CISA director wary of technology industry repeating its mistakes with AI
The multibillion-dollar cybersecurity industry is the result of misaligned incentives, where the technology industry prioritized speed to market over security, said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, at a Hack the Capitol event Wednesday. Easterly's comments build on the federal push to place the burden of security on technology providers rather than their customers, a core part of the recently released national cyber strategy. READ MORE...
Brightly warns of SchoolDude data breach exposing credentials
U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform. SchoolDude is a cloud-based platform for managing work orders used by over 7,000 colleges, universities, and K-12 schools from school districts of up to 600,000 students. READ MORE...
Spain Arrests Hackers in Crackdown on Major Criminal Organization
Spanish authorities this week announced the arrest of 40 individuals for their roles in a criminal organization that performed bank fraud, document forgery, identity theft, and money laundering. Two of the individuals, the authorities say, were in charge of carrying out online bank fraud, while 15 others were involved in other illegal activities. Called 'Trinitarians', the criminal organization employed phishing and smishing (SMS phishing) to distribute malicious links that took unsuspecting victims to fake bank login pages. READ MORE...
Greatness phishing-as-a-service threatens Microsoft 365 users
Manufacturing businesses, healthcare organizations, and tech companies in English-speaking countries are the most targeted by phishers leveraging a relatively new phishing-as-a-service (PaaS) tool called Greatness, created to phish Microsoft 365 users. According to Cisco researcher, this tool has been utilized in numerous phishing campaigns, with notable spikes in activity observed in December 2022 and March 2023. READ MORE...
Akira ransomware - what you need to know
Akira is a new family of ransomware, first used in cybercrime attacks in March 2023. Maybe you're thinking of the cyberpunk Manga comic books and movie that came out in the 1980s. Or perhaps you're thinking of an unrelated ransomware of the same name which emerged in 2017. There's two main reasons why the new Akira ransomware has is capturing the headlines - the organisations it is said to be extorting, and its curious data leak site. READ MORE...
Atomic malware steals Mac passwords, crypto wallets, and more
Hot on the heels of MacStealer and the development of a version of the notorious Lockbit ransomware for Macs comes another malware threat for Apple fans. Security researchers at Cyble are warning that cybercriminals have developed a new malware threat which can steal highly sensitive data from the Mac computers it infects. The malware, named Atomic Stealer by researchers, can a steal a wide variety of information from compromised Macs. READ MORE...
Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers
An increasing number of ransomware operations are adopting the leaked Babuk ransomware source code to create Linux encryptors targeting VMware ESXi servers. SentinelLabs security researchers observed this rising trend after spotting a rapid succession of nine Babuk-based ransomware variants that surfaced between the second half of 2022 and the first half of 2023. READ MORE...
Google Passkeys: How to create one and when you shouldn't
Google has just brought users closer to a passwordless future. In a recent blog post, the tech giant introduced the option to create and use a safer, more convenient alternative to passwords: Passkeys, a form of digital credential. So, how do they work? Passkeys are generated using public-key cryptography, or asymmetric encryption, which involves using a pair of public and private keys. The public key is stored on the side of the app or website, while the private key, a main component of the passkey, is stored on the device. READ MORE...
Millions of mobile phones come pre-infected with malware, say researchers
Miscreants have infected millions of Androids worldwide with malicious firmware before the devices even shipped from their factories, according to Trend Micro researchers at Black Hat Asia. This hardware is mainly cheapo Android mobile devices, though smartwatches, TVs, and other things are caught up in it. The gadgets have their manufacturing outsourced to an original equipment manufacturer (OEM). READ MORE...
WordPress Elementor plugin bug let attackers hijack accounts on 1M sites
One of WordPress's most popular Elementor plugins, "Essential Addons for Elementor," was found to be vulnerable to an unauthenticated privilege escalation that could allow remote attacks to gain administrator rights on the site. Essential Addons for Elementor is a library of 90 extensions for the 'Elementor' page builder, used by over one million WordPress sites. READ MORE...
Billy Corgan Paid Off Hacker Who Threatened to Leak New Smashing Pumpkins Songs
Smashing Pumpkins front man Billy Corgan was on a recent podcast to promote the band's new album, and he told the hosts that a hacker stole several of the songs before the release and threatened to leak them without a payoff. "A fan contacted me and said nine of the songs have leaked," Corgan told the Klein/Ally Show, according to CBS News. "This is like six months ago. And they were all probably the most catchy, singley type songs." READ MORE...
- ...in 1907, actress Katharine Hepburn ("The Philadelphia Story", "The African Queen") is born in Hartford, CT.
- ...in 1937, stand-up comedian and writer George Carlin is born in New York City.
- ...in 1949, the Soviet Union lifts its blockade of Berlin.
- ...in 1981, Academy Award-winning actor Rami Malek ("Mr. Robot", "Bohemian Rhapsody") is born in Torrance, CA.
