2023 was a bad year for commercial file transfer software apps because the Clop ransomware gang kept managing to find zero-day vulnerabilities to exploit. One of their campaigns involved Fortra’s GoAnywhere software. Even though Fortra issued a patch for CVE-2023-0669 within a week of discovery, there were many victims, including Brightline. Now TechTarget reports that […]
The North Korean state-sponsored threat actor known as Lazaraus Group is now running a campaign targeting software and Web3 developers with “undetectable” malware. MSN reports: Cybersecurity researchers at STRIKE from SecurityScorecard said they observed malware being embedded into GitHub repositories and NPM packages, where unsuspecting developers pick them up and integrate into their own projects. The […]
Security Affairs reports: China-linked APT group Salt Typhoon is still targeting telecommunications providers worldwide, and according to a new report published by Recorded Future’s Insikt Group, the threat actors has breached more U.S. telecommunications providers by exploiting unpatched Cisco IOS XE network devices. Insikt Group researchers reported that the Chinese hacked have exploited two Cisco flaws, tracked […]
Some might say it was only a matter of time. HuffPost reports: Elon Musk’s team at the so-called Department of Government Efficiency has posted classified information about the size and staff of a U.S. intelligence agency on its new website, raising bigger concerns about where Musk’s programmers got this information and what they are doing […]
The Record reports; Police in the Netherlands say they seized 127 servers this week that were used by Zservers, a bulletproof hosting service that was the subject of international sanctions issued Tuesday. The raid on Wednesday at the Paul van Vlissingenstraat data center in Amsterdam “followed a long-term digital investigation into the activities of a […]
Inquirer.net reports: The Philippine Charity Sweepstakes Office (PCSO) on Friday dismissed claims that the agency’s database was breached by an alleged group of hackers, adding that information of lotto winners was not compromised. According to PCSO General Manager Mel Robles, the claim was made to taint the integrity of the agency’s games. “This is fake […]
WGTC reports: Attorney General William Tong has announced that Connecticut is joining several other states in filing a lawsuit against Donald Trump’s administration and the overreach of his Elon Musk-led Department of Government Efficiency. Tong is one of 19 Democratic attorneys general who have sued Trump in an effort to block Musk from accessing the systems […]
Brian Krebs reports that a member of Elon Musk’s DOGE team has a criminal past: Wired reported this week that a 19-year-old working for Elon Musk‘s so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to […]
GBHackers reports: Spanish authorities have arrested a hacker believed to be responsible for cyberattacks targeting over 40 public and private organizations globally. The suspect, apprehended on Tuesday in Calpe (Alicante), allegedly compromised sensitive data and disrupted critical services, including government agencies, international institutions, and private corporations. The operation was a collaborative effort between the Policía Nacional and […]
Should India adopt a threshold-based data breach reporting?
MediaNama reports: India needs a threshold-based system for data breach reporting, speakers argued at MediaNama’s discussion on the draft Digital Personal Data Protection Rules (DPDP Rules, 2025) on February 7. This came as a comment during the session on the draft rules around data breaches. MediaNama conducted this discussion under the Chatham House Rule. (Chatham […]