2024
Cloudflare sheds more light on Thanksgiving security breach in which tokens, source code accessed by suspected spies
Atlassian systen compromised via October Okta intrusion Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October.…
Rise of deepfake threats means biometric security measures won’t be enough
Defenses need a rethink in face of increasing sophistication Cyber attacks using AI-generated deepfakes to bypass facial biometrics security will lead a third of organizations to doubt the adequacy of identity verification and authentication tools as standalone protections.…
Biden will veto attempts to rip up SEC breach reporting rule
Senate, House can try but won't make it past the Prez, says White House The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission's (SEC) strict data breach reporting rule.…
LockBit shows no remorse for ransomware attack on children’s hospital
It even had the gall to set the ransom demand at $800K … for a nonprofit Ransomware gang LockBit is claiming responsibility for an attack on a Chicago children's hospital in an apparent deviation from its previous policy of not targeting nonprofits.…
Congress told how Chinese attackers plan to incite ‘societal chaos’ in the US
American public is way ahead of them Chinese attackers are preparing to "wreak havoc" on American infrastructure and "cause societal chaos" in the US, infosec, and law enforcement bosses told a US House committee on Wednesday.…
FBI confirms it issued remote kill command to blow out Volt Typhoon’s botnet
Remotely disinfects Cisco and Netgear routers to block Chinese critters China's Volt Typhoon attackers used "hundreds" of outdated Cisco and NetGear routers infected with malware in an attempt to break into US critical infrastructure facilities, according to the Justice Department.…
Ransomware payment rates drop to new low – only 29% of victims are forking over cash
It's almost like years of false assurances have made people realize payments are pointless Trusting a ransomware crew to honor a deal isn't the greatest idea, and the world seems to be waking up to that. The number of victims who chose to pay dropped to a new…
Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks
Evidence mounts of an exploit gatekept within Russia's borders Security researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations' systems.…
We know nations are going after critical systems, but what happens when crims join in?
This isn't going to end well Volt Typhoon, the Chinese government-backed cyberspies whose infrastructure was at least partially disrupted by Uncle Sam, has been honing in on other US energy, satellite and telecommunications systems, according to Robert Lee, CEO of security shop Dragos.…
Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns
Many versions still without fixes while sophisticated attackers bypass mitigations Ivanti has finally released the first round of patches for vulnerability-stricken Connect Secure and Policy Secure gateways, but in doing so has also found two additional zero-days, one of which is under active exploitation.…