March 2024

IP address X-posure now a feature on Musk’s social media platform

If you're still on X you'd better disable this insecure-by-default calling feature, lest someone snatch your IP Video and audio calling features for X Premium users added last year to Elon Musk's version of Twitter have been expanded to everyone on the platform, and we're warning Reg readers…

Rapid7 throws JetBrains under the bus for ‘uncoordinated vulnerability disclosure’

Exploits began within hours of the original disclosure, so patch now Updated  Security shop Rapid7 is criticizing JetBrains for flouting its policy against silent patching regarding fixes for two fresh vulnerabilities in the TeamCity CI/CD server.…

Spam crusade lands charity in hot water with data watchdog

Penny Appeal sent more than 460,000 texts asking for money to help war-torn countries, no opt out Typically it is energy improvement peddlers or debt help specialists that are disgraced by Britain's data watchdog for spamming unsuspecting households, but the latest entrant in the hall of shame is…

Cloudflare wants to put a firewall in front of your LLM

Claims to protect against DDoS, sensitive data leakage Cloudflare has tweaked its web application firewall (WAF) to add protections for applications using large language models.…

American Express admits card data exposed and blames third party

Don't leave home without … IT security A security failure at a third-party vendor exposed an untold number of American Express card numbers, expiry dates, and other data to persons unknown.…

Change Healthcare attack latest: ALPHV bags $22M in Bitcoin amid affiliate drama

No honor among thieves? ALPHV/BlackCat, the gang behind the Change Healthcare cyberattack, has received more than $22 million in Bitcoin in what might be a ransomware payment.…

Seoul accuses North Korea of stealing southern chipmakers’ designs

Kim Jong Un's all in for home-built silicon says warning North Korean government spies have broken into the servers of at least two chipmakers and stolen product designs as part of attempts to spur Kim Jong Un's plans for a domestic semiconductor industry, according to Seoul's security agency.…

German defense chat overheard by Russian eavesdroppers on Cisco’s WebEx

Officials can't tell whether the tape was edited, but fear Kremlin has more juicy bits to release in the future The German Ministry of Defense (Bundeswehr) has confirmed that a recording of a call between high-ranking officials discussing war efforts in Ukraine, leaked by Russian media, is legitimate.…

Ransomware ban backers insist thugs must be cut off from payday

Increasingly clear number of permanent solutions is narrowing Global law enforcement authorities' attempts to shutter the LockBit ransomware crew have sparked a fresh call for a ban on ransomware payments to perpetrators.…

LockBit’s contested claim of fresh ransom payment suggests it’s been well hobbled

ALSO: CISA warns Ivanti vuln mitigations might not work, SAML hijack doesn't need ADFS, and crit vulns Infosec in brief  The infamous LockBit ransomware gang has been busy in the ten days since an international law enforcement operation took down many of its systems. But despite its posturing,…

Copyright © 2024 Lugapel