Telecommunications providers are still trying to evict the Chinese government-linked hackers behind a monumental and sweeping breach that the government began investigating this spring, U.S. administration officials said Tuesday, while also providing guidance they believe can attempt to kick the attackers off the network for good. Government agencies are also still grappling with the attack's full scope, the officials told reporters. READ MORE...
A joint investigation team involving French and Dutch authorities has taken down Matrix, yet another end-to-end encrypted chat service created for criminals. Matrix - also know as Mactrix, Totalsec, X-quantum, and Q-safe - was first identified by Dutch authorities on the phone of a criminal convicted for the murder of Dutch crime journalist Peter R. de Vries in 2021, and the discovery prompted an investigation into the service. READ MORE...
American energy contractor ENGlobal disclosed that access to its IT systems remains limited following a ransomware infection in late November. In a Monday filing with the US Securities and Exchange Commission (SEC), the company said it became aware of a cybersecurity incident on November 25 after criminals broke into its networks and locked up some of its files. While remediation efforts remain ongoing, access to the company's IT system is limited to essential business operations. READ MORE...
Stoli Group's U.S. companies have filed for bankruptcy following an August ransomware attack and Russian authorities seizing the company's remaining distilleries in the country. As Chris Caldwell, the President and Global Chief Executive Officer of Stoli USA and Kentucky Owl, the two Stoli Group subsidiaries, said in a Friday filing, this comes after the August attack severely disrupted its IT systems, including its enterprise resource planning (ERP) platform. READ MORE...
Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information. AI startup WotNot provides companies with the ability to create their own customized chatbot. The company reportedly has 3,000 customers including some household family names. But the way its solution is set up introduces an extra link in the chain in the flow of personal information, leaving an additional risk of exposure. READ MORE...
In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as "Wazawaka," a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies. READ MORE...
A known threat actor in the malware-as-a-service (MaaS) business known as "Venom Spider" continues to expand capabilities for cybercriminals who use its platform, with a novel backdoor and loader detected in two separate attacks in a recent two-month period. Researchers at Zscaler ThreatLabz uncovered campaigns between August and October of this year that leveraged a backdoor called called RevC2, as well as a loader called Venom Loader. READ MORE...
Shortening the life cycle of Transport Layer Security (TLS) certificates can significantly reduce the vulnerability of websites and hardware devices that require these certificates. TLS certificates are exchanged between Web server and Web client (or server to server) to establish a secure connection and safeguard sensitive data. The majority of today's digital certificates have a time-to-live of 398 days - that's a 365-day certificate with a 33-day grace period. READ MORE...
Some decentralized application developers this week downloaded backdoored versions of the Solana Web3.js library after an attacker compromised a GitHub account with publish rights. Solana Web3.js is a JavaScript library that developers commonly use to build decentralized applications (dapps) for Node, web, and React Native. With over 400,000 weekly downloads, the library ensures communication between dapps and accounts and programs on the Solana network. READ MORE...
?Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing. VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads. READ MORE...