Cybersecurity

Feds pull plug on domains linked to import of Chinese gun conversion devices

Illegal goods allegedly shipped to the US labeled as toys or jewels The US Attorney's Office in the District of Massachusetts has seized more than 350 internet domains allegedly used by Chinese outfits to sell US residents kits that convert semiautomatic pistols into fully automatic guns – and…

Fortinet admits miscreant got hold of customer data in the cloud

That would explain this 440GB leak, then Fortinet has admitted that bad actors accessed cloud-hosted data about its customers, but insisted it was a "limited number" of files. The question is: how limited is "limited"?…

‘Hadooken’ Linux malware targets Oracle WebLogic servers

Nastyware seeks creds, mines crypto, and plants ransomware that isnt deployed - for now? An unknown attacker is exploiting weak passwords to break into Oracle WebLogic servers and deploy an emerging Linux malware called Hadooken, according to researchers from cloud security outfit Aqua.…

Google Chrome gets a mind of its own for some security fixes

Browser becomes more proactive about trimming unneeded permissions and deceptive notifications Google has enhanced Chrome's Safety Check so that it can make some security decisions on the user's behalf.…

Transport for London confirms 5,000 users’ bank data exposed, pulls large chunks of IT infra offline

NCA confirms arrest of 17-year-old 'on suspicion of Computer Misuse Act offences' – now bailed Transport for London's ongoing cyber incident has taken a dark turn as the organization confirmed that some data, including bank details, might have been accessed, and 30,000 employees' passwords will need to be…

EU kicks off an inquiry into Google’s AI model

Privacy regulator taking a closer look at data privacy and PaLM 2 The European Union's key regulator for data privacy, Ireland's Data Protection Commission (DPC), has launched a cross-border inquiry into Google's AI model to ascertain if it complies with the bloc's rules.…

About that Windows Installer ‘make me admin’ security hole. Here’s how it’s exploited

What kind of OS can be hijacked by clicking a link at just the right time? Microsoft's In this week's Patch Tuesday Microsoft alerted users to, among other vulnerabilities, a flaw in Windows Installer that can be exploited by malware or a rogue user to gain SYSTEM-level privileges…

Mind your header! There’s nothing refreshing about phishers’ latest tactic

It could lead to a costly BEC situation Palo Alto's Unit 42 threat intel team wants to draw the security industry's attention to an increasingly common tactic used by phishers to harvest victims' credentials.…

Hunters International claims ransom on Chinese mega-bank’s London HQ

Allegedly swiped more than 5.2M files and threatens to publish the lot Ransomware gang Hunters International reportedly claims to have stolen more than 5.2 million files belonging to the London branch of the Industrial and Commercial Bank of China (ICBC), a Chinese state-owned bank and financial service corporation,…

So you paid a ransom demand … and now the decryptor doesn’t work

A really big oh sh*t moment, for sure For C-suite execs and security leaders, discovering your organization has been breached, your critical systems locked up and your data stolen, then receiving a ransom demand, is probably the worst day of your professional life.…

Copyright © 2024 Lugapel