Skip to content
Cyber experts question Biden's tit-for-tat approach with RussiaPresident Joe Biden said this week that the U.S. government could respond to Russian cyberattacks on Ukraine “the same way, with cyber.” The answer may have been a standard U.S. government response about responding in-kind, especially in the context of a deteriorating security situation on the border between Ukraine and Russia, with Biden predicting a…
Treasury sanctions Ukrainian officials over operations for Russian FSBThe U.S. Treasury Department on Thursday sanctioned four current and former Ukrainian government officials for allegedly supporting Russian influence operations to destabilize Ukraine, including one who gathered information on Ukraine’s critical infrastructure, a frequent target of Kremlin cyberattacks. Taras Kozak and Oleh Voloshyn — two active members of parliament — acted at the behest of…
Suspicious withdrawals were indeed a 'security incident,' $30M stolen, Crypto.com saysCrypto.com has confirmed that more than $30 million in cryptocurrency was stolen from some of its users earlier in the week, ending several days of confusion over what exactly happened during what the company is labeling a “security incident.” The hack affected the wallets of 483 users, with the thieves aiming for 4,836.26 in ether…
Large-scale cyberattack halts Red Cross work reuniting families, exposes confidential dataA cyberattack compromised personal and confidential data on more than half a million people helped by at least 60 Red Cross and Red Crescent organizations around the world, the International Committee of the Red Cross announced Wednesday. The organization said the exposed information belonged to highly vulnerable groups, including families separated by conflict. “An attack…
Interpol arrests 11 alleged members of Nigerian scam syndicate 'SilverTerrier'International law enforcement authorities say they’ve arrested nearly a dozen members of a notorious Nigerian cybercrime gang potentially responsible for targeting as many as 50,000 victims in various scams in recent years. Some of the 11 suspects are thought to be associated with “SilverTerrier,” a syndicate accused of employing a range of malware variants in…
Congressional cyber heavyweights Langevin, Katko won't seek reelectionIn the span of a few days, two House members who have concentrated much of their energy on cybersecurity — and perhaps just as importantly, on working across the aisle on the issue — have announced their plans to depart Congress. Rep. Jim Langevin, D-R.I., said on Tuesday that he would not run for reelection…
The Internet’s Most Tempting TargetsWhat attracts the attackers? David "moose" Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.
Merck Awarded $1.4B Insurance Payout over NotPetya AttackCourt rules ‘War or Hostile Acts’ exclusion doesn’t apply to the pharma giant's 2017 cyberattack.
20K WordPress Sites Exposed by Insecure Plugin REST-APIThe WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
McAfee Bug Can Be Exploited to Gain Windows SYSTEM PrivilegesMcAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges.
Spyware Blitzes Compromise, Cannibalize ICS NetworksThe brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.
2FA Bypassed in $34.6M Crypto.com Heist: What We Can LearnIn a display of 2FA's fallibility, unauthorized transactions approved without users' authentication bled 483 accounts of funds.
Critical Cisco StarOS Bug Grants Root Access via Debug ModeCisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.
Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j BugUPDATE: SolarWinds has fixed a Serv-U bug discovered when attackers used the Log4j flaw to try to log in to the file-sharing software.
Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDsThe information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open.
Red Cross Begs Attackers Not to Leak Stolen Data for 515K PeopleA cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration.
SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware AttackR.R. Donnelly, the integrated services company, confirmed a ‘systems intrusion’ that occurred in late December and is still under investigation.
Destructive Wiper Targeting Ukraine Aimed at Eroding Trust, Experts SayDisruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russia’s wider effort to undermine Ukraine’s sovereignty, according to analysts.
Box 2FA Bypass Opens User Accounts to AttackA security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements.
Beijing Olympics App Flaws Allow Man-in-the-Middle AttacksAttackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details.
Cloned Dept. of Labor Site Hawks Fake Government ContractsA well-crafted but fake government procurement portal offers the opportunity to submit a bid for lucrative government projects -- but harvests credentials instead.
Will 2022 Be the Year of the Software Bill of Materials?Praise be & pass the recipe for the software soup: There's too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable.
CreativeMinds WordPress Plugin Curated RSS Aggregator
Crime Shop Sells Hacked Logins to Other Crime ShopsUp for the "Most Meta Cybercrime Offering" award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.
IRS Will Soon Require Selfies for Online AccessIf you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification service that…