February 2025

Healthcare outfit that served military personnel settles allegations it faked infosec compliance for $11 million

If this makes you feel sick, knowing this happened before ransomware actors started targeting medical info may help An alleged security SNAFU that occurred during the Obama administration has finally been settled under the second Trump administration.…

Palo Alto firewalls under attack as miscreants chain flaws for root access

If you want to avoid urgent patches, stop exposing management consoles to the public internet A flaw patched last week by Palo Alto Networks is now under active attack and, when chained with two older vulnerabilities, allows attackers to gain root access to affected systems.…

Snake Keylogger slithers into Windows, evades detection with AutoIt-compiled payload

Because stealing your credentials, banking info, and IP just wasn’t enough A new variant of Snake Keylogger is making the rounds, primarily hitting Windows users across Asia and Europe. This strain also uses the BASIC-like scripting language AutoIt to deploy itself, adding an extra layer of obfuscation to…

US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware

Called it an 'incident' in SEC filing, but encrypted apps and data exfiltration suggest Lee just can’t say the R word US newspaper publisher Lee Enterprises is blaming its recent service disruptions on a "cybersecurity attack," per a regulatory filing, and is the latest company to avoid using…

FreSSH bugs undiscovered for years threaten OpenSSH security

Exploit code now available for MitM and DoS attacks Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released.…

Time to make C the COBOL of this century

Lions juggling chainsaws are fun to watch, but you wouldn't want them trimming your trees Opinion  Nobody likes The Man. When a traffic cop tells you to straighten up and slow down or else, profound thanks are rarely the first words on your lips. Then you drive past…

Indian authorities seize loot from collapsed BitConnect crypto scam

Devices containing crypto wallets tracked online, then in the real world Indian authorities seize loot from BitConnect crypto-Ponzi scheme Devices containing crypto wallets tracked online, then in the real world India’s Directorate of Enforcement has found and seized over $200 million of loot it says are the proceeds…

XCSSET macOS malware returns with first new version since 2022

Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert Microsoft says there's a new variant of XCSSET on the prowl for Mac users – the first new iteration of the malware since 2022.…

Nearly 10 years after Data and Goliath, Bruce Schneier says: Privacy’s still screwed

'In 50 years, I think we'll view these business practices like we view sweatshops today' Interview  It has been nearly a decade since famed cryptographer and privacy expert Bruce Schneier released the book Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World -…

If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish

Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir Digital thieves – quite possibly Kremlin-linked baddies – have been emailing out bogus Microsoft Teams meeting invites to trick victims in key government and business sectors into handing over their authentication tokens, granting…

Copyright © 2024 Lugapel