February 2024
Meet VexTrio, a network of 70K hijacked websites crooks use to sling malware, fraud
Some useful indicators of compromise right here More than 70,000 presumably legit websites have been hijacked and drafted into a network that crooks use to distribute malware, serve phishing pages, and share other dodgy stuff, according to researchers.…
Ivanti discloses fifth vulnerability, doesn’t credit researchers who found it
Software company's claim of there being no active exploits also being questioned In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it.…
Fortinet’s week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim
An orchestra of fails for the security vendor We've had to write the word "Fortinet" so often lately that we're considering making a macro just to make our lives a little easier after what the company's reps will surely agree has been a week sent from hell.…
The ever-present state of cyber security alert
Should you be paying more attention to securing your AI models from attack? Webinar As artificial intelligence (AI) technology becomes increasingly complex so do the threats from bad actors. It is like a forever war.…
India to make its digital currency programmable
Reserve Bank also wants a national 2FA framework The Reserve Bank of India (RBI) announced on Thursday it would make its digital currency programmable, and ensure it can be exchanged when citizens are offline.…
Crime gang targeted jobseekers across Asia, looted two million email addresses
That listing for a gig that looked too good to be true may have been carrying SQL injection code Singapore-based infosec firm Group-IB has detected a group that spent the last two months of 2023 stealing personal info from websites operated by jobs boards and retailers websites across…
Uncle Sam sweetens the pot with $15M bounty on Hive ransomware gang members
Honor among thieves about to be put to the test The US government has placed an extra $5 million bounty on Hive ransomware gang members – its second such reward in a year. And it also comes a little over 11 months since the FBI said it had…
FBI: Give us warrantless Section 702 snooping powers – or China wins
Never mind the court orders obtained to thwart Volt Typhoon botnet Analysis The FBI's latest PR salvo, as it fights to preserve its warrantless snooping powers on Americans via FISA Section 702, is more big talk of cyberattacks by the Chinese government.…
Fake LastPass lookalike made it into Apple App Store
No walled garden can keep out every weed, we suppose LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install.…