News

Payment arm of Korean messaging app denies any illegal activity

Kakao Pay, a subsidiary of Korea's WhatsApp analog Kakao, handed over data from more than 40 million users to the Singaporean arm of Chinese payment platform Alipay, without user consent, Korea's financial watchdog revealed Tuesday.…

No, no, go ahead, don't let us stop you, Xi

Cyber-spies suspected of connections with China have infected "dozens" of computers belonging to Russian government agencies and IT providers with backdoors and trojans since late July, according to Kaspersky.…

Citizen Lab also spots a COLDWASTREL swimming in the Rivers of Phish

Russia's Federal Security Service (FSB) cyberspies, joined by a new digital snooping crew, have been conducting a massive online phishing espionage campaign via phishing against targets in the US and Europe over the past two years, according to the University of Toronto's Citizen Lab.…

Lone Star State alleges GM cashed in with "millions in lump sum payments" from the sale

Texas has sued General Motors for what it said is a years-long scheme to collect and sell drivers' data to third parties - including insurance companies - without their knowledge or consent. …

Three state attorneys general probed the company and found plenty to chastise

Biotech biz Enzo Biochem is being forced to pay three state attorneys general a $4.5 million penalty following a 2023 ransomware attack that compromised the data of more than 2.4 million people.…

Company admits turning human women into faceless, sexualized furniture was a 'tone deaf' marketing ploy

If you attended the Black Hat conference in Vegas last week and found yourself over in Palo Alto Networks' corner of the event, you may have encountered a marketing gimmick that has since been heavily criticized for misogyny.…

Questions raised as one of the world's largest PC makers joins America's critical defense team

Opinion  Lenovo's participation in a cybersecurity initiative has reopened old questions over the company's China origins, especially in light of the growing mistrust between Washington and Beijing over technology.…

There's a blockchain involved so it's totally going to stop you getting those calls

India’s Telecom Regulatory Authority (TRAI) on Tuesday directed telcos to stop calls from unregistered telemarketers – and prevent them from using networks again for up to two years – as part of an effort to curb spam and scams.…

Nicely ahead of that always-a-decade-away moment when all our info becomes an open book

The National Institute of Standards and Technology (NIST) today released the long-awaited post-quantum encryption standards, designed to protect electronic information long into the future – when quantum computers are expected to break existing cryptographic algorithms.…

Plus more pain for Intel which fixed 43 bugs, SAP and Adobe also in on the action

Patch Tuesday  Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and four others that are listed as publicly known.…

Plus many more newbies waiting in the wings

Despite a law enforcement takedown six months ago, LockBit 3.0 remains the most prolific encryption and extortion gang, at least so far, this year, according to Palo Alto Networks' Unit 42.…

Authorities allege 'J.P. Morgan' practiced ‘extreme operational and online security’

The US has charged a suspect they claim is a Belarusian-Ukrainian cybercriminal whose offenses date back to 2011.…

The takedown may be small but any ransomware gang sent to the shops is good news in our book

The Dispossessor ransomware group is the latest to enter the cybercrime graveyard with the Feds proudly laying claim to the takedown.…

Incident sounds like a BEC fraud targeting an unwitting staffer

Luxembourg-based chemicals and manufacturing giant Orion SA is telling US regulators that it will lose out on around $60 million after it was targeted by a criminal wire fraud scheme.…

Because apps talking like pirates and creating ASCII art never gets old

Despite worries about criminals using prompt injection to trick large language models (LLMs) into leaking sensitive data or performing other destructive actions, most of these types of AI shenanigans come from job seekers trying to get their resumes past automated HR screeners – and people protesting generative AI for various reasons, according to Russian security biz Kaspersky.…

Bad guys claim they're cops, keep you on hold for hours until you pay to make loved ones' crimes go away

A woman in the Indian city of Delhi last week found herself under "digital arrest" – a form of scam in which victims make payments to criminals posing as law enforcement officers.…

Kernel mode not good enough for you? Maybe you'll like SMM of this

Some AMD processors dating back to 2006 have a security vulnerability that's a boon for particularly underhand malware and rogue insiders, though the chip designer is only patching models made since 2020.…

Nearly 50 different data points were accessed by cybercrim

An Arizona tech school will send letters to 208,717 current and former students, staff, and parents whose data was exposed during a January break-in that allowed an attacker to steal nearly 50 types of personal info.…

It also attracts exactly the type of unempathetic people you would think it does

Black Hat  Recently published interviews with known doxxers reveal the incredible finances behind the practice and how their extortion tactics are becoming increasingly violent.…

Let SANS help you get to grips with the shifting landscape of cloud security

Sponsored Post  Our reliance on the cloud continues to grow steadily, with a greater variety of services than ever being hosted in it.…