As holiday season begins, US braces for looming risk of cyberattacks
Just ahead of the holiday season, U.S. companies and critical infrastructure providers are once again bracing for the potential risk of cyberattack, as threat groups look to exploit distracted IT security teams for maximum leverage. The vast majority of organizations - nearly 9 in 10 - hit by ransomware over the past 12 months were targeted at night or over a weekend period, when IT security staffing was low, a November report from Semperis shows. READ MORE...
Starbucks, UK grocers impacted by ransomware attack on Blue Yonder
A ransomware attack on supply chain management software provider Blue Yonder has impacted global operations at various companies in the United States and United Kingdom, affecting major retailers such as Starbucks and several UK-based supermarket chains. Starbucks has reported difficulties in processing payroll and managing employee schedules due to the incident, telling the Wall Street Journal that locations have resorted to manual calculations for employee pay. READ MORE...
Hacker in Snowflake Extortions May Be a U.S. Soldier
Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect - a prolific hacker known as Kiberphant0m - remains at large and continues to publicly extort victims. However, this person's identity may not remain a secret for long: A careful review of Kiberphant0m's daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier recently stationed in South Korea. READ MORE...
African cybercrime crackdown nets more than 1,000 suspects
An international law enforcement operation has ensnared more than 1,000 cybercrime suspects in a crackdown that spanned 19 African countries over two months, Interpol and Afripol announced Tuesday. Dubbed Operation Serengeti, it targeted a wide range of cybercrime activity, with the law enforcement agencies saying it linked the criminals to 35,000 victims and $193 million worth of losses. The crimes ranged from ransomware to business email compromise. READ MORE...
Russian Script Kiddie Assembles Massive DDoS Botnet
A Russian script kiddie using little more than publicly available malware tools and exploits targeting weak credentials and configurations has assembled a distributed denial-of-service (DDoS) botnet capable of disruption on a global scale. In assembling the botnet, the attacker has targeted not just vulnerable Internet-of-Things devices, as is the common practice these days, but also enterprise development and production servers, significantly increasing its potential for widespread disruption. READ MORE...
Source Code of $3,000-a-Month macOS Malware 'Banshee Stealer' Leaked
The cybercriminals behind Banshee Stealer have reportedly shut down their operation after someone leaked the macOS malware's source code. Threat intelligence and research project Vx-Underground reported this week that the Banshee Stealer source code was leaked online. The project said the malware operation has been shut down as a result of the leak. It's unclear who leaked the code and why. READ MORE...
Telco engineer who spied on US employer for Beijing gets four years in the clink
A 59 year-old Florida telco engineer was sentenced to 48 months in prison after he served as a spy for China, according to the US Department of Justice. According to the DoJ, Ping Li, a US citizen and Chinese immigrant, admitted to being a "cooperative contact" for China's Ministry of State Security since as early as 2012 - meaning he assisted in activities like conducting research and obtaining information on behalf of the Ministry. READ MORE...
Researchers reveal exploitable flaws in corporate VPN clients
Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users' devices. CVE-2024-5921 affects various versions of Palo Alto's GlobalProtect App on Windows, macOS and Linux, and stems from insufficient certification validation. READ MORE...
Data leaks from websites built on Microsoft Power Pages, including 1.1 million NHS records
A security researcher has blamed misconfigured implementations of Microsoft Power Pages for a slew of data breaches from web portals - including the leak of 1.1 million NHS employee records. It's the latest discovery by Dublin-based security researcher Aaron Costello, who previously discovered the health and personal details of over a million citizens had been accidentally exposed by Ireland's HSE Covid vaccination portal. READ MORE...
- ...in 1896, Richard Strauss's composition "Also sprach Zarathustra" (best known from "2001: A Space Odyssey") is first performed in Frankfurt.
- ...in 1924, the first ever Macy's Thanksgiving Parade is held in New York City.
- ...in 1940, actor and martial artist Bruce Lee ("Enter the Dragon", "The Green Hornet") is born in San Francisco.
- ...in 1942, psychedelic rock musician and guitar legend Jimi Hendrix ("Hey Joe", "Purple Haze") is born in Seattle.
