March 8, 2024

Cybercrime crew Magnet Goblin bursts onto the scene exploiting Ivanti holes

Plus: CISA pulls plug on couple of systems feared compromised There's yet another group of miscreants out there hijacking insecure Ivanti devices: A new, financially motivated gang dubbed Magnet Goblin has emerged from the shadowy digital depths with a knack for rapidly exploiting newly disclosed vulnerabilities before vendors…

Microsoft confirms Russian spies stole source code, accessed internal systems

Still "no evidence" of any compromised customer-facing systems, we're told Microsoft has now confirmed that the Russian cyberspies who broke into its executives' email accounts stole source code and gained access to internal systems. The Redmond giant has characterized the intrusion as "ongoing."…

Change Healthcare registers pulse after crippling ransomware attack

Remaining services are expected to return in the coming weeks after $22M ALPHV ransom Change Healthcare has taken the first steps toward a full recovery from the ransomware attack in February by bringing its electronic prescription services back online.…

Swiss cheese security? Play ransomware gang milks government of 65,000 files

Classified docs, readable passwords, and thousands of personal information nabbed in Xplain breach The Swiss government had around 65,000 files related to it stolen by the Play ransomware gang during an attack on an IT supplier, its National Cyber Security Center (NCSC) says.…

Font security ‘still a Helvetica of a problem’ says Australian graphics outfit Canva

Who knew that unzipping a font archive could unleash a malicious file Online graphic design platform Canva went looking for security problems in fonts, and found three – in "strange places."…

Securing open source software: Whose job is it, anyway?

CISA announces more help, and calls on app makers to step up The US government and some of the largest open source foundations and package repositories have announced a series of initiatives intended to improve software supply-chain security, while also repeating calls for developers to increase support for…

Copyright © 2024 Lugapel