Cybersecurity
Admins can give thanks this November for dollops of Microsoft patches
Don't be a turkey – get these fixed Patch Tuesday Patch Tuesday has swung around again, and Microsoft has released fixes for 89 CVE-listed security flaws in its products – including two under active attack – and reissued three more.…
China’s Volt Typhoon crew and its botnet surge back with a vengeance
Ohm, for flux sake China's Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.…
Air National Guardsman gets 15 years after splashing classified docs on Discord
22-year-old talked of 'culling the weak minded' – hmm! A former Air National Guard member who stole classified American military secrets, and showed them to his gaming buddies on Discord, has been sentenced to 15 years in prison.…
Here’s what we know about the suspected Snowflake data extortionists
A Canadian and an American living in Turkey 'walk into' cloud storage environments… Two men allegedly compromised what's believed to be multiple organizations' Snowflake-hosted cloud environments, stole sensitive data within, and extorted at least $2.5 million from at least three victims.…
HTTP your way into Citrix’s Virtual Apps and Desktops with fresh exploit code
'Once again, we've lost a little more faith in the internet,' researcher says Researchers are publicizing a proof of concept (PoC) exploit for what they're calling an unauthenticated remote code execution (RCE) vulnerability in Citrix's Virtual Apps and Desktops.…
Managing third-party risks in complex IT environments
Key steps to protect your organization’s data from unauthorized external access Webinar With increasing reliance on contractors, partners, and vendors, managing third-party access to systems and data is a complex security challenge.…
Amazon confirms employee data exposed in leak linked to MOVEit vulnerability
Over 5 million records from 25 organizations posted to black hat forum Amazon employees' data is part of a stolen trove posted to a cybercrime forum linked to last year's MOVEit vulnerability.…
FBI issues warning as crooks ramp up emergency data request scams
Just because it's .gov doesn't mean that email is trustworthy Cybercrooks abusing emergency data requests in the US isn't new, but the FBI says it's becoming a more pronounced issue as the year draws to a close.…
Dark web crypto laundering kingpin sentenced to 12.5 years in prison
Prosecutors hand Russo-Swede a half-billion bill The operator of the longest-running money laundering machine in dark web history, Bitcoin Fog, has been sentenced to 12 years and six months in US prison.…
Scattered Spider, BlackCat claw their way back from criminal underground
We all know by now that monsters never die, right? Two high-profile criminal gangs, Scattered Spider and BlackCat/ALPHV, seemed to disappear into the darkness like their namesakes following a series of splashy digital heists last year, after which there were arrests and website seizures.…