The City of Dallas, Texas, has suffered a Royal ransomware attack, causing it to shut down some of its IT systems to prevent the attack's spread. Dallas is the ninth largest city in the United States, with a population of approximately 2.6 million people, according to US census data. Local media reported that the City's police communications and IT systems were shut down Monday morning due to a suspected ransomware attack. READ MORE...
The Russian 'Sandworm' hacking group has been linked to an attack on Ukrainian state networks where WinRar was used to destroy data on government devices. In a new advisory, the Ukrainian Government Computer Emergency Response Team (CERT-UA) says the Russian hackers used compromised VPN accounts that weren't protected with multi-factor authentication to access critical systems in Ukrainian state networks. READ MORE...
Apple has released the first-ever security updates for its Beats and AirPods products to patch a vulnerability that can be exploited to gain access to headphones through a Bluetooth attack. The flaw is tracked as CVE-2023-27964 and it was reported to Apple by Yun-hao Chung and Archie Pusaka of Google ChromeOS. The vulnerability has been described as an authentication issue. READ MORE...
Businesses should patch their TP-Link routers as soon as possible, after the revelation that a legendary IoT botnet is targeting them for recruitment. The notorious Mirai botnet, which hijacks control of vulnerable IoT devices, is now exploiting TP-Link Archer AX21 routers to launch distributed denial-of-service (DDoS) attacks. The warning comes from security researchers and the US Government's Cybersecurity and Infrastructure Security Agency (CISA). READ MORE...
The US Department of Justice this week announced the takedown of card-checking platform 'Try2Check' and charges against its Russian administrator. The individual, Denis Gennadievich Kulkov, 43, created the platform in 2005 and operated it until the takedown. The US is offering a $10 million reward for information leading to his capture. According to the indictment (PDF), Try2Check was created as a service for cybercriminals who sold and purchased stolen credit cards in bulk. READ MORE...
On May 1, 2023 the Cybersecurity and Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies are obliged to remediate the vulnerabilities by May 22, 2023. For the rest of us it means "pay attention," everyone else with a vulnerable entity should do this as fast as possible too. READ MORE...
Five years ago, security researcher Fernandez Ezequiel discovered a vulnerability (CVE-2018-9995) in many digital video recorder (DVR) brands and released a tool for exploiting it. The vulnerability is still being exploited in the wild, FortiGuard Labs warns: the company's intrusion prevention systems have registered 50,000+ unique exploitation attempts in the past month. READ MORE...
The Writers Guild of America (WGA) is seeking to restrict the use of generative AI in writing film and TV scripts as part of an ongoing strike, reports Reuters. The concerns come at a time when anxiety over the economic impact of tech like ChatGPT looms large in the minds of many. The WGA strike is the first in 15 years, and it's taking place over issues beyond just AI. READ MORE...