2024
Apache OFBiz zero-day pummeled by exploit attempts after disclosure
Issue has been patched so be sure to check your implementations SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight.…
British Library: Finances remain healthy as ransomware recovery continues
Authors continue to lose out on owed payments as rebuild of digital services drags on The British Library is denying reports suggesting the recovery costs for its 2023 ransomware attack may reach highs of nearly $9 million as work to restore services remains ongoing.…
Facebook, Instagram now mine web links you visit to fuel targeted ads
Also: Twitter hijackings, BEC arrest, and critical vulnerabilities Infosec in brief We gather everyone's still easing themselves into the New Year. Deleting screens of unread emails, putting on a brave face in meetings, and slowly getting up to speed. While you're recovering from the Christmas break, Meta has…
Ransomware payment ban: Wrong idea at the wrong time
Won't stop the chaos, may lead to attacks with more dire consequences Opinion A general ban on ransomware payments, as was floated by some this week, sounds like a good idea. Eliminate extortion as a source of criminal income, and the attacks are undoubtedly going to drop. …
After injecting cancer hospital with ransomware, crims threaten to swat patients
Remember the good old days when ransomware crooks vowed not to infect medical centers? Extortionists are now threatening to swat hospital patients — calling in bomb threats or other bogus reports to the police so heavily armed cops show up at victims' homes — if the medical centers…
BreachForums boss busted for bond blunders – including using a VPN
Fitzpatrick faces potentially decades in prison later this month, so may as well get some foreign Netflix in beforehand The cybercriminal behind BreachForums was this week arrested for violating the terms of his pretrial release and will now be held in custody until his sentencing hearing.…
Sandworm’s Kyivstar attack should serve as a reminder of the Kremlin crew’s ‘global reach’
'Almost everything' wiped in the telecom attack, says Ukraine's top cyber spy Russia's Sandworm crew appear to have been responsible for knocking out mobile and internet services to about 24 million users in Ukraine last month with an attack on telco giant Kyivstar.…
X-ploited: Mandiant restores hijacked Twitter account after attempted crypto heist
Miscreants mock Google-owned security house: 'Change password please' Miscreants took over security giant Mandiant's Twitter account for several hours on Wednesday in an attempt to steal cryptocurrency, then trolled the Google-owned security shop, telling its admins to change the password.…
Infosec experts divided over 23andMe’s ‘victim-blaming’ stance on data breach
Users apparently at fault after reusing credentials the company didn't check were already compromised 23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps.…