Security
Russia-linked Black Basta ransomware has extorted at least $100 million
Black Basta, which is believed to be a faction of the notorious Russian Conti ransomware gang, has raked in at least $107 million in Bitcoin ransom payments since its inception in early 2022, joint research by Elliptic and Corvus Insurance has revealed.
Read more about Russia-linked Black Basta ransomware has extorted at least $100 million
Digital wallets and the rise of the identity trojan
Just when we thought it was safe to open our wallets, here comes the identity trojan.
Read more about Digital wallets and the rise of the identity trojan
KidSecurity’s user data compromised after app failed to set password
KidSecurity, a popular parental control app that’s used to track children, has exposed its activity logs, leaving users' private data in the hands of threat actors.
Read more about KidSecurity’s user data compromised after app failed to set password
Pennsylvania water facility hit by Iranian hackers
CISA warns an Iranian hacktivist group targeting water and energy facilities in Israel has now attacked the water authority of two townships in Pennsylvania over the weekend by compromising industrial control devices that are made in Israel.
Read more about Pennsylvania water facility hit by Iranian hackers
Thousands of secrets lurk in app images on Docker Hub
Thousands of secrets have been left exposed on Docker Hub, a platform where web developers collaborate on their code for web applications. While some are harmless API keys, others could lead to unauthorized access, data breaches, or identity theft, the latest Cybernews research reveals.
Read more about Thousands of secrets lurk in app images on Docker Hub
Almost two million affected by data company Zeroed-In Technologies breach
HR data analytics company Zeroed-In Technologies was hacked in August this year. Three months after discovering the breach, the firm has now notified Maine’s authorities, saying that the data of nearly two million people was exposed.
Read more about Almost two million affected by data company Zeroed-In Technologies breach
Cyber pros avoid smart devices: there is a good reason
I liked the idea of a smart oven that starts roasting the turkey while I’m still at work. But cyber pros roasted me for not thinking about the consequences.
Read more about Cyber pros avoid smart devices: there is a good reason
App used by hundreds of schools leaking children's data
Almost a million files with minors' data, including home addresses, photos, and information about the school they attend, were left open to anyone on the internet, posing a threat to children.
Read more about App used by hundreds of schools leaking children's data
Microsoft alerts CyberLink to North Korean threat
Microsoft has alerted software company CyberLink to the misuse of its software by North Korean group Diamond Sleet.
Read more about Microsoft alerts CyberLink to North Korean threat
Thousands of exposed gas pumps invite cyberwarriors
Exposed gas pump controllers may tempt attackers to try and create fuel shortages. Worryingly, there are thousands of unprotected controllers worldwide, with the potential to impact millions.
Read more about Thousands of exposed gas pumps invite cyberwarriors
MacOS targeted by ClearFake malware campaign
A data-stealing program that targets Mac operating systems (OS) is being distributed to unsuspecting targets by means of fake web browser updates.
Read more about MacOS targeted by ClearFake malware campaign
Enterprise software provider Tmax leaks 2TB of data
A Korean IT company developing and selling enterprise software has leaked over 50 million sensitive records.
Read more about Enterprise software provider Tmax leaks 2TB of data
Best botnet ad? An attack on OpenAI
Anonymous Sudan supposedly hit ChatGPT at almost the same time it introduced a new botnet. Experts say the gang is commercializing to enhance operational resources.
Read more about Best botnet ad? An attack on OpenAI
Hive reborn: new ransomware group emerges from the ashes
Hive, one of the world’s most dangerous ransomware groups, disappeared from the scene after being infiltrated by the FBI. Hunters International, a new kid on the block using similar code, has recently emerged in its place. However, the gang claims to be unrelated.
Read more about Hive reborn: new ransomware group emerges from the ashes
Vietnam Post exposes 1.2TB of data, including email addresses
Vietnam Post Corporation, a Vietnamese government-owned postal service, left its security logs and employee email addresses accessible to outside cyber snoopers, Cybernews researchers have discovered. The exposed sensitive data could spell trouble if accessed by malicious actors.
Read more about Vietnam Post exposes 1.2TB of data, including email addresses
Digital payment apps Paypal, Venmo, CashApp could soon be regulated like banks
The US Consumer Financial Protection Bureau (CFPB) wants to regulate all payment apps and digital wallets – such as Apple Pay, CashApp, Google Wallet, and Venmo – just as it would any other financial institution.
Read more about Digital payment apps Paypal, Venmo, CashApp could soon be regulated like banks
Experiment: anti-Pegasus box to keep spies away from my home
Journalists, activists, or minorities around the globe who are targeted by governments using high-tech spyware such as Pegasus have limited means to protect themselves. After recent revelations that ad networks are being utilized for spying and delivering payloads, one helpful solution could be DNS filtering, known as a Pi-Hole. Is it hard to set up, and how useful is it?
Read more about Experiment: anti-Pegasus box to keep spies away from my home
Hacking the sky: planes need patching, too – interview
Cyber assaults on the aviation sector carry more serious repercussions than mere data theft or DDoS attacks.
Read more about Hacking the sky: planes need patching, too – interview
Lithuania’s cyber chief unimpressed: attacks against NATO were PR stunts
Cybercriminals had promised to fight against the “doomsday clock” of world catastrophe, yet the NATO summit in Lithuania was uneventful from a cybersecurity standpoint
Read more about Lithuania’s cyber chief unimpressed: attacks against NATO were PR stunts
NSA forms central AI security hub
The US National Security Agency (NSA) will create a new AI Security Center to integrate AI technology with national defense, and maintain its edge among world powers.
Read more about NSA forms central AI security hub
