Federal authorities on Thursday said they seized $7.74 million from North Korean nationals as they attempted to launder cryptocurrency obtained by IT workers who gained illegal employment and funneled the wages to the North Korean regime. The allegedly illegally obtained funds were linked to Sim Hyon Sop, a representative of North Korean Foreign Trade Bank, and Kim Sang Man, CEO of Chinyong, an outfit associated with North Korea's Ministry of Defense, the Justice Department said. READ MORE...
Over Easter, retail giant Marks & Spencer (M&S) discovered that it had suffered a highly damaging ransomware attack that left some shop shelves empty, shut down online ordering, some staff unable to clock in and out, and caused some of its major suppliers to resort to pen and paper. In a gloating abuse-filled email to M&S CEO Stuart Machin, the DragonForce hacker group claimed responsibility for the attack. In a desperate attempt to contain the attack, M&S switched off the VPN used by staff to work remotely. READ MORE...
An IT services company, a European media group, and a South Asian government entity are among the more than 75 companies where China-linked groups have planted malware to access strategic networks should a conflict break out. SentinelLABS, the threat intel and research arm of security shop SentinelOne, uncovered these new clusters of malicious activity when the suspected Chinese spies tried to break into SentinelOne's own servers in October. READ MORE...
Robert Woodford, a recruitment marketing specialist, recently shared on LinkedIn how he fell victim to a highly sophisticated scam while booking a hotel in Verona through Booking.com, providing a striking example of how attacks on the hospitality industry affect travelers. After completing a legitimate booking-and trading some communications with the hotel-Woodford received a separate message that he believed came from the official Booking.com messaging system. READ MORE...
The FBI and the Cybersecurity and Infrastructure Security Agency on Wednesday warned that the Play ransomware gang has been targeting U.S. critical infrastructure and other organizations using evolving techniques. The ransomware group was among the most active in 2024 and has targeted a wide range of businesses and infrastructure providers in North America, South America and Europe, the agencies said in a joint advisory. READ MORE...
The Federal Bureau of Investigation (FBI) warned that cybercriminals are compromising Internet of Things (IoT) devices connected to home networks through the BADBOX 2.0 botnet. The BADBOX 2.0 botnet was discovered several months ago after the original BADBOX campaign was disrupted in 2024. Human Security's Satori Threat Intelligence and Research team, alongside Google, Trend Micro, the Shadowserver Foundation, and others, were able to partially disrupt the BADBOX 2.0 operation. READ MORE...
Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of shadowy proxy and anonymity services that are nested at some of America's largest Internet service providers (ISPs). The findings come in a report examining how the Russian invasion has affected Ukraine's domestic supply of IPv4 addresses. READ MORE...
American infrastructure is powered by open-source software and no one knows who wrote it. That's not hyperbole. It's a structural vulnerability. Every day, government agencies, contractors, and Fortune 500 companies deploy software built by anonymous developers and downloaded from public repositories into critical systems - sometimes with no scrutiny of who created it or whether it's been compromised. This issue is no longer just a tech problem. It's a matter of national security. READ MORE...
A stray artifact in a TLS certificate led security researchers to an unnerving discovery: hundreds of control-room dashboards for US water utilities were sitting a click away from the public internet, and dozens of them offered full, no-password control over pumps, valves and chemical feeds. The trail started last October, when the research team at Censys ran a routine scan of industrial-control hosts and noticed certificates with the word "SCADA" embedded. READ MORE...