Microsoft this week seized seven internet domains run by Russia-linked threat group Strontium, which was using the infrastructure to target Ukrainian institutions as well as think tanks in the US and EU, apparently to support Russian's invasion of its neighbor. The seizure is also part of a long-running legal and technical hunt by Microsoft to disrupt the work of Strontium - aka APT28 and FancyBear, among other names. READ MORE...
California-based respiratory care provider SuperCare Health recently disclosed a data breach affecting more than 300,000 individuals. In a data security notice posted on its website, SuperCare said the intrusion was discovered on July 27, 2021, when it noticed unauthorized activity on some systems. An investigation revealed that someone had access to certain systems between July 23 and July 27, 2021. READ MORE...
American automotive tools manufacturer Snap-on announced a data breach exposing associate and franchisee data after the Conti ransomware gang began leaking the company's data in March. Snap-on is a leading manufacturer and designer of tools, software, and diagnostic services used by the transportation industry through various brands, including Mitchell1, Norbar, Blue-Point, Blackhawk, and Williams. READ MORE...
Researchers on Friday said that hackers are exploiting the recently discovered SpringShell vulnerability to successfully infect vulnerable Internet of Things devices with Mirai, an open source piece of malware that wrangles routers and other network-connected devices into sprawling botnets. When SpringShell (also known as Spring4Shell) came to light last Sunday, some reports compared it to Log4Shell, the critical zero-day vulnerability in the popular logging utility Log4J. READ MORE...
A Ukrainian man has been sentenced to five years in prison by a US court for his involvement in the notorious criminal hacking group, FIN7. 32-year-old Denys Iarmak worked for FIN7 (which is also sometimes known as Carbanak, Navigator Group, or Anunak) between approximately November 2016 and November 2018, according to the US Department of Justice, co-ordinating the gang's malicious activity as it broke into businesses to access and steal payment card data. READ MORE...
Some of the biggest stars around have seen content placed on their YouTube accounts without permission over the last couple of days. Taylor Swift has around 40 million subscribers. Justin Bieber? 68 million. Harry Styles, a respectable 12 million. You can even add Eminem and Michael Jackson to the list of those taken over. Big names, and even bigger numbers. READ MORE...
If you've ever written technical documentation to use online, you probably started out by creating it directly in HTML (hypertext markup language), so you could drop it directly into your website. You may have used various HTML editors that gave you a real-time but not entirely precise preview, but you'll have spent plenty of time wrangling with one of HTML's most annoying characteristics, namely that the so-called "markup" is bulky, and hard to read, and easy to mistype. READ MORE...
Threat Fabric security researchers have analyzed an Android banking trojan that allows its operators to perform on-device fraud. Dubbed Octo, the botnet was first mentioned on dark web forums in January 2022, but an analysis of its code revealed a close connection with ExobotCompact, which is believed to be the successor of the Exobot Android trojan, which in turn was based on the source code of the Marcher trojan. READ MORE...