The Belgian federal prosecutor's office is investigating whether Chinese hackers were behind a breach of the country's State Security Service (VSSE). Chinese state-backed attackers reportedly gained access to VSSE's external email server between 2021 and May 2023, siphoning around 10% of all emails sent and received by the agency's staff. The compromised server was only used for exchanging emails with public prosecutors, government ministries, law enforcement, and other public Belgian administration bodies. READ MORE...
For the fourth day in a row, the Cleveland Municipal Court was closed due to a cybersecurity incident. An update on the court's Facebook page today stated that it had shut down affected systems as a "precautionary measure" so that it can safely secure and restore its services. "These systems will remain offline until we have a better understanding of the situation," the court posted on the page. READ MORE...
A ransomware gang has taken credit for the recent attack on Lee Enterprises, which caused disruptions at dozens of local newspapers. The cyberattack came to light in early February, when the American media company, which owns roughly 350 weekly and specialty publications across 25 states, revealed that the incident had impacted business applications and resulted in operational disruptions. READ MORE...
Microsoft has named four of the ten people it is suing for allegedly snatching Azure cloud credentials and developing tools to bypass safety guardrails in its generative AI services - ultimately to generate deepfake smut videos of celebrities and others. Redmond filed a civil lawsuit in Virginia in December 2024 against the so-called "Azure Abuse Enterprise" crew. At the time, none of the accused were named. READ MORE...
Cybercriminals continue to enhance the capabilities of the botnet known as Vo1d, which has grown significantly over the past half a year. In September 2024, Russian security firm Doctor Web warned that 1.3 million Android TV boxes around the world had been ensnared in the Vo1d botnet. Chinese security company QiAnXin (QAX) has also monitored the threat and on Thursday reported seeing nearly 90 new samples of the malware. READ MORE...
Microsoft's Copilot AI assistant is exposing the contents of more than 20,000 private GitHub repositories from companies including Google, Intel, Huawei, PayPal, IBM, Tencent and, ironically, Microsoft. These repositories, belonging to more than 16,000 organizations, were originally posted to GitHub as public, but were later set to private, often after the developers responsible realized they contained authentication credentials allowing unauthorized access or other types of confidential data. READ MORE...
Researchers discovered 49,000 misconfigured and exposed Access Management Systems (AMS) across multiple industries and countries, which could compromise privacy and physical security in critical sectors. Access Management Systems are security systems that control employee access to buildings, facilities, and restricted areas via biometrics, ID cards, or license plates. READ MORE...
We recently identified a new scam targeting PayPal customers with very convincing ads and pages. Crooks are abusing both Google and PayPal's infrastructure in order to trick victims calling for assistance to speak with fraudsters instead. Combining official-looking Google search ads with specially-crafted PayPal pay links, makes this scheme particularly dangerous on mobile devices due to their screen size limitation and likelihood of not having security software. READ MORE...