2024

Big names among thousands infected by payment-card-stealing CosmicSting crooks

Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of stealing shoppers' payment card info as they order stuff online.…

Average North American CISO salary now $565K, mainly thanks to one weird trick

Best way to boost your package is to leave, or pretend to A survey of nearly 700 CISOs in the US and Canada has found that salaries have risen over the last year to an average of $565,000 and a median of $403,000, with the top 10 percent…

Two British-Nigerian men sentenced over multimillion-dollar business email scam

Fraudsters targeted local government, colleges, and construction firms in Texas and North Carolina Two British-Nigerian men were sentenced for serious business email compromise schemes in the US this week, netting them millions of dollars from local government entities, construction companies, and colleges.…

Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant

Crooks 'like a sysadmin, with a malicious slant' Exclusive  An extortionist armed with a new variant of MedusaLocker ransomware has infected more than 100 organizations a month since at least 2022, according to Cisco Talos, which recently discovered a "substantial" Windows credential data dump that sheds light on…

Brits hate how big tech handles their data, but can’t be bothered to do much about it

Managing the endless stream of cookie banners leaves little energy for anything else Fewer than one in five Brits report being happy with the way their personal data is handled by big tech companies, yet the furthest many will go is to reject optional cookies on the web.…

700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking

With 14 serious security flaws found, what a gift for spies and crooks Fourteen newly found bugs in DrayTek Vigor routers — including one critical remote-code-execution flaw that received a perfect 10 out of 10 CVSS severity rating — could be abused by crooks looking to seize control…

NIST’s security flaw database still backlogged with 17K+ unprocessed bugs. Not great

Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline NIST has made some progress clearing its backlog of security vulnerability reports to process – though it's not quite on target as hoped.…

‘Patch yesterday’: Zimbra mail servers under siege through RCE vuln

Attacks began the day after public disclosure "Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited.…

The fix for BGP’s weaknesses has big, scary, issues of its own, boffins find

Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works The Resource Public Key Infrastructure (RPKI) protocol has "software vulnerabilities, inconsistent specifications, and operational challenges" according to a pre-press paper from a trio of German…

Euro cops arrest 4 including suspected LockBit dev chilling on holiday

And also: What looks like proof that stolen data was never deleted even after ransom was paid Building on the success of what's known around here as LockBit Leak Week in February, the authorities say they've arrested a further four individuals with ties to the now-scuppered LockBit ransomware…

Copyright © 2024 Lugapel