2024

FTC secures first databroker settlement banning sale of sensitive location data

Also, iOS spyware abused Apple's own ECC, breach victim says it can't figure out what hackers took, and some critical vulns Infosec in brief  The US Federal Trade Commission has secured its first data broker settlement agreement, prohibiting X-Mode Social from sharing or selling sensitive location data.…

Ransomware protection deconstructed

Check out the top 12 must see Rubrik product demos of 2023 for tips on how to foil attacks in 2024 Sponsored Post  Rubrik has combed through its archive to find what it judges to be the top 12 must-see demos of its products available to watch on…

China loathes AirDrop so much it’s publicized an old flaw in Apple’s P2P protocol

Infosec academic suggests Beijing’s warning that iThing owners aren’t anonymous deserves attention outside the great firewall, too In June 2023 China made a typically bombastic announcement: operators of short-distance ad hoc networks must ensure they run according to proper socialist principles, and ensure all users divulge their real-world…

Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in

Snoops had no fewer than five custom bits of malware to hand to backdoor networks Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant's threat intel team.…

Why we update… Data-thief malware exploits SmartScreen on unpatched Windows PCs

Phemedrone Stealer loots drives for passwords, cookies, login tokens, etc Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information – passwords, cookies, authentication tokens, you name it – to grab and leak.…

Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew

It’s taken months for crims to hack together a working exploit chain Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US's must-patch list.…

Secret multimillion-dollar cryptojacker snared by Ukrainian police

Criminal scored $2M in crypto proceeds but ends up in ‘cuffs following property raid The criminal thought to be behind a multimillion-dollar cryptojacking scheme is in custody following a Europol-led investigation.…

Secure network operations for hybrid working

How to have zero trust connectivity and optimize the remote user experience Webinar  Remote working has rapidly become the norm for many organizations and isn't ever going away. But it still needs to be secure if it's to be a success.…

So, are we going to talk about how GitHub is an absolute boon for malware, or nah?

Microsoft says it's doing its best to crack down on crims The popularity of Github has made it too big to block, which is a boon to dissidents ducking government censors but a problem for internet security.…

Data regulator fines HelloFresh £140k for sending 80M+ spams

Messaging menace used text and email to bombard people Food delivery company HelloFresh is nursing a £140,000 ($178k) fine by Britain’s data privacy watchdog after a probe found it had dispatched upwards of a staggering 79 million spam email and one million texts in just seven months.…

Copyright © 2024 Lugapel