The US Justice Department has sized the domains of 13 DDoS-for-hire services as part of an ongoing initiative for combatting the Internet menace. The providers of these illicit services platforms describe them as "booter" or "stressor" services that allow site admins to test the robustness and stability of their infrastructure. Almost, if not all, are patronized by people out to exact revenge on sites they don't like or to further extortion, bribes, or other forms of graft. READ MORE...
The Alphv/BlackCat ransomware group has claimed responsibility for a cyberattack that Canadian software company Constellation Software disclosed last week. Toronto-based Constellation Software is a company specialized in the acquisition of vertical market software firms. With a few notable exceptions, the company's acquisitions have been small, of less than $5 million in value. READ MORE...
Beijing sent a message to foreign businesses this week when it launched an investigation into Shanghai-based Capvision Partners on the grounds of national security, accusing the consultancy firm of failure to prevent espionage. News broke via state-sponsored media on Monday night that authorities had simultaneously raided the consultancy's branches in Shanghai, Beijing, Suzhou and Shenzhen. READ MORE...
As QR codes continue to be heavily used by legitimate organizations-from Super Bowl advertisements to enforcing parking fees and fines, scammers have crept in to abuse the very technology for their nefarious purposes. A woman in Singapore reportedly lost $20,000 after using a QR code to fill out a "survey" at a bubble tea shop, whereas cases of fake car parking citations with QR codes targeting drivers have been observed in the U.S. and the U.K. READ MORE...
By now, you've likely heard that passwordless Google accounts have finally arrived. The replacement for passwords is known as "passkeys." There are many misconceptions about passkeys, both in terms of their usability and the security and privacy benefits they offer compared with current authentication methods. That's not surprising, given that passwords have been in use for the past 60 years, and passkeys are so new. READ MORE...
Twitter is informing users that tweets posted to their Circle, which should have only been seen by specified individuals, may have also been visible to others. Launched in August 2022, Twitter Circle allows users to share their thoughts with a smaller group - up to 150 selected users. In April, users started noticing that tweets that were meant to be shared only with members of their Circle were actually visible to other people, including people who were not even following them. READ MORE...
A public exploit targeting building automation systems has brought KNX security back into the spotlight, with industrial giant Schneider Electric releasing a security bulletin to warn customers about the potential risks. KNX is a widely used open standard for commercial and residential building automation. It can be used to control security systems, lighting, HVAC, energy management, and many other smart building systems. READ MORE...
Since 2017, hackers have been able to mimic legitimate packages on Node Package Manager (npm) by simply removing the capital letters in their titles. According to newly published research from Checkmarx, npm had for years failed to account for this form of typosquatting, which could have led to enterprises inadvertently downloading malware. The registry patched the vulnerability over the weekend, but organizations should be aware of any malicious packages they may have downloaded before the change was made. READ MORE...