News
Intuit sued over alleged cryptocurrency thefts via Mailchimp intrusion
Intuit is being sued in the US after a security failure at its Mailchimp email marketing business allegedly led to the theft of cryptocurrency from one or more digital wallets.…
Homeland Security bug bounty program uncovers 122 holes in its systems
The first bug bounty program by America's Homeland Security has led to the discovery and disclosure of 122 vulnerabilities, 27 of which were deemed critical.…
Flaw could have granted criminals control over Ever Surf crypto wallets
A flaw detected in the browser version of the Ever Surf cryptocurrency wallet could have given hackers who exploited it full control over a targeted user's wallet, say threat hunters at Check Point Research.…
FBI: BlackCat ransomware scratched 60-plus orgs
In brief The BlackCat ransomware gang, said to be the first-known ransomware group to successfully break into networks with Rust-written malware, has attacked at least 60 organizations globally as of March, according to the FBI.…
Now Mandiant says 2021 was a record year for exploited zero-day security bugs
The number of zero-day vulnerabilities exploited in the wild reached an all-time high last year, according to Mandiant.…
US DOJ probes Google's $5.4b Mandiant acquisition
Federal regulators are taking a closer look at Google's planned $5.4 billion acquisition of Mandiant, a deal designed to boost the web giant's public cloud's cybersecurity capabilities.…
Hive ransomware affiliate zeros in on Exchange servers
An affiliate of the aggressive Hive ransomware group is exploiting known vulnerabilities in Microsoft Exchange servers to encrypt and exfiltrate data and threaten to publicly disclose the information if the ransom isn't paid.…
REvil resurrected? Ransomware crew appears to be back. Keyword: Appears
The notorious REvil ransomware gang appears to have returned from the bowels of the dark web, three months after the arrest of 14 of its suspected members, with its old website forwarding to a new operation that lists both previous and fresh victims.…
YouTube terminates account for Hong Kong's presumed next head of government
YouTube has blocked the campaign account of Hong Kong's only candidate for the Special Administrative Region's (SAR) head of government, John Lee Ka-chiu, citing US sanctions.…
Emotet reestablishes itself at the top of the malware world
More than a year after essentially being shut down, the notorious Emotet malware operation is showing a strong resurgence.…
Five Eyes nations fear wave of Russian attacks against critical infrastructure
The Five Eyes nations' cybersecurity agencies this week urged critical infrastructure to be ready for attacks by crews backed by or sympathetic to the Kremlin amid strong Western opposition to Russia's invasion of Ukraine.…
AWS's Log4j patches blew holes in its own security
Amazon Web Services has updated its Log4j security patches after it was discovered the original fixes made customer deployments vulnerable to container escape and privilege escalation.…
Oracle already wins 'crypto bug of the year' with Java digital signature bypass
Java versions 15 to 18 contain a flaw in its ECDSA signature validation that makes it trivial for miscreants to digitally sign files and other data as if they were legit organizations.…
Russian-linked Shuckworm crew ramps up Ukraine attacks
A Russian-linked threat group that has almost exclusively targeted Ukraine since it first appeared on the scene in 2014 is deploying multiple variants of its malware payload on systems within the country.…
Criminals adopting new methods to bypass improved defenses, says Zscaler
The number of phishing attacks worldwide jumped 29 percent last year as threat actors countered stronger enterprise defenses with newer methods, according to researchers with Zscaler's ThreatLabz research team.…
US warns North Korean Lazarus gang rises against cryptocurrency outfits
The North Korean-based criminal group Lazarus is expanding its attacks into the blockchain and crypto space, three agencies of the US government have warned.…
Google tracked record 58 exploited-in-the-wild zero-day security holes in 2021
Google's bug hunters say they spotted 58 zero-day vulnerabilities being exploited in the wild last year, which is the most-ever recorded since its Project Zero team started analyzing these in mid-2014.…
Kaspersky cracks Yanluowang ransomware, offers free decryptor
Kaspersky has found a vulnerability in the Yanluowang ransomware encryption algorithm and, as a result, released a free decryptor tool to help victims of this software nasty recover their files.…
ESET uncovers vulnerabilities in Lenovo laptops
Got a Lenovo laptop? You might need to do a swift bit of patching judging by the latest set of vulnerabilities uncovered by security researchers at ESET.…
Funky Pigeon pauses all orders after 'security incident'
British retailer WH Smith has confirmed that Funky Pigeon, its online greetings card and gift subsidiary, has halted all further orders after a "security incident."…
Pages
