Salt Typhoon telecom hacks one of the most consequential campaigns against US ever, expert says
China's Salt Typhoon cyber espionage campaign was one of the most damaging series of cyberattacks ever undertaken against the United States, with profound impacts on national security, according to Dmitri Alperovitch, chairman of Silverado Policy Accelerator and a former member of the Department of Homeland Security's now-defunct Cyber Safety Review Board. READ MORE...
UK Retailers Co-op, Harrods and M&S Struggle With Cyberattacks
Cyberattacks have caused disruptions at UK retailers Co-op, Harrods, and Marks & Spencer (M&S), which are now scrambling to restore their operations to normal. M&S was hit over the Easter weekend, when gift card payment and in-store click-and-collect services became unavailable. Last week, the company decided to suspend orders via its websites and applications, while keeping stores open. READ MORE...
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
An employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk's companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned. READ MORE...
Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacks
Russia-aligned hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions. The situation was acknowledged via a statement by the country's National Cyber Security Center (NCSC), part of the Dutch Ministry of Justice. "This week, several Dutch organizations have been targeted by large-scale DDoS attacks," reads the NCSC announcement. READ MORE...
Microsoft Accounts Go Passwordless by Default
Microsoft is making a new push towards eliminating password-based authentication for its users, by prioritizing passwordless sign-in and sign-up methods. For the past decade, Microsoft users have had the option to sign-in with their face, fingerprint, or a PIN, through Windows Hello. To enable users to sign into any account without a password, the industry came up with passkeys, which provide a phishing-resistant authentication method that can be used on any supporting application or website. READ MORE...
Malicious PyPI packages abuse Gmail, websockets to hijack systems
Seven malicious PyPi packages were found using Gmail's SMTP servers and WebSockets for data exfiltration and remote command execution. The packages were discovered by Socket's threat research team, who reported their findings to the PyPI, resulting in the removal of the packages. However, some of these packages were on PyPI for over four years, and based on third-party download counters, one was downloaded over 18,000 times. READ MORE...
Quantum computer threat spurring quiet overhaul of internet security
Cryptography experts say the race to fend off future quantum-computer attacks has entered a decisive but measured phase, with companies quietly replacing the internet plumbing that the majority of the industry once considered unbreakable. Speaking at Cloudflare's Trust Forward Summit on Wednesday, encryption leaders at IBM Research, Amazon Web Services and Cloudflare outlined how organizations are refitting cryptographic tools. READ MORE...
- ...in 1918, General Motors acquires the Chevrolet Motor Car Company.
- ...in 1929, classic rock guitarist/songwriter Link Wray (best known for his instrumental "Rumble") is born in Dunn, NC.
- ...in 1972, professional wrestler/action star Dwayne "The Rock" Johnson is born in Hayward, CA.
- ...in 2011, Al-Qaeda mastermind Osama bin Laden is shot and killed by Navy SEAL Team 6 in a raid on his compound in Abbottabad, Pakistan.
