News

Org turns its woes into a fundraising opportunity

Despite the Internet Archive's assurances it's back on its feet after a recent infosec incident, the org still appears to be in trouble after parties unknown claimed to hold access tokens to its Zendesk implementation and to have used them to send a mass email blast.…

The static analyzer uses Claude AI to identify vulns and suggest exploit code

Researchers with Seattle-based Protect AI plan to release a free, open source tool that can find zero-day vulnerabilities in Python codebases with the help of Anthropic's Claude AI model.…

Also, new EU cyber reporting rules are live, exploiters hit the gas pedal, free PDNS for UK schools, and more

in brief  A critical security update for the near-ubiquitous WordPress plugin Jetpack was released last week. Site administrators should ensure the latest version is installed to keep their sites secure. …

SIM swappers strike again, warping cryptocurrency prices

An Alabama man faces five years in prison for allegedly attempting to manipulate the price of Bitcoin by pwning the US Securities and Exchange Commission's X account earlier this year.…

Says 'limited' incident isolated to 'partner company'

ESET denies being compromised after an infosec researcher highlighted a wiper campaign that appeared to victims as if it was launched using the Slovak security shop's infrastructure.…

Chipzilla uses WeChat post to defend record of following local laws

Intel has roundly rebutted Chinese accusations that its chips include security backdoors at the direction of the US National Security Agency (NSA).…

'My webcam isn't working today' is the new 'The dog ate my network'

It's a pattern cropping up more and more frequently: a company fills an IT contractor post, not realizing it's mistakenly hired a North Korean operative. The phony worker almost immediately begins exfiltrating sensitive data, before being fired for poor performance. Then the six-figure ransom demands – accompanied by proof of the stolen files – start appearing.…

Propaganda op focuses on anti-West narratives to meddle with elections

The US has placed a $10 million bounty on Russian media network Rybar and a number of its key staffers following alleged attempts to sway the upcoming US presidential election.…

Globe Life claims blackmailers shared stolen into with short sellers

US insurance provider Globe Life, already grappling with legal troubles, now faces a fresh headache: an extortion attempt involving stolen customer data.…

Early stage opsec failures lead to landmark arrest of suspected serial data thief

Brazilian police are being cagey with the details about the arrest of a person suspected to be responsible for various high-profile data thefts.…

No attacks possible, but enough issues to cause concern

Messaging giant WeChat uses a network protocol that the app's developers modified – and by doing so introduced security weaknesses, researchers claim.…

Gang said to have developed its evilware on GitHub – then DDoSed GitHub

Hacktivist gang Anonymous Sudan appears to have lost its anonymity after the US Attorney's Office on Wednesday unsealed an indictment identifying two of its alleged operators.…

Resolves allegations it improperly stored screenshots containing PII that were later snaffled

A US government contractor will settle claims it violated cyber security rules prior to a breach that compromised Medicare beneficiaries' personal data.…

It's called leaving the door wide open – especially in Proxmox

A critical bug in Kubernetes Image Builder could allow unauthorized SSH access to virtual machines (VMs) thanks to default credentials being enabled during the image build process.…

The German car giant appears to be unconcerned

The 8Base ransomware crew claims to have stolen a huge data dump of Volkswagen files and is threatening to publish them, but the German car giant appears to be unconcerned.…

Another blow for IT software house and its customers

A critical, hardcoded login credential in SolarWinds' Web Help Desk line has been exploited in the wild by criminals, according to the US Cybersecurity and Infrastructure Security Agency, which has added the security blunder to its Known Exploited Vulnerabilities (KEV) Catalog.…

Uncle Sam having a secret way into US tech? Say it ain't so

A Chinese industry group has accused Intel of backdooring its CPUs, in addition to other questionable security practices while calling for an investigation into the chipmaker, claiming its products pose "serious risks to national security."…

Find out how to enhance efficiency using Google Security Operations

Webinar  In an era of ever-evolving cyber threats, staying ahead of potential security risks is essential.…

DDoS detectives deduce Mirai used to do the deed, using home entertainment boxes in Korea, China, and Brazil

The Internet Archive has come back online, in slightly degraded mode, after repelling an October 9 DDoS attack and then succumbing to a raid on users' data.…

Also: Crypto-hub Binance helps Delhi police shut down solar power scam

IBM announced on Tuesday it has acquired Prescinto – a Bangalore-based provider of asset performance management software for renewable energy.…