds of LLM Servers Expose Corporate, Health & Other Online Data

‘Store Now, Decrypt Later’: U.S. Leaders Prep for Quantum Cryptography Concerns

Colorado Contacted Pac-12 About Potential Data Breach Before Loss to Oregon

‘Malfunction’ at Dutch Defense Ministry Datacenter Causing Mass Disruption

Dick’s Sporting Goods Discloses Unauthorized Third-Party Access to Info, Including Some Confidential Data

Seattle-Tacoma Airport Deals With Delays Five Days After Detecting Cyberattack

Play Ransomware Hackers Claim Attack on U.S. Manufacturer Microchip Technology

Norfolk (UK) Poultry Farm Banham Poultry Hit by Cyber-Attack

Essex (UK) Infant School Canvey Island Infant School Hit by Cyber Attack

LummaC2 Infostealer Resurfaces With Obfuscated PowerShell Tactics

PoorTry Windows Driver Evolves Into a Full-Featured EDR Wiper

BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave

Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking

CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution

CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports

Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability

8/27/2024

Krebs: New Versa Director 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Internet Outages Spread Across Ukraine Following Russian Air Strikes on Critical Infrastructure

U.S. Marshals Service Disputes Hunters International Ransomware Gang’s Breach Claims

A Third of Organizations Suffer SaaS Data Breaches

Threat Group ‘Bling Libra’ Pivots to Extortion for Cloud Attacks

Microsoft Security Tools Questioned for Treating Employees as Threats

Intel’s Software Guard Extensions Broken? Don’t Panic

Patchwork of State Privacy Laws Remains After Latest Failed Bid for Federal Law

Notion Exits Russia and Will Terminate Accounts in September

Windows Downdate Tool Lets You ‘Unpatch’ Windows Systems

Park’N Fly Notifies 1 Million Customers of Data Breach

BlackSuit Ransomware Stole Data of 950,000 From Software Vendor Young Consulting

Malware Infiltrates Pidgin Messenger’s Official Plugin Repository

Trionfo Solutions (IL) Announces Data Breach Affecting Over 76k MetLife Plan Holders

MOVEit Hack Exposed Personal Data of Half Million TDECU Users

Microsoft Sway Abused in Massive QR Code Phishing Campaign

macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation

Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot

PoC Exploit for Zero-Click Vulnerability Made Available to the Masses

8/26/2024

NSA Releases Guide to Combat Living Off the Land Attacks

In a Kyiv Hangar, Ukraine Launches a Cyber Range for Everyone

Pavel Durov’s Arrest Leaves Telegram Hanging in the Balance

Telegram’s Durov Still Held by French Police, Franceinfo Reports

Telegram Says Arrested CEO Has ‘Nothing to Hide’ as France Reportedly Extends His Detention

Elon Musk Calls for Release of Telegram Founder Pavel Durov as Arrest Sparks Debate Whether X Owner May Be Next

Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S.

Microsoft: Exchange Online Mistakenly Tags Emails as Malware

The Future of Cybersecurity: Insights From Theresa Payton, Former White House CIO

Researchers Warn of Text Scams That Send Drivers Fake Bills for Highway Tolls

C-Suite Involvement in Cybersecurity Is Little More Than Lip Service

AMD Internal Data Reportedly Offered for Sale

Seattle’s Airport, Seaport Isolate Systems After Cyberattack

31.5 Million Invoices, Contracts, Patient Consent Forms, Documents, and Much, Much More Exposed to the Internet

Patelco Notifies 726,000 Customers of Ransomware Data Breach

Data of Nearly 1,000 People Leaked in St. Helena Cyberattack, City Says

Keystone Pacific Property Management Notifies Consumers of Recent Data Breach

Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms

Critical Flaws in Traccar GPS System Expose Users to Remote Attacks

SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access

Versa Fixes Director Zero-Day Vulnerability Exploited in Attacks

Google Tags a Tenth Chrome Zero-Day as Exploited This Year

8/22-25/2024

The Iranians Who Hacked Trump’s Campaign Have Deep Expertise

Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp

When War Came to Their Country, They Built a Map

Kremlin Blames Widespread Website Disruptions on DDoS Attack; Digital Experts Disagree

Russia Calls for Restrictions on Surveillance Cameras, Dating Apps in Cities Under Attack From Ukraine

Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control

Microsoft to Host CrowdStrike and Others to Discuss Windows Security Changes

Krebs: Local Networks Go Global When Domain Names Collide

AI Copilots Are Making Internal Breaches Easier and Costlier to Defend Against

Companies Prepare to Fight Quantum Hackers

U.S. Charges Karakurt Extortion Gang’s “Cold Case” Negotiator

Russian Laundering Millions for Lazarus Hackers Arrested in Argentina

Suspect in $14 Billion Cryptocurrency Pyramid Scheme Extradited to China

Telegram Messaging App CEO Durov Arrested in France

Content Moderation Failures

A Bank Exec Stole $47 Million for a Crypto Scam, and Now He’s Going to Jail

Why Parents May Want to Start Locking a Child’s Credit at a Very Young Age

Company Fined $1m for Fake Joe Biden AI Calls

YouTube Launches AI Tool to Recover Hacked Accounts

Operating as a Legitimate Business, Greasy Opal’s CAPTCHA Solver Still Serving Cybercrime After 16 Years

University of California Santa Cruz Thought It Would Be a Good Idea to Do a Phishing Test With a Fake Ebola Scare

U.S. Oil Giant Halliburton Confirms Cyberattack Behind Systems Shutdown

Port of Seattle Says It Was Hit with Possible Cyberattack; Outage Affects Airport, Phone Systems

American Radio Relay League Confirms $1 Million Ransom Payment

Qilin Caught Red-Handed Stealing Credentials in Google Chrome

New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining

Cthulhu Stealer Malware Targets macOS With Deceptive Tactics

Hackers Now Use AppDomain Injection to Drop CobaltStrike Beacons

PEAKLIGHT Downloader Deployed in Attacks Targeting Windows with Malicious Movie Downloads

Hackers Steal Banking Creds from iOS, Android Users via PWA Apps

New Linux Malware ‘sedexp’ Hides Credit Card Skimmers Using Udev Rules

Novel Android Malware Steals Card NFC Data For ATM Withdrawals

Backdoor in Mifare Smart Cards Could Open Doors Around the World

Hackers Are Exploiting Critical Bug in LiteSpeed Cache Plugin

Security Flaws in UK Political Party Donation Platforms Exposed

New ‘ALBeast’ Vulnerability Exposes Weakness in AWS Application Load Balancer

Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk

Georgia Tech Sued Over Cybersecurity Violations, DOJ Joins In

Audit Finds Notable Security Gaps in FBI’s Storage Media Management

Hack on North Miami Tests Ransom Payment Bans

8/21/2024

Moscow Detains Scientist Suspected of Carrying out DDoS Attacks on Russia

Russia Tells Citizens to Switch off Home Surveillance Because the Ukrainians Are Coming

Healthcare Hit by a Fifth of Reported Ransomware Incidents

Most Ransomware Attacks Now Happen at Night

FAA Proposes New Cybersecurity Rules for Airplanes

The U.S. Government Wants You—Yes, You—to Hunt down Generative AI Flaws

Australia Calls Off Clearview AI Investigation Despite Lack of Compliance

Critical Thinking AI in Cybersecurity: A Stretch or a Possibility?

Stadiums Are Embracing Face Recognition. Privacy Advocates Say They Should Stick to Sports

How to Freeze Your Credit After a Data Breach

Phrack Hacker Zine Publishes New Edition After Three Years

Financial Services Firm Fined $850K for Violating SEC Cyber Rules

McDonald’s Instagram Page Hacked by Crypto Scammers Who Claim They Stole $700K

110K Domains Targeted in ‘Sophisticated’ AWS Cloud Extortion Campaign

Top U.S. Oilfield Firm Halliburton Hit by Cyberattack, Source Says

Patelco Credit Union Says Personal Info of Customers, Employees Exposed in June Breach

Dental Specialists (MN) Data Breach Affects an Estimated 38,442 People

New MoonPeak RAT Linked to North Korean Threat Group UAT-5394

New macOS Malware TodoSwift Linked to North Korean Hacking Groups

Critical LiteSpeed Cache Plugin Flaw Exposes WordPress Sites

GitHub Enterprise Server Vulnerable to Critical Auth Bypass Flaw

Google Fixes Ninth Chrome Zero-Day Exploited in Attacks This Year

Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data

Microsoft to Roll out Windows Recall to Insiders in October

QNAP Adds NAS Ransomware Protection to Latest QTS Version

8/20/2024

U.S. Warns of Iranian Hackers Escalating Influence Operations

Iranian Group TA453 Launches Phishing Attacks with BlackSmith

An AWS Configuration Issue Could Expose Thousands of Web Apps

Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information

‘Styx Stealer’ Malware Developer Accidentally Exposes Personal Info to Researchers in ‘Critical Opsec Error’

Novel Phishing Method Used in Android/iOS Financial Fraud Campaigns

Former Congressman Santos Admits Identity Theft and Fraud

Man Who Hacked Hawaii State Registry to Forge His Own Death Certificate Sentenced to 81 Months

Don’t Let Your Cash App Get Hacked. Cybersecurity Expert Tips to Safeguard Your Money

August Windows Updates Break Dual Boot on Some Linux Systems

Jewish Home Lifecare Notifies 100,000 Victims of Ransomware Breach

Microchip Technology Says Certain Operations Disrupted by Cyber Incident by ‘Unauthorized Party’

CannonDesign Confirms Avos Locker Ransomware Data Breach

Enroll Confidently (WA) Notifies Consumers of February 2024 Data Breach

Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America

Czech Mobile Users Targeted in New Banking Credential Theft Scheme

Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor

New DNS-Based Backdoor Threat Discovered at Taiwanese University

Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters

8/19/2024

U.S. Intelligence Community Says Iran Responsible for Hack of Trump Campaign

FBI and CISA Assure Public on Election Ransomware Security

Krebs: National Public Data Published Its Own Passwords

National Public Data Insists ‘Only’ 1.3M People Affected by Intrusion

Was Your Social Security Number Leaked to the Dark Web? Use This Tool to Find Out.

Russia-Linked Vermin Hackers Target Ukraine With New Malware Strain

Ukrainian Bank’s Service for Military Donations Targeted by ‘Massive’ DDoS Attack

The Pentagon Is Planning a Drone ‘Hellscape’ to Defend Taiwan

Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group

Columbus Officials Warn Victims, Witnesses After Ransomware Leak of Prosecutor Files

Human Nature Is Causing Our Cybersecurity Problem

Toyota Confirms Breach After Stolen Data Leaks on Hacking Forum

FlightAware Configuration Error Leaked User Data for Years

Cybercriminals Siphon Credit Card Numbers From Oregon Zoo Website

Hackers Linked to $14M Holograph Crypto Heist Arrested in Italy

New UULoader Malware Distributes Gh0st RAT and Mimikatz in East Asia

New Tool Xeon Sender Enables Large-Scale SMS Spam Attacks

Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware

Microsoft Apps for macOS Exposed to Library Injection Attacks

CISA Warns of Jenkins RCE Bug Exploited in Ransomware Attacks

Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group

8/16-18/2024

OpenAI Says Iran Tried to Influence U.S. Elections With ChatGPT

Geopolitical Tensions Drive Explosion in DDoS Attacks

Krebs: NationalPublicData.com Hack Exposes a Nation’s Data

Why Are Organizations Losing the Ransomware Battle?

How the CrowdStrike Tech Outage Reignited a Battle Over the Heart of Microsoft Systems

Chrome Will Redact Credit Cards, Passwords When You Share Android Screen

How Safe Am I Online?—and Other Questions Readers Asked About Cybersecurity

Microsoft Mandates MFA for All Azure Sign-Ins

Azure Domains and Google Abused to Spread Disinformation and Malware

Geofence Warrants Ruled Unconstitutional—but That’s Not the End of It

Unicoin Hints at Potential Data Meddling After G-Suite Compromise

Ransomware Attack on Flint (MI) Affecting City Services as FBI Investigates Incident

North Miami (FL) Works to Restore Services After Cyber Attack

Ransomware Attack on Indian Payment System Traced Back to Jenkins Bug

Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware

New Mad Liberator Gang Uses Fake Windows Update Screen to Hide Data Theft

New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems

Attackers Exploit Public .env Files to Breach Cloud Accounts in Extortion Campaign

CISA Warns Critical SolarWinds RCE Bug is Exploited in Attacks

8/15/2024

U.S. Lawmakers Urge Probe of WiFi Router Maker TP-Link Over Fears of Chinese Cyber Attacks

Russia’s FSB Behind Massive Phishing Espionage Campaign

New Cyber Threat Targets Azerbaijan and Israel Diplomats, Stealing Sensitive Data

Meta Warns of Troll Networks From Russia, Iran Ahead of U.S. Elections

Inside the $93 Million Wall Street Heist That Stemmed From Russia

Pakistan’s Internet Firewall Could Cost Economy $300 Million, Association Says

Ransomware Gangs Rake in More Than $450 Million in First Half of 2024

T-Mobile Fined $60 Million to Settle Alleged National Security Violations

Hearing about Leaked Social Security Numbers? Don’t Panic

Cyber-Criminals Exploited Paris Olympics With Fake Domains

Fraser Child and Family Center (MN) Notifies 67k of Recent Data Breach

Advanced ValleyRAT Campaign Hits Windows Users in China

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks

New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining

Google Pixel Phones Sold With Security Vulnerability, Report Finds

Microsoft Disables Recent BitLocker Security Fix, Advises Manual Mitigation

Microsoft Removes FAT32 Partition Size Limit in Windows 11

8/14/2024

Russia’s Critics Targeted With Global Hacking Campaign, Rights Group Says

China-Backed Earth Baku Expands Cyber Attacks to Europe, Middle East, and Africa

APT42: A Single Iranian Hacker Group Targeted Both Presidential Campaigns, Google Says

Large-Scale Cyber Attack Cripples Iranian Banks

DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals

NIST Releases First Encryption Tools to Resist Quantum Computing

The Weirdest ‘3 Billion People’ Data Breach Ever

German Cyber Agency Wants Changes in Microsoft, CrowdStrike Products After Tech Outage

Texas Sues GM for Selling Driver Data to Analytics, Insurance Companies

Russian Who Sold 300,000 Stolen Credentials Gets 40 Months in Prison

AutoCanada Discloses Cyberattack Impacting Internal IT Systems

Copiah-Lincoln Community College (MS) Data Breach Affects 53,628 People

Cyber-Attack Spreads Phishing Scam Across Greater Manchester Areas

New Phishing Attack Uses Sophisticated Infostealer Malware

Black Basta-Linked Attackers Target Users with SystemBC Malware

GitHub Actions Artifacts Found Leaking Auth Tokens in Popular Projects

High-End Racing Bikes Are Now Vulnerable to Hacking

Your Gym Locker May Be Hackable

Zero-Click Windows TCP/IP RCE Impacts All Systems with IPv6 Enabled, Patch Now

SolarWinds Fixes Critical RCE Bug Affecting all Web Help Desk Versions

8/13/2024

FBI Probing Alleged Iran Hack Attempts Targeting Trump, Biden Camps

Suspected Iranian Hackers Breached Roger Stone’s Personal Email as Part of Effort to Target Trump Campaign

News Outlets Were Leaked Insider Material From the Trump Campaign. They Chose Not to Print It Yet

Musk Claims X Hit by ‘Massive DDoS Attack’ During Trump Interview

Russia Is Pushing Disinformation About Kursk Operation, Ukrainian Officials Say

What We Learned From the Cyberattack on Change Healthcare

Google Says It’s Focusing on Privacy With Gemini AI on Android

Companies Prepare to Fight Quantum Hackers


X Faces GDPR Complaints for Unauthorized Use of Data for AI Training

Prolific Belarusian Cybercriminal Arrested in Spain

CrowdStrike Tries to Patch Things Up With Cybersecurity Industry
3AM Ransomware Stole Data of 464,000 Kootenai Health Patients

Leading Carbon Black Industrial Supplier Orion Loses $60 Million in Business Email Compromise Scam

Gadsden Independent School District (NM) Hit by Ransomware Attack

Roseland Community Hospital (IL) Provides Notice of June 2024 Data Breach

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

Ivanti Warns of Critical vTM Auth Bypass with Public Exploit

Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service

Critical SAP Flaw Allows Remote Attackers to Bypass Authentication

Krebs: Six 0-Days Lead Microsoft’s August 2024 Patch Push

New Windows SmartScreen Bypass Exploited as Zero-Day Since March

8/12/2024

South Korea Says DPRK Hackers Stole Spy Plane Technical Data

Hackers Posing as Ukraine’s Security Service Infect 100 Gov’t PCs

UN Adopts Controversial Cybercrime Treaty
DARPA Awards $14m to Seven Teams in AI Cyber Challenge

CrowdStrike Accepted a ‘Most Epic Fail’ Award at Def Con Hacking Conference

FBI Disrupts the Dispossessor Ransomware Operation, Seizes Servers

Co-Founder of DDoSecrets Was Dark Web Drug Kingpin Thomas White of Silk Road 2.0

Man in Dock Accused of Breaking Hi-Tech Export Controls

As He Retires After Two Decades at Homeland Security, Brandon Wales Reflects on CISA’s Future
Australian Gold Producer Evolution Mining Hit by Ransomware

Swiss Manufacturer Schlatter Group Investigating Ransomware Attack That Shut Down IT Network

Baxter International (IL) Notifies Consumers of June 2024 Data Breach

Attacker Steals Personal Data of 200K+ People With Links to Arizona Tech School

Vulnerability in Windows Driver Leads to System Crashes

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems

FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

Tackling Vulnerabilities & Errors Head-on for Proactive Security

8/9-11/2024

Trump Campaign Says Its Internal Messages Hacked by Iran

Iran Targeting U.S. Elections Using Fake News, Cyberattacks: Microsoft

Chinese Hacking Groups Target Russian Government, IT Firms

Russians Team up With Young, English-Speaking Hackers for Cyberattacks

Russia Blocks Signal for ‘Violating’ Anti-Terrorism Laws

Fake X Content Warnings on Ukraine War, Earthquakes Used as Clickbait

Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them All

Apple Prototypes and Corporate Secrets Are for Sale Online—If You Know Where to Look

The Hacker Who Hunts Video Game Speedrunning Cheaters

GPS Spoofers ‘Hack Time’ on Commercial Airlines, Researchers Say

ATM Software Flaws Left Piles of Cash for Anyone Who Knew to Look

Cyber Companies Report Mixed Results as Security Budgets Prove Challenging

OpenAI Leadership Split Over In-House AI Watermarking Technology

How a Cybersecurity Researcher Befriended, Then Doxed, the Leader of LockBit Ransomware Gang
CSC ServiceWorks Discloses Data Breach After 2023 Cyberattack

Hackers Leak 2.7 Billion Data Records With Social Security Numbers

Ohio School Boards Association Suffers From a Cyber Attack

Local Gov’ts in Texas, Florida Hit with Ransomware as Cyber Leaders Question Best Path Forward

New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions

Threat Actors Favor Rclone, WinSCP and cURL as Data Exfiltration Tools

Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users

Experts Uncover Severe AWS Flaws Leading to RCE, Data Theft, and Full-Service Takeovers

Hackers Leak 2.7 Billion Data Records With Social Security Numbers

Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE

New AMD SinkClose Flaw Helps Install Nearly Undetectable Malware

Google Researchers Found Nearly a Dozen Flaws in Popular Qualcomm Software for Mobile GPUs

8/8/2024

Russian Spies Hacked UK Government Systems Earlier This Year, Stole Data and Emails

U.S. Elections Have Never Been More Secure, Says CISA Chief

U.S. ‘Laptop Farm’ Man Accused of Outsourcing His IT Jobs to North Korea to Fund Weapons Programs

Tricky Web Timing Attacks Are Getting Easier to Use—and Abuse

Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes

Microsoft’s AI Can Be Turned Into an Automated Phishing Machine

Krebs: Cybercrime Rapper Sues Bank over Fraud Investigation

SEC Investigation into Progress MOVEit Hack Ends Without Charges

USPS Text Scammers Duped His Wife, So He Hacked Their Operation

Delta Shrugs Off Criticism, Says Damages Caused by CrowdStrike Outage Total at Least $500 Million

Cybersecurity Firm Trend Micro Explores Sale, Sources Say
ADT Admits Security Breach After Hackers Advertise Stolen Data on the Dark Web

Hackers Return $12 Million Taken During Ronin Network Breach

Russia’s Kursk Region Suffers ‘Massive’ DDoS Attack Amid Ukraine Offensive

North Korea Kimsuky Launch Phishing Attacks on Universities

Phishing Attack Exploits Google, WhatsApp to Steal Data

Cisco Warns of Critical RCE Zero-Days in End of Life IP Phones

Exploit Released For Cisco SSM Bug Allowing Admin Password Changes

CISA Warns of Hackers Abusing Cisco Smart Install Feature

CISA Warns About Actively Exploited Apache OFBiz RCE Flaw

Hackers Have Exploited An 18-Year-Old ‘0.0.0.0-Day’ Loophole In Safari, Chrome And Firefox

8/7/2024

A Flaw in Windows Update Opens the Door to Zombie Exploits

Microsoft 365 Anti-Phishing Feature Can Be Bypassed With CSS

CrowdStrike Blames Test Software for Taking Down 8.5 Million Windows Machines

Delta Passengers Sue Airline for Refusing Refunds After Massive Computer Outage

Ireland’s DPC Takes Twitter to Court Over AI User Data Concerns

The Business World Is Obsessed With AI but Company Leaders Ignore Cybersecurity at Their Peril

UK IT Provider Faces $7.7 Million Fine for 2022 Ransomware Breach

Google Chrome Will Let You Send Money to Your Favourite Website

Knostic Wins 2024 Black Hat Startup Spotlight Competition
Port of Tyne Website Hit by Cyber Attack

McLaren Hospitals Disruption Linked to Inc Ransomware Attack

New CMoon USB Worm Targets Russians in Data Theft Attacks

New Go-based Backdoor GoGra Targets South Asian Media Organization

Royal Ransomware Successor BlackSuit Has Demanded More Than $500 Million

Chameleon Android Banking Trojan Targets Users Through Fake CRM App

Critical Progress WhatsUp RCE Flaw Now Under Active Exploitation

Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

Apple’s New macOS Sequoia Tightens Gatekeeper Controls to Block Unauthorized Software

8/6/2024

Cyberattack and Tropical Storm Debby Disrupt Blood Supply

A New Plan to Break the Cycle of Destructive Critical Infrastructure Hacks

Microsoft Says Delta Ignored Satya Nadella’s Offer of CrowdStrike Help

Google Violated U.S. Antitrust Laws to Maintain Dominance Over Online Search, Judge Says

How Google’s Huge Defeat in Antitrust Case Could Change How You Search the Internet

What Google’s Antitrust Defeat Means for the Search Giant and Its Partner Apple

A Microsoft Victory and Mozilla Defeat: The Fallout From Google’s Antitrust Saga

Abnormal Security, Valued at $5.1 Billion Amid Email Security Push, Eyes Eventual IPO

Police Recover Over $40m Headed to BEC Scammers
Nearly 40 French Museums Hit By Ransomware Attack

Mobile Guardian Hack Leads to 13,000 Student Devices Wiped in Singapore

Sumter County (FL) Sheriff’s Office Hit by Ransomware Attack

Northwest Arkansas Community College Delays Fall Classes After Ransomware Attack

Ronin Bridge Paused, Restarted After $12M Drained in Whitehat Hack

Krebs: Low-Drama ‘Dark Angels’ Reap Record Ransoms

North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry

Samsung to Pay $1,000,000 for Rces on Galaxy’s Secure Vault

Proton VPN Adds ‘Discreet Icons’ to Hide App on Android Devices

8/5/2024

North Korean Hackers Exploit VPN Update Flaw to Install Malware

CrowdStrike Is Sued by Fliers After Massive Outage Disrupts Air Travel

CrowdStrike Says It’s Not to Blame for Delta’s Days-Long Outage

CrowdStrike: Delta Air Lines Refused Free Help to Resolve IT Outage

Companies Sue Tech Firms After Outages, but It’s an Uphill Battle

Every Microsoft Employee Is Now Being Judged on Their Security Work

Hacked, Scammed, Exposed: Why You’re One Step Away From A Major Disaster Online

TikTok Withdraws Lite Rewards Program from EU Over Child Safety Fears

China Starts Testing National Cyber-ID Before Consultation on the Idea Closes

Replacement for Action Fraud, Uk’s Cybercrime Reporting Service, Delayed Again Until 2025

Singapore Police Wrest Back $41 Million Stolen From Commodities Firm in Bec Scam
New Android Trojan “BlankBot” Targets Turkish Users’ Financial Data

Kazakh Organizations Targeted by ‘Bloody Wolf’ Cyber Attacks

Keytronic Reports Losses of Over $17 Million After Ransomware Attack

Calibrated Healthcare (CA) Notifies Healthcare Patients of Recent Data Breach

Hunters International Ransomware Targets IT Workers With New SharpRhino Malware

New LianSpy Malware Hides by Blocking Android Security Feature

Sneaky SnakeKeylogger Slithers Into Windows Inboxes to Steal Sensitive Secrets

Researchers Uncover Flaws in Windows Smart App Control and SmartScreen

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

Critical Vulnerability in Apache OFBiz Requires Immediate Patching

Google Fixes Android Kernel Zero-Day Exploited in Targeted Attacks

8/2-4/2024

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

Sensitive Illinois Voter Data Exposed by Contractor’s Unsecured Databases

Social Media Firms Fail to Protect Children’s Privacy, Says UK ICO

Krebs: U.S. Trades Cybercriminals to Russia in Prisoner Swap

Who Ya’ Gonna Call? Why IoT Companies Should Embrace Vulnerability Disclosure Programs

Why the Market’s Most-Regulated Companies Need Military-Grade Cybersecurity

U.S. Expected to Propose Barring Chinese Software in Autonomous Vehicles

Five Chinese Nationals Arrested by Feds for ‘Massive’ Elder Fraud Scheme

Cryptonator Seized for Laundering Ransom Payments, Stolen Crypto

DuckDuckGo Blocked in Indonesia Over Porn, Gambling Search Results
Israeli Hacktivist Group ‘WeRedEvils’ Brags It Took Down Iran’s Internet

‘StormBamboo’ Hackers Breach ISP to Poison Software Updates With Malware

Hackers Directly Email Customers of Immigration Firm After Damaging Cyberattack

Fake AI Editor Ads on Facebook Push Password-Stealing Malware

Surge in Magniber Ransomware Attacks Impact Home Users Worldwide

Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication

Linux Kernel Impacted by New Slubstick Cross-Cache Attack

Legendary Rom Hacking Site RomHacking.net Shutting Down After Almost 20 Years

8/1/2024

U.S. Releases Russian Hackers and Spies as Part of Prisoner Swap That Includes Evan Gershkovich & Paul Whelan 

Putin’s Trader: How Russian Hackers Stole Millions From U.S. Investors

A $500 Open Source Tool Lets Anyone Hack Computer Chips With Lasers

Delta CEO: ‘When Was the Last Time You Heard of a Big Outage at Apple?

CISA Names Lisa Einstein as Its First Chief AI Officer

He Was an FBI Informant—and Inspired a Generation of Violent Extremists

Scam Platform Shut Down by UK Authorities After 1.8 Million Fraudulent Calls

Tech Support Scam Ring Leader Gets 7 Years in Prison, $6M Fine

Australian Companies Will Soon Need to Report Ransom Payments
Taiwan Government-Backed Research Organization Targeted by APT41 Hackers

Cencora Confirms Patient Data Stolen in Cyber-Attack

Rhysida Ransomware Group Takes Credit for Columbus Cyberattack, Auctions Stolen Data

Hennepin County (MN) Sheriff’s Office Is Responding to Data Breach

FBI Warns of Scammers Posing as Crypto Exchange Employees

RansomEXX Group Targets Indian Banking With New Tactics

Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform Stack Exchange

Hackers Abuse Free TryCloudflare to Deliver Remote Access Malware

Twilio Kills off Authy for Desktop, Forcibly Logs Out All Users

7/31/2024

Urgent Blood Donation Appeal Issued in U.S. After Critical OneBlood Ransomware Attack

DDoS Attack Triggers New Microsoft Global Outage

‘Error’ in Microsoft’s DDoS Defenses Amplified 8-hour Azure Outage

Swiss Stock Exchange Suffers Hours-Long Outage After Data Glitch

CISA and FBI: DDoS Attacks Won’t Impact U.S. Election Integrity

Krebs: Don’t Let Your Domain Name Become a “Sitting Duck”

Credit Card Users Get Mysterious shopify-charge.com Charges

Can GPT-4o Be Trusted With Your Private Data?

Meta to Pay Texas $1.4bn for Unlawful Biometric Data Capture

CrowdStrike Is Sued by Shareholders Over Huge Software Outage

Russia Legalizes Cryptocurrency Mining as Ongoing Global Sanctions Continue to Disrupt Traditional Finances

Germany Summons Chinese Ambassador Over Cyberattack on Cartography Agency
World Leading Silver Producer Fresnillo Discloses Cyberattack

Ransomware Attack Forces Hundreds of Small Indian Banks Offline, Sources Say

Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware

Fraud Ring Pushes 600+ Fake Web Shops via Facebook Ads

New SMS Stealer Malware Targets Over 600 Global Brands

New PyPI Package Zlibxjson Steals Discord, Browser Data

Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes

New Android Malware ‘BingoMod’ Wipes Your Device After Draining Bank Accounts

Google Ads Push Fake Google Authenticator Site Installing Malware

DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight

No Really, What Cybersecurity Requirements and Standards Does My Company Need to Follow and Why?

7/30/2024

Russia, Moldova Targeted by Obscure Hacking Group in New XDSpy Cyberespionage Campaign

New SideWinder Cyber Attacks Target Maritime Facilities in Multiple Countries

U.S. Senate Bill Would Radically Improve Voting Machine Security

UK ICO Slams Electoral Commission for Basic Security Failings

Stolen GenAI Accounts Flood Dark Web With 400 Daily Listings

‘LockBit of Phishing’ EvilProxy Used in More Than a Million Attacks Every Month

Just One in 10 Attacks Flagged By Security Tools

Cybersecurity Firm Tenable Is Exploring a Potential Sale

Delta Hires David Boies to Seek Damages From CrowdStrike, Microsoft After Outage

Malaysia Is Working on an Internet ‘Kill Switch’, Says Minister
Sophisticated Phishing Campaign Targets Microsoft OneDrive Users

Black Basta Ransomware Switches to More Evasive Custom Malware

Dark Angels Ransomware Receives Record-Breaking $75 Million Ransom

Cybercriminals Target Polish Businesses with Agent Tesla and Formbook Malware

VMware ESXi Flaw Exploited by Ransomware Groups for Admin Access

New Specula Tool Uses Outlook for Remote Code Execution in Windows

Google Chrome Adds App-Bound Encryption to Block Infostealer Malware

DigiCert Mass-Revoking TLS Certificates Due to Domain Validation Bug

‘The Worst Thing You Can Do’ After a Data Breach, According to a Cybersecurity Expert

7/29/2024

Saboteurs Cut Internet Cables in Latest Disruption During Paris Olympics

Quad Foreign Ministers Decry Dangerous South China Sea Actions

Another European Parliament Member Says He’s Been Targeted With Commercial Spyware

Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails

Krebs: Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

How Infostealers Pillaged the World’s Passwords

Meta’s AI Safety System Defeated by the Space Bar

Apple iOS 18.1 Beta Previews Apple Intelligence For the First Time

Former Avaya Employee Gets 4 Years for $88M License Piracy Scheme
Pro-Ukrainian Hackers Claim Attack on Russian Cyber Company

Intruders at HealthEquity Rifled Through Storage, Stole 4.3M People’s Data

HairClub for Men Notifies Consumers of October 2023 Data Breach

Town of Summerville (SC) Says Sensitive Data May Have Been Stolen During Recent Cyberattack

Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site

Mandrake Spyware Infects 32,000 Devices Via Google Play Apps

Walmart Discovers New PowerShell Backdoor Linked to Zloader Malware

Hotjar, Business Insider Vulnerabilities Expose OAuth Data Risks

7/26-28/2024

Attack on Train System Highlights Broad Array of Security Threats to Paris Olympics

ECB’s Cyber Security Test Shows ‘Room for Improvement’ for Banks

CrowdStrike Says Over 97% of Windows Sensors Back Online

Hacktivists Claim Leak of CrowdStrike Threat Intelligence

CrowdStrike Warns of New Phishing Scam Targeting German Customers

Microsoft Calls for Windows Changes and Resilience After CrowdStrike Outage

Secure Boot Is Completely Broken on 200+ Models From 5 Big Device Makers

Why You Should Avoid Use of One-Time Passwords Sent by Text

The Personal Cybersecurity Concierge Is a New Perk, and Need, Among the Wealthy

Despite Bans, AI Code Tools Widespread in Organizations

X Begins Training Grok AI With Your Posts, Here’s How to Disable
Russian Ransomware Gangs Account for 69% of All Ransom Proceeds

FBCS Data Breach Impact Now Reaches 4.2 Million People

Private Health Information of More Than 1,600 UAB Patients Exposed on Postcards

Allcare Medical Management (CA) Data Breach Affects Patients of FPA Women’s Health

Synnovis Restores Systems After Cyber-Attack, But Blood Shortages Remain

Casper Network Halts Operations Following Security Breach

Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining

Crypto Exchange Gemini Discloses Third-Party Data Breach

Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials

WhatsApp for Windows Lets Python, PHP Scripts Execute With No Warning

Acronis Warns of Cyber Infrastructure Default Password Abused in Attacks

7/25/2024

North Korean APT45 Hackers Stealing Military Secrets, Say U.S. and Allies

At the Olympics, AI Is Watching You

Las Vegas Transit System Is Nation’s First to Plan Full Deployment of AI Surveillance System for Weapons

CrowdStrike Offers a $10 Apology Uber Eats Gift Card to Say Sorry for Outage

Insurers Brace for Claims From Global Tech Outage

‘Innovative’ £9.27m Shared Workspace Opens in Town

Kaspersky Says Uncle Sam Snubbed Proposal to Open up Its Code for Third-Party Review

Uncle Sam Accuses Florida Man Telco IT Pro of Decade-Long Spying Campaign for China

U.S. Offers $10M for Tips on DPRK Hacker Linked to Maui Ransomware Attacks

French Police Push PlugX Malware Self-Destruct Payload to Clean PCs
Belarus-Linked Hackers Target Ukrainian Orgs With PicassoLoader Malware

Pro-Palestinian Actor Levels 6-Day DDoS Attack on UAE Bank

Columbus (OH) Reports Cyber Incident as Multiple Cities Recover From Ransomware Attacks

Futurity First Insurance (CT) Provides Notice of November 2033 Data Breach

Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

Progress Warns of Critical RCE Bug in Telerik Report Server

Critical ServiceNow RCE Flaws Actively Exploited to Steal Credentials

PKfail Secure Boot Bypass Lets Attackers Install UEFI Malware

CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software

7/24/2024

North Korean Hackers Targeted Cybersecurity Firm KnowBe4 with Fake IT Worker

Major Russian Banks Hit with DDoS Attacks as Ukraine Claims Responsibility

CrowdStrike Blames Test Software for Taking Down 8.5 Million Windows Machines

No Sign Microsoft Plans to Limit CrowdStrike Access to Windows After Outage, Source Says

This Machine Exposes Privacy Violations

Chrome Adds New Warnings and Cloud Scanning for Suspicious Downloads

Google Criticized for Abandoning Cookie Phase-Out

Google Chrome Now Warns About Risky Password-Protected Archives

School Gets an F for Using Facial Recognition on Kids in Canteen

BreachForums v1 Database Leak is an OPSEC Test for Hackers

Encrypted Apps Still a Challenge as FBI Probes Trump Shooter’s Devices, Wray Says
Data Pilfered From Pentagon IT Supplier Leidos

Crypto Exchange MonoSwap Has Been Hacked, Warns Users Not to Deposit Funds

Hamster Kombat’s 250 Million Players Targeted in Malware Attacks

Brookfield Zoo (IL) Confirms Data Breach; Employee Information Accessed

Jefferson County (KY) Clerk’s Offices to Remain Closed on Thursday Amid Cyberattack

A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub

Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool

Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers

Docker Fixes Critical 5-Year Old Authentication Bypass Flaw

CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List

Meta Bans 63,000 Accounts Belonging to Nigeria’s Sextortionist Yahoo Boy

7/23/2024

CrowdStrike CEO to Testify About Massive Outage That Halted Flights and Hospitals and More

Inside the 78 Minutes That Took Down Millions of Windows Machines

CrowdStrike’s Botched Tech Update Wasn’t Unique. Are Lessons Ever Learned?

DOT Investigating Delta Over IT Outage Chaos

Fake CrowdStrike Repair Manual Pushes New Infostealer Malware

Russia Shifts Cyber Focus to Battlefield Intelligence in Ukraine

How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter

‘FrostyGoop’

Possible APT28-Linked Hackers Target Ukraine’s Scientific Institutions

Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware

Chinese Hackers Target Taiwan and U.S. NGO with MgBot Malware

Chinese Espionage Group Upgrades Malware Arsenal to Target All Major OS
Greece’s Land Registry Agency Breached in Wave of 400 Cyberattacks

BreachForums v1 Hacking Forum Data Leak Exposes Members’ Info

DeFi Exchange dYdX v3 Website Hacked in DNS Hijack Attack

Red Art Games Hit with Major Cyber Attack

Employer Flexible (TX) Confirms Data Breach Related to myHR Platform

Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files

Google Abandons Plan to Phase Out Third-Party Cookies in Chrome

FTC Launches Probe Into How Companies Use Data to Tailor What Each Customer Pays

Verizon to Pay $16 Million in TracFone Data Breach Settlement

Wiz Rejects Google’s $23 Billion Takeover in Favor of IPO

Krebs: Phish-Friendly Domain Registry “.top” Put on Notice

7/22/2024

CrowdStrike Update That Caused Global Outage Likely Skipped Checks, Experts Say

‘Significant Number’ of Devices Fixed – CrowdStrike

Microsoft Releases a CrowdStrike Recovery Tool – Here’s How It Works

The Pentagon Wants to Spend $141 Billion on a Doomsday Machine

Ransomware Groups Fragment Amid Rising Cybercrime Threats

Cybercrooks Crafting Solo Careers in Wake of Recent Ransomware Takedowns & Disruptions

Police Infiltrates, Takes Down DigitalStress DDoS-For-Hire Service

Spain Arrests Three for Using DDoSia Hacktivist Platform
Los Angeles County Court System Slated to Reopen Tuesday After Ransomware Attack

56K Michigan Medicine Patients’ Information Potentially Exposed in May Cyberattacks

Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking

Play Ransomware Expands to Target VMWare ESXi Environments

PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing

SocGholish Malware Exploits BOINC Project for Covert Cyberattacks

Telegram Zero-Day Allowed Sending Malicious Android APKs as Videos

7/19-21/2024

Major Tech Outage Grounds Flights, Hits Banks and Businesses Worldwide

Krebs: Global Microsoft Meltdown Tied to Bad CrowdStrike Update

IT Teams Scramble to Recover From CrowdStrike Incident as Officials Warn of ‘Risks of Consolidation

CrowdStrike IT Outage Affected 8.5 Million Windows Devices, Microsoft Says

The CrowdStrike Outage and Global Software’s Single-Point Failure Problem

Fast and Automated: Global Tech Outage Shows Hazards of Cloud Software Updates

CrowdStrike Has a New Guidance Hub for Dealing with the Windows Outage

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

Don’t Fall for CrowdStrike Outage Scams

More U.S. Flights Cancelled in Wake of Global Cyber Outage

IT Outage Exposes Fragility of Tech Infrastructure
IDF Has Rebuffed 3 Billion Cyberattacks Since Oct. 7, Colonel Claims

Hackers Are Using Fake Drone Contracts to Infect Ukrainian Defense Enterprises

APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the UK

Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware

Ransomware Attack Shuts Down Los Angeles Superior Court Systems

The Feds Say These Are the Russian Hackers Who Attacked U.S. Water Utilities

Two Russian Nationals Plead Guilty in LockBit Ransomware Attacks

17-Year-Old Linked to Scattered Spider Cybercrime Syndicate, Including MGM Hack, Arrested in UK

DHS Watchdog Rebukes CISA and Law Enforcement Training Center for Failing to Protect Data

DHS Inspector General: Coast Guard Shortcomings Hinder Us Maritime Security

7/18/2024

Von Der Leyen Pledges to Tackle Ransomware Attacks Against EU Hospitals

Chainalysis Launches Public-Private Plans to Crack Down on Crypto Scams

Firms Skip Security Reviews of Major App Updates About Half the Time

SolarWinds Beats Most of U.S. SEC Lawsuit Over Russia-Linked Cyberattack

SolarWinds Fixes 8 Critical Bugs in Access Rights Audit Software

Kaspersky Challenges U.S. Government to Put Up or Shut up About Kremlin Ties

Meta Halts AI Use in Brazil Following Data Protection Authority’s Ban

Alleged ‘Maniac Murder Cult’ Leader ‘Commander Butcher’ Indicted Over Plot to Murder Jews

Hacker Jailed After Jobcentre Suffers Cyber Attacks
UK National Blood Stocks in ‘Very Fragile’ State Following Ransomware Attack

Nearly 13 Million Australians Affected by MediSecure Attack

SAP AI Core Flaws Expose Sensitive Customer Data and Keys

Liverpool Suspend Ticket Sales After Cyber Attack

Indian Crypto Platform WazirX Confirms $230 Million Stolen During Cyberattack

Revolver Rabbit Gang Registers 500,000 Domains for Malware Campaigns

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread World-Wide Attacks

HotPage Malware Hijacks Browsers With Signed Microsoft Driver

Critical Cisco Bug Lets Hackers Add Root Users on SEG Devices

7/17/2024

Paris 2024 Olympics Face Escalating Cyber-Threats

‘Ghostemperor’ Returns: Mysterious Chinese Hacking Group Spotted for First Time in Two Years

China-Linked APT17 Targets Italian Companies with 9002 RAT Malware

North Korean Hackers Update BeaverTail Malware to Target MacOS Users

The U.S. Supreme Court Kneecapped U.S. Cyber Strategy, Now Up to U.S. Congress

Kaspersky Gives U.S. Customers Six Months of Free Updates as a Parting Gift

Data Breaches Highlight Lack of Basic Cyber Controls

Google-Backed Software Developer Gitlab Explores Sale, Sources Say

Craig Wright Admits He Isn’t the Inventor of Bitcoin After High Court Judgment in UK

Training at Black Hat to Focus on Equipping Cybersecurity Leaders With Soft Skills

Global Police Swoop on Black Axe Cybercrime Syndicate
Over 400,000 Life360 User Phone Numbers Leaked via Unsecured API

Yacht Giant MarineMax Data Breach Impacts Over 123,000 People

Hackney Council in London Reprimanded for Failing to Prevent Ransomware Attack

Furniture Giant Bassett Shuts Down Manufacturing Facilities After Ransomware Attack

Shadowroot Ransomware Lures Turkish Victims via Phishing Attacks

Qilin Ransomware’s Sophisticated Tactics Unveiled By Experts

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums

Iraq-Based Cybercriminals Deploy Malicious Python Packages to Steal Data

Cisco SSM On-Prem Bug Lets Hackers Change Any User’s Password

Critical Apache HugeGraph Vulnerability Under Attack – Patch ASAP

Exchange Online Adds Inbound DANE with DNSSEC For Security Boost