2025

Scattered Spider stops the Rickrolls, starts the RAT race

Despite arrests, eight-legged menace targeted more victims this year Despite several arrests last year, Scattered Spider's social engineering attacks are continuing into 2025 as the cybercrime collective targets high-profile organizations and adds another phishing kit to its arsenal along with a new version of Spectre RAT malware.…

As CISA braces for more cuts, threat intel sharing takes a hit

How will 'gutting' civilian defense agency make American cybersecurity great again? Analysis  Slashing staff at the US govt's Cybersecurity and Infrastructure Security Agency, aka CISA, and scrapping vital programs, isn’t exactly boosting national security, say infosec and national security officials watching America’s digital defenses unravel in real time.…

Oracle says its cloud was in fact compromised

Reliability, honesty, accuracy. And then there's this lot Oracle has briefed some customers about a successful intrusion into its public cloud, as well as the theft of their data, after previously denying it had been compromised.…

That massive GitHub supply chain attack? It all started with a stolen SpotBugs token

But this mystery isn't over yet, Unit 42 opines That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow - exposed way back in November, months earlier than previously suspected.…

Alleged Scattered Spider SIM-swapper must pay back $13.2M to 59 victims

Crummy OPSEC leads to potentially decades in prison Noah Michael Urban, 20, of alleged Scattered Spider infamy, has pleaded guilty to various charges and potentially faces decades in prison.…

Chrome to patch decades-old flaw that let sites peek at your history

After 23 years, the privacy plumber has finally arrived to clean up this mess A 23-year-old side-channel attack for spying on people's web browsing histories will get shut down in the forthcoming Chrome 136, released last Thursday to the Chrome beta channel.…

UK’s attempt to keep details of Apple ‘backdoor’ case secret… denied

Last month's secret hearing comes to light Details of Apple's appeal against the UK's so-called "backdoor order" will now play out in public after the Home Office failed in its bid to keep them secret on national security grounds.…

What native cloud security tools won’t catch

Native tools help, but they don’t cover everything - here’s what they miss and how to close the gaps Partner Content  : AWS provides a number of security services, such as GuardDuty, Inspector, Config, and Security Hub, designed to protect your cloud environment.…

Trump fires NSA boss, deputy

'Nonpartisan' intelligence chief booted less than two years into the job President Trump yesterday fired the head of the NSA and US Cyber Command and his deputy.…

30 minutes to pwn town: Are speedy responses more important than backups for recovery?

The industry’s approach to keeping quality backups may be masking the importance of other recovery mainstays Maintaining good-quality backups is often seen as the spine of any organization's ability to recover from cyberattacks quickly. Naturally, given the emphasis placed on them by experts of all stripes, you'd be…

Copyright © 2024 Lugapel