Multiple critical services remain down two weeks after Dallas was hit by a ransomware attack that caused widespread outages to city services. The city's municipal court still can't access payments and all court hearings, trials and jury duty have been canceled until further notice. While computers are back online in police vehicles, the rest of the Dallas Police Department's systems remain unavailable. READ MORE...
Threat actors have been offering access to energy sector organizations, including industrial control systems (ICS) and other operational technology (OT) systems, according to a new report from Searchlight Cyber. The UK-based threat intelligence company has conducted an analysis of posts published between February 2022 and February 2023 on cybercrime forums, dark web sites, and marketplaces, and found many offers for initial access into the environments of energy sector organizations. READ MORE...
A threat actor has control over millions of smartphones distributed worldwide thanks to a piece of malware that has been preinstalled on the devices, Trend Micro warned. It has been known for several years that smartphones, particularly budget devices, may be shipped with shady firmware that can give companies or other entities access to user data. One of the best known operations involved Triada, an advanced trojan installed on Android devices whose existence came to light in 2016. READ MORE...
A new ransomware operation is hacking Zimbra servers to steal emails and encrypt files. However, instead of demanding a ransom payment, the threat actors claim to require a donation to charity to provide an encryptor and prevent data leaking. The ransomware operation, dubbed MalasLocker by BleepingComputer, began encrypting Zimbra servers towards the end of March 2023, with victims reporting in both the BleepingComputer and Zimbra forums that their emails were encrypted. READ MORE...
A new blog post by Google describes their new policy on dealing with inactive accounts - and it's an important read for anyone who doesn't regularly login. Google argues that overlooked accounts often don't have two-factor authentication enabled, or use old or reused passwords that may have been compromised by cybercriminals. In fact, Google claims that its own research has found that abandoned accounts are "at least 10x less likely than active accounts to have 2-step-verification set up." READ MORE...
Chatbots powered by large language models (LLMs) are not just the world's new favorite pastime. The technology is increasingly being recruited to boost workers' productivity and efficiency, and given its increasing capabilities, it's poised to replace some jobs entirely, including in areas as diverse as coding, content creation, and customer service. Many companies have already tapped into LLM algorithms, and chances are good that yours will likely follow suit in the near future. READ MORE...
The FBI and friends have warned organizations to "strictly limit the use of RDP and other remote desktop services" to avoid BianLian infections and the ransomware gang's extortion attempts that follow the data encryption. In a 19-page joint alert [PDF] issued Tuesday, the FBI warned admins about the extortion crew's indicators of compromise along with its tactics, techniques and procedures observed as recently as March. READ MORE...
Makers of the popular fertility tracking app Premom repeatedly deceived users by sharing sensitive information that included health data to third parties without users' permission, a new Federal Trade Commission complaint alleges. The agency's investigation found that Easy Healthcare, which developed the app, violated its direct promises to users by improperly disclosing sensitive data indicating sexual and reproductive health information, including pregnancy status, to the marketing firm AppsFlyer and Google. READ MORE...
Cisco warned customers today of four critical remote code execution vulnerabilities with public exploit code affecting multiple Small Business Series Switches. All four security flaws received almost maximum severity ratings with CVSS base scores of 9.8/10. Successful exploitation allows unauthenticated attackers to execute arbitrary code with root privileges on compromised devices. READ MORE...