News

Being the money launderer for North Korea’s Lazarus Group comes at a price

The US Treasury Department is levying sanctions against Tornado Cash, a notorious cryptocurrency mixer that it says has been used by threat groups like ransomware gang Lazarus to launder stolen digital assets.…

Comms giant says several other firms targeted in 'sophisticated attack'

Twilio confirmed a breach of the communication giant's network and accessed "a limited number" of customer accounts after tricking some employees into falling for a phishing attack.…

We're pretty sure that doesn't mean it's safe to click on sketchy popups

Microsoft wants to make it safer for Edge users to browse and visit unfamiliar websites by automatically applying stronger security settings.…

Users who created shared invitation links for their workspace had login details slip out among encrypted traffic

Did Slack send you a password reset link last week? The company has admitted to accidentally exposing the hashed passwords of workspace users.…

Nascent platform provides miscreants an easier and cheaper way to launch remote access, DDoS, and other attacks

A platform that makes it easier for cyber criminals to establish command-and-control (C2) servers has already attracted 3,000 users since launching earlier this year, and will likely expand its client list in the coming months.…

Plus: That Twitter privacy leak, scammers send Ubers for victims, critical flaw in Cisco gear, and more

In brief  DuckDuckGo has finally mostly cracked down on the third-party Microsoft tracking scripts that got the alternative search engine into hot water earlier this year.…

What it's like bargaining with criminals ... and advising clients suffering their worst day yet

Interview  The first rule of being a ransomware negotiator is that you don't admit you're a ransomware negotiator — at least not to LockBit or another cybercrime gang. …

The Feds may see things differently

Cryptocurrency bridge Nomad sent a message to the looters who drained nearly $200 million in tokens from its coffers earlier this week: return at least 90 percent of the ill-gotten gains, keep 10 percent as a bounty for discovering the security flaw, and Nomad will consider this a "white-hat" hack, as opposed to plain old theft, and not take legal action.…

DEF CON may be about to blow lid off security hole

The US government is warning of critical vulnerabilities in its Emergency Alert System (EAS) systems that, if exploited, could enable intruders to send fake alerts out over television, radio, and cable networks.…

At least Switchzilla thinks they're salvageable, unlike the boxes it ordered binned back in June

Cisco has revealed four of its small business router ranges have critical flaws – for the second time in 2022 alone.…

I got played via the Play store

Last October, California resident Jacob Pearlman downloaded an Android version of a cryptocurrency wallet app called Phantom from the Google Play app store.…

Controversial visit to Taiwan continues to reverberate through cyberspace, the real world, and the semiconductor industry

Taiwan's Ministry of National Defense confirmed it was hit by a DDoS attack on Wednesday in what has been an eventful week for the island nation, US-Sino relations, and semiconductors.…

Tech giants and digital rights groups didn't like it, but at least it was a law

The government of India has scrapped the Personal Data Protection Bill it's worked on for three years, and announced it will – eventually – unveil a superior bill.…

Simple to exploit, enough to pocket $3,000

A Danish ethical hacker was able to work his way uninvited into a closed Cloudflare beta and found a vulnerability that could have been exploited by a cybercriminal to hijack and steal someone else's email.…

Plan to educate the children turned out to be a 'won't someone think of the children?' moment

The UK's Parliament has ended its presence on TikTok after MPs pointed out the made-in-China social media service probably sends data about its users back to Beijing.…

SOL holders literally S.O.L.

Millions of dollars worth of Solana cryptocurrency and other tokens were stolen from seemingly thousands of netizens this week by thieves exploiting some kind of security weakness or blunder.…

Organizations can be more proactive in tracking threats, finding holes in their protection

Microsoft says it will give enterprise security operation centers (SOCs) broader access to the massive amount of threat intelligence it collects every day.…

That's just the tip of the iceberg – and now he faces potentially years in the clink

A now-former T-Mobile US store stole at least 50 employees' work credentials to run a phone unlocking and unblocking service that prosecutors said netted $25 million.…

It's all fun and games until somebody gets their files encrypted

Miscreants making use of typosquatting are being spotted by researchers at Sonatype, emphasizing the need to check that the package is really the one you meant to download.…

Without a road to recovery, you’re just going to be roadkill

Sponosred Feature  What sort of disaster would you rather prepare for? Hurricanes are destructive, but you know when one's coming, giving you time to take defensive action. Earthquakes vary in their destructive power, but you never know when they're going to hit, meaning your ability to recover after the impact is critical.…