News

'Once again, we've lost a little more faith in the internet,' researcher says

Researchers are publicizing a proof of concept (PoC) exploit for what they're calling an unauthenticated remote code execution (RCE) vulnerability in Citrix's Virtual Apps and Desktops.…

Key steps to protect your organization’s data from unauthorized external access

Webinar  With increasing reliance on contractors, partners, and vendors, managing third-party access to systems and data is a complex security challenge.…

Over 5 million records from 25 organizations posted to black hat forum

Amazon employees' data is part of a stolen trove posted to a cybercrime forum linked to last year's MOVEit vulnerability.…

Just because it's .gov doesn't mean that email is trustworthy

Cybercrooks abusing emergency data requests in the US isn't new, but the FBI says it's becoming a more pronounced issue as the year draws to a close.…

Prosecutors hand Russo-Swede a half-billion bill

The operator of the longest-running money laundering machine in dark web history, Bitcoin Fog, has been sentenced to 12 years and six months in US prison.…

Also: Crypto hacks will continue; CoD hacker gets thousands banned, and more

in brief  One of the suspected masterminds behind the widespread Snowflake breach has been arrested in Canada – but the saga isn't over, eh. …

We all know by now that monsters never die, right?

Two high-profile criminal gangs, Scattered Spider and BlackCat/ALPHV, seemed to disappear into the darkness like their namesakes following a series of splashy digital heists last year, after which there were arrests and website seizures.…

'Multiple' malware samples likely targeting education orgs

Criminals are using game-related applications to infect Windows systems with a malicious software framework called Winos4.0 that gives the attackers full control over compromised machines.…

Curiosity gives crims access to wallets and passwords

Organizations should be on the lookout for bogus copyright infringement emails as they might be the latest ploy by cybercriminals to steal their data.…

Ultra-Reliable Wireless Backhaul doesn't live up to its name

Cisco is issuing a critical alert notice about a flaw that makes its so-called Ultra-Reliable Wireless Backhaul systems easy to subvert.…

10,000 of Kim Jong Un's soldiers believed to be headed for front line

The EU has joined US and South Korean officials in expressing concern over a Russian transfer of technology to North Korea in return for military assistance against Ukraine.…

In case today’s news cycle wasn’t shocking enough, here’s a gem from Sophos

Fresh from a series of serious reports detailing its five-year battle with Chinese cyberattackers, Sophos has dropped a curious story about users of a popular infostealer-cum-RAT targeting a niche group of victims.…

22,000 IP addresses taken down, 59 servers seized, 41 arrests in 95 countries

Interpol is reporting a big win after a massive combined operation against online criminals made 41 arrests and seized hardware thought to be used for nefarious purposes.…

Experts say incident has 'all the hallmarks of ransomware'

Telematics tech biz Microlise says an attack that hit its network likely did not expose customer data, although staff aren't so lucky.…

Alleged intrusion spotted in June

Chinese government cyberspies Volt Typhoon reportedly breached Singapore Telecommunications over the summer as part of their ongoing attacks against critical infrastructure operators.…

Data pinched from pwned outside supplier, thief claims

IntelBroker, a notorious peddler of stolen data, claims to have pilfered source code, private keys, and other sensitive materials belonging to Nokia.…

Hellcat crew claimed to have gained access via the company's Atlassian Jira system

Schneider Electric confirmed that it is investigating a breach as a ransomware group Hellcat claims to have stolen more than 40 GB of compressed data — and demanded the French multinational energy management company pay $125,000 in baguettes or else see its sensitive customer and operational information leaked.…

FBI recovers just $8M after scam crashes Heartland Tri-State Bank

The FBI has recovered $8 million in funds from a cryptocurrency scam that netted $47 million and devastated the Kansas city of Elkhart.…

Why? Because that's where the money is

Business email compromise scammers are trying to up their success rate by using a DocuSign API.…

Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials

An ongoing typosquatting campaign is targeting developers via hundreds of popular JavaScript libraries, whose weekly downloads number in the tens of millions, to infect systems with info-stealing and snooping malware.…