2024
Mandiant’s brute-forced X account exposes perils of skimping on 2FA
Speculation builds over whether a nearly year-old policy change was to blame Google-owned security house Mandiant's investigation into how its X account was taken over to push cryptocurrency scams concludes the "likely" cause was a successful brute-force password attack.…
Infoseccers think attackers backed by China are behind Ivanti zero-day exploits
Customers currently left patchless while attacks are expected to increase Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti.…
Fidelity National now says 1.3M customers had data stolen by cyber-crooks
It's still not calling it ransomware Fidelity National Financial now says criminals got hold of data belonging to 1.3 million customers after breaking into its IT network in November.…
Uncle Sam tells hospitals: Meet security standards or no federal dollars for you
Expect new rules in upcoming weeks US hospitals will be required to meet basic cybersecurity standards before receiving federal funding, according to rules the White House is expected to propose in the next few weeks.…
Be honest. Would you pay off a ransomware crew?
Today us vultures are debating bans on ransom payments, deplorable tactics by extortionists, and more Kettle Believe us, we wish there was a simple solution that could stop ransomware dead in its tracks for good.…
Cybercrooks play dress-up as ‘helpful’ researchers in latest ransomware ruse
Posing as cyber samaritans, scumbags are kicking folks when they're down Ransomware victims already reeling from potential biz disruption and the cost of resolving the matter are now being subjected to follow-on extortion attempts by criminals posing as helpful security researchers.…
ShinyHunters chief phisherman gets 3 years, must cough up $5M
Sebastien Raoult developed various credential-harvesting websites over more than 2 years A key member of the ShinyHunters cybercrime group is facing three years in the slammer and being forced to return $5 million in criminal proceeds.…
New year, more bugs in Windows, Adobe, Android to be fixed
Nothing under exploit… Is this the calm before the storm? Patch Tuesday Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge.…
SEC Twitter hijacked to push fake news of hotly anticipated Bitcoin ETF approval
Buy the hype, sell the, wait, what do we do now?! The SEC today said its Twitter account was hijacked to wrongly claim it had approved hotly anticipated Bitcoin ETFs, causing the cryptocurrency to spike and then slip in price.…
And that’s a wrap for Babuk Tortilla ransomware as free decryptor released
Experts' job made 'straightforward' by crooks failing to update encryption schema after three years Security researchers have put out an updated decryptor for the Babuk ransomware family, providing a free solution for victims of the Tortilla variant.…