Security
NSA forms central AI security hub
The US National Security Agency (NSA) will create a new AI Security Center to integrate AI technology with national defense, and maintain its edge among world powers.
Read more about NSA forms central AI security hub
Over 3,000 apps leak Twitter API keys
Threat actors could use API keys to access or take over Twitter accounts.
Read more about Over 3,000 apps leak Twitter API keys
San Francisco’s transport agency exposes drivers’ parking permits and addresses
A misconfiguration in the Metropolitan Transportation Commission (MTC) systems caused a leak of over 26K files, exposing clients’ parking permits and home addresses.
Read more about San Francisco’s transport agency exposes drivers’ parking permits and addresses
US lawmakers to crackdown on Feds buying and using Chinese-made drones
Top lawmakers have introduced two new measures aimed at stopping the US government from purchasing and operating drones made by China and other foreign adversaries with taxpayer funds.
Read more about US lawmakers to crackdown on Feds buying and using Chinese-made drones
LockBit ransom gang behind mass exploitation of Citrix bug, researchers say
Security researchers are blaming a now-patched Citrix zero-day vulnerability for a recent spate of November ransomware attacks, said to be carried out by the notorious LockBit gang – and warn more are coming.
Read more about LockBit ransom gang behind mass exploitation of Citrix bug, researchers say
Gamblers’ data compromised after casino giant fails to set password
One of the biggest online casinos in Mexico has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling. The data was likely compromised by unauthorized actors.
Read more about Gamblers’ data compromised after casino giant fails to set password
New malvertising campaign targets Windows geeks
A threat actor copied a legitimate Windows news website to deliver an infostealer for the CPU-Z processor tool.
Read more about New malvertising campaign targets Windows geeks
Data of 800K Chess.com players scraped and released
The most popular platform for chess players, Chess.com, has had some of its user data leaked in a fresh scraping attempt.
Read more about Data of 800K Chess.com players scraped and released
Allen & Overy law firm breached, LockBit takes credit
Top global law firm Allen & Overy (A&O) said some of its systems have been impacted due to a “data incident” claimed by the LockBit ransomware group.
Read more about Allen & Overy law firm breached, LockBit takes credit
Dolly.com pays ransom, attackers release data anyway
Dolly.com, an on-demand moving and delivery platform, allegedly paid attackers not to publish stolen customer data.
Read more about Dolly.com pays ransom, attackers release data anyway
Google, Meta, Microsoft to join forces defending apps from hackers
The tech giants have formally partnered to improve app security across ecosystems under a newly formed structure.
Read more about Google, Meta, Microsoft to join forces defending apps from hackers
Marina Bay Sands Singapore luxury resort breached
Singapore’s iconic resort and casino Marina Bay Sands stated that the personal information of its loyalty members was found compromised in a recent data security incident.
Read more about Marina Bay Sands Singapore luxury resort breached
TikTok lagging behind rivals like Facebook in security
A new study shows TikTok trailing behind rival platforms in terms of security while Facebook and YouTube lead the way.
Read more about TikTok lagging behind rivals like Facebook in security
Kim’s cyber army has a new malware toy targeting Apple devices
BlueNorOff, a cybercrime group from North Korea, was found to be using a new, fairly simple yet very functional malware that helps attackers commit financial crimes targeting MacOS, the latest Jamf research has revealed.
Read more about Kim’s cyber army has a new malware toy targeting Apple devices
Royal Mail jeopardizes users with open redirect flaw
The British postal service and courier company has left an open redirect vulnerability on one of its sites, exposing its customers to phishing attacks and malware infections.
Read more about Royal Mail jeopardizes users with open redirect flaw
Sensitive military personnel data available for just a few cents online, research finds
Data brokers, feeding online advertising businesses, can easily obtain and sell sensitive military personnel data for as low as $0.12 per record, posing a risk to US national security, a study from Duke University has found. Researchers were able to buy thousands of records with details on health, credit, gambling, and religion, together with contacts.
Read more about Sensitive military personnel data available for just a few cents online, research finds
Headhunt for 4 million cybersecurity pros: current shortage is largest ever
The gap between the demand for cybersecurity professionals and their availability has widened to unprecedented levels, says a new report. The number of new cyber pros would need to nearly double to close it, and the existing workforce lacks competence.
Read more about Headhunt for 4 million cybersecurity pros: current shortage is largest ever
Boeing back on LockBit ransom list after confirming cyber incident
In another twist to the alleged Boeing ransomware attack, the global aerospace technology and defense contractor was put back on LockBit’s victim leak site Thursday – and then taken off again barely an hour later.
Read more about Boeing back on LockBit ransom list after confirming cyber incident
Enter the Puma: phishing link-shortening gang caught in the wild
A threat group believed to be from Ukraine went undetected for years, selling URL link-shortening services to other cybercriminals to help facilitate their malicious activities.
Read more about Enter the Puma: phishing link-shortening gang caught in the wild
Forty countries to pledge: no ransoms for cybercriminals
A US-led alliance of forty countries has committed to signing a pledge to never pay ransoms, leaving cybercriminals without one of their main funding mechanisms, according to a senior White House official.
Read more about Forty countries to pledge: no ransoms for cybercriminals
