News

PLUS: OpenAI bumps bug bounties bigtime; INTERPOL arrests 300 alleged cyber-scammers; And more!

Infosec in brief  Oracle Health appears to have fallen victim to an info stealing attack that has led to patient data stored by American hospitals being plundered.…

Miscreants warming to Delphi, Haskell, and the like to evade detection

Malware authors looking to evade analysis are turning to less popular programming languages like Delphi or Haskell.…

Department director admits Welsh capital's council still trying to get heads around threat of dark web leaks

Cardiff City Council's director of children's services says data was leaked or stolen from the organization, although she did not clarify how or what was pilfered.…

Single click on a phishing link in Google browser blew up sandbox on Windows

Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability, seemingly used by snoops to target certain folks in Russia.…

WOW! DID! SOMEONE! REALLY! STEAL! DATA! ON! 400K! USERS?!

A cyber-crime ring calling itself Arkana has made a cringe music video to boast of an alleged theft of subscriber account data from Colorado-based cableco WideOpenWest (literally, WOW!)…

Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET

The China-aligned FamousSparrow crew has resurfaced after a long period of presumed inactivity, compromising a US financial-sector trade group and a Mexican research institute. The gang also likely targeted a governmental institution in Honduras, along with other yet-to-be-identified victims.…

Researchers say 'proactive' approach is needed to combat global cybercrime

Here's one you don't see every day: A cybersecurity vendor is admitting to breaking into a notorious ransomware crew's infrastructure and gathering data it relayed to national agencies to help victims.…

Screenshot shows company head unhappy, claiming 'real CVE is pending'

CrushFTP's CEO is not happy with VulnCheck after the CVE numbering authority (CNA) released an unofficial ID for the critical vulnerability in its file transfer tech disclosed almost a week ago.…

As if living in Croydon wasn't bad enough

The Metropolitan Police has confirmed its first permanent installation of live facial recognition (LFR) cameras is coming this summer and the lucky location will be the South London suburb of Croydon.…

Data stolen included checklist for medics on how to get into vulnerable people's homes

The UK's data protection watchdog is dishing out a £3.07 million ($3.95 million) fine to Advanced Computer Software Group, whose subsidiary's security failings led to a ransomware attack affecting NHS care.…

So F-18 launch times, weapons, drone support aren't classified now ... who knew?

The Atlantic's editor-in-chief who was inadvertently added to a Signal group in which the US Secretary of Defense, Vice President, and others discussed secret military plans has now publicly released the messages.…

MORSE to pay -- .. .-.. .-.. .. --- -. ... for failing to meet cyber-grade

A US defense contractor will cough up $4.6 million to settle complaints it failed to meet cybersecurity requirements on military contracts and knowingly submitted false claims for payment.…

Victims' details at risk after criminals download 9,000 files from court database

Australian police are currently investigating the theft of "sensitive" data from a New South Wales court system after they confirmed approximately 9,000 files were stolen.…

Bad news about the Linux system monitor may be on the way

Veteran sysadmin and tech blogger Rachel Kroll posted a cryptic warning yesterday about a popular Linux system monitoring tool. Maybe it's better to be safe than sorry.…

Who knew social media stars had a role to play in building national cyber resilience?

The world's biggest brands have benefited from influencer marketing for years – now the UK's National Cyber Security Centre (NCSC) has hopped on the bandwagon to preach two-factor authentication (2FA) to the masses.…

Customers come forward claiming info was swiped from prod

Oracle Cloud's denial of a digital break-in is now in clear dispute. A infosec researcher working on validating claims that the cloud provider's login servers were compromised earlier this year says some customers have confirmed data allegedly stolen and leaked from the database giant is genuine.…

16,000 stolen records pertain to former and active mail subscribers

Infosec veteran Troy Hunt of HaveIBeenPwned fame is notifying thousands of people after phishers scooped up his Mailchimp mailing list.…

Just an FYI, like

Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.…

There's only one rule – don't attack Russia, duh

Check Point has spotted a fresh ransomware-as-a-service crew in town: VanHelsing, touting a cross-platform locker targeting Microsoft Windows, Linux, and VMware ESXi systems, among others. But so far, only Windows machines have fallen victim, we're told.…

Time to update your firmware, if you can, to one with the security fixes, cough cough

DrayTek router owners in the UK and beyond had a pretty miserable weekend after some ISPs began to notice a lot of their customers' gateways going offline.…