2024
Facebook, Instagram now mine web links you visit to fuel targeted ads
Also: Twitter hijackings, BEC arrest, and critical vulnerabilities Infosec in brief We gather everyone's still easing themselves into the New Year. Deleting screens of unread emails, putting on a brave face in meetings, and slowly getting up to speed. While you're recovering from the Christmas break, Meta has…
Ransomware payment ban: Wrong idea at the wrong time
Won't stop the chaos, may lead to attacks with more dire consequences Opinion A general ban on ransomware payments, as was floated by some this week, sounds like a good idea. Eliminate extortion as a source of criminal income, and the attacks are undoubtedly going to drop. …
After injecting cancer hospital with ransomware, crims threaten to swat patients
Remember the good old days when ransomware crooks vowed not to infect medical centers? Extortionists are now threatening to swat hospital patients — calling in bomb threats or other bogus reports to the police so heavily armed cops show up at victims' homes — if the medical centers…
BreachForums boss busted for bond blunders – including using a VPN
Fitzpatrick faces potentially decades in prison later this month, so may as well get some foreign Netflix in beforehand The cybercriminal behind BreachForums was this week arrested for violating the terms of his pretrial release and will now be held in custody until his sentencing hearing.…
Sandworm’s Kyivstar attack should serve as a reminder of the Kremlin crew’s ‘global reach’
'Almost everything' wiped in the telecom attack, says Ukraine's top cyber spy Russia's Sandworm crew appear to have been responsible for knocking out mobile and internet services to about 24 million users in Ukraine last month with an attack on telco giant Kyivstar.…
X-ploited: Mandiant restores hijacked Twitter account after attempted crypto heist
Miscreants mock Google-owned security house: 'Change password please' Miscreants took over security giant Mandiant's Twitter account for several hours on Wednesday in an attempt to steal cryptocurrency, then trolled the Google-owned security shop, telling its admins to change the password.…
Infosec experts divided over 23andMe’s ‘victim-blaming’ stance on data breach
Users apparently at fault after reusing credentials the company didn't check were already compromised 23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps.…
Infostealer malware, weak password leaves Orange Spain RIPE for plucking
No 2FA or special characters to prevent database takeover and BGP hijack Updated A weak password exposed by infostealer malware is being blamed after a massive outage at Orange Spain disrupted around half of its network's traffic.…
As lawmakers mull outlawing poor security, what can they really do to tackle online gangs?
Headline-grabbing takedowns are nice, but long-term solutions require short-term sacrifices Comment In some ways, the ransomware landscape in 2023 remained unchanged from the way it looked in previous years. Vendor reports continue to show a rise in attacks, major organizations are still getting hit, and the inherent issues…