Embattled cybersecurity vendor CrowdStrike on Tuesday released a root cause analysis detailing the technical mishap behind a software update crash that crippled Windows systems globally and blamed the incident on a confluence of security vulnerabilities and process gaps. The new CrowdStrike root cause analysis documents a combination of factors that caused the Falcon EDR sensor crash and a vow to work with Microsoft on secure and reliable access to the Windows kernel. READ MORE...
The Grand Palais Réunion des musées nationaux, a major cultural venue in Paris and host to several Olympic events, suffered a cyberattack over the weekend that authorities said did not result in lasting damage, contrary to press reports that venue data was encrypted as part of a ransomware attack. French news outlet Le Parisien reported Monday that unnamed attackers encrypted financial data associated with the venue, including the Louvre, and are holding it ransom. READ MORE...
Mortgage lender LoanDepot reported on Tuesday that the costs associated with the recent ransomware attack have reached nearly $27 million. The attack came to light in early January 2024, when the company took some systems offline in response to a cyberattack that involved the encryption of data. A few weeks later, LoanDepot informed authorities that the details of more than 16 million individuals may have been compromised. READ MORE...
Students in Singapore are scrambling after a security breach wiped notes and all other data from school-issued iPads and Chromebooks running the mobile device management app Mobile Guardian. According to news reports, the mass wiping came as a shock to multiple students in Singapore, where the Mobile Guardian app has been the country's official mobile device management provider for public schools since 2020. READ MORE...
A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore. INTERPOL says this is the largest recovery of funds stolen through a business email compromise (BEC) scam. BEC scams are a type of cyberattack in which cybercriminals attempt to redirect legitimate corporate payments to an attacker-controlled bank account. READ MORE...
Reputation-based security controls may be less effective at protecting organizations against unsafe Web applications and content than many assume. A new study by researchers at Elastic Security found attackers have developed several effective techniques over the past few years to bypass mechanisms that block or allow applications and content based on their reputation and trustworthiness. READ MORE...
Google has released patches for 46 vulnerabilities in Android, including a remote code execution (RCE) vulnerability that it says has been used in limited, targeted attacks. You can find your device's Android version number, security update level, and Google Play system level in your Settings app. You'll get notifications when updates are available for you, but you can also check for updates. READ MORE...
Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios. The new 'Important Scenario Vulnerability Program (ISVP)' program focuses on vulnerabilities related to arbitrary code execution, the unlocking of devices, data extraction, arbitrary application installation, and bypassing device protections. READ MORE...
Researchers say cybercriminals can have fun bypassing one of Microsoft's anti-phishing measures in Outlook with some simple CSS tweaks. William Moody, IT security consultant at Certitude, blogged today about how First Contact Safety Tip - a banner displayed in Outlook when a user receives a message from an address that typically doesn't contact them - can be hidden (mostly) using CSS style tags. READ MORE...
Quantum computing has been projected to enable market-defining and life-changing capabilities since its inception more than three decades ago. From financial portfolio optimization and improved electric vehicle (EV) battery production to enhanced drug discovery and advanced semiconductor manufacturing, quantum computers can perform complex calculations at faster speeds than both traditional and super computers. READ MORE...