News

No miners were involved in this story

Tor, which stands for The Onion Router, weathered a massive distributed denial-of-service (DDoS) storm from June last year through to May.…

Joins in the chorus of advice to bin the gear instead of trying for a fix

The FBI has warned owners of Barracuda Email Security Gateway (ESG) appliances the devices are likely undergoing attack by snoops linked to China, and removing the machines from service remains the safest course of action.…

The critical rise of generative AI use in ransomware attacks on applications

Webinar  It's a fact of life that ransomware is a constant threat, like a dark cloud on every horizon. Recent research suggests that the volume of attacks has doubled in the last year.…

From BT and Nvidia to Grand Theft Auto 6, pair were on a total tear

Two teenage members of the chaotic Lapsus$ cyber-crime gang helped compromise computer systems of Uber and Nvidia, and also blackmailed Grand Theft Auto maker Rockstar Games among other high-profile victims, a jury has decided.…

Founder Roman Storm cuffed on conspiracy, sanctions busting charges

Two founders of Tornado Cash were formally accused by US prosecutors today of laundering more than $1 billion in criminal proceeds through their cryptocurrency mixer.…

Those weapons programs aren't going to fund themselves

Lazarus Group, the infamous cryptocurrency thieves backed by North Korea, may try to liquidate a stash of stolen Bitcoin worth more than $40 million, according to the FBI.…

IT outfit says it can't — and won't — pay the ransom demand

CloudNordic has told customers to consider all of their data lost following a ransomware infection that encrypted the large Danish cloud provider's servers and "paralyzed CloudNordic completely," according to the IT outfit's online confession.…

Credit-reporting giant disagrees with FTC, will hand over the pocket change to make Feds go away

Experian has agreed to cough up $650,000 after being accused of spamming people with no opt-out button.…

Titan Global Capital Management to pay $1m to those it advised without admitting fault

A New York fintech biz is set to pay $1 million in fines under a US Securities and Exchange Commission order that claims it advertised "annualized" returns on Titan Crypto of up to 2,700 percent, a number based on a "purely hypothetical account."…

How AI is powering ransomware attacks on applications

Webinar  You could be forgiven for wondering if anything can ever again be completely straightforward or demonstrably authentic in a world where generative AI can masquerade convincingly as your mother, or express itself in the exact language your best friend might use.…

Cupertino appears to be blasé about long-standing macOS bug, so coder has blabbed

Apple last year introduced a security feature called App Management that's designed to prevent one application from modifying another without authorization under macOS Ventura – but a developer claims it’s not very good at its job under some circumstances.…

Good thing you're not exposing admin port 8443 to the world, right? Uh, right?

A critical authentication bypass bug in MobileIron Sentry has been exploited in the wild, its maker Ivanti said in an advisory on Monday.…

If spies aren't swiping designs via joint ventures, they're breaking into IT networks and mulling sat hijackings

With America outspending the rest of the world on space technologies, those systems and their blueprints are a highly alluring and lucrative target for sticky-fingered spies, Uncle Sam has reminded industry.…

Identity Access Management? What's that?

Insiders are to blame for a May data breach at Tesla, the company claimed in filings after news of the incident was reported months ago by German media.…

Update now: Millions of users potentially impacted, plus uncounted warez folks

Users of the popular WinRAR compression and archiving tool should update now to avoid a vulnerability that allows code to be run when a user opens a RAR file.…

Snoopers Charter: Dead cows don't snitch

Opinion  Information wants to be free. This usefully ambiguous battle cry has been the mischievous slogan of hackers since early networking thinker Stuart Brand coined it in the early 1980s. Intended as part of a discussion about the inherent contradictions of intellectual property, it has bestowed irony in many other places since.…

ALSO: NYC says kthxbye to TikTok, slain Microsoft exec's wife indicted, and some ASAP patch warnings

Infosec in brief  Someone at Microsoft has some explaining to do after a messed up DNS record caused emails sent from Hotmail accounts using Microsoft's Outlook service to be rejected and directed to spam folders starting on Thursday.…

Cops credit security shops with an assist, tho it's a drop in the ocean

An Interpol-led operation arrested 14 suspects and identified 20,674 "suspicious" networks spanning 25 African countries that international cops have linked to more than $40 million in cybercrime losses.…

Bad kitty, no catnip for you

Here's a heads up. Another version of BlackCat ransomware has been spotted extorting victims. This variant embeds two tools, we're told: the network toolkit Impacket for lateral movement within compromised environments, and Remcom for remote code execution.…

But it may help with fuzzing

Analysis  Despite the hype around criminals using ChatGPT and various other large language models to ease the chore of writing malware, it seems this generative AI technology isn't terribly good at helping with that kind of work.…