Read Time:4 Second
Ransom payments in the first half of 2024 hit $460m, according to Chainalysis
Category Archives: News
Google Warns of Iranian Cyber-Attacks on Presidential Campaigns
Read Time:6 Second
Google has highlighted sophisticated spearphishing attacks by Iranian state actor APT42 targeting individuals associated with the US Presidential campaign
SolarWinds Urges Upgrade After Revealing Critical RCE Bug
Read Time:5 Second
SolarWinds has discovered and fixed a critical remote code execution vulnerability in Web Help Desk
Texas Sues GM for Collecting Driving Data without Consent
Read Time:59 Second
Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies:
From CNN:
In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle,” according to the AG’s statement.
General Motors sold this information to several other companies, including to at least two companies for the purpose of generating “Driving Scores” about GM’s customers, the AG alleged. The suit said those two companies then sold these scores to insurance companies.
Insurance companies can use data to see how many times people exceeded a speed limit or obeyed other traffic laws. Some insurance firms ask customers if they want to voluntarily opt-in to such programs, promising lower rates for safer drivers.
But the attorney general’s office claimed GM “deceived” its Texan customers by encouraging them to enroll in programs such as OnStar Smart Driver. But by agreeing to join these programs, customers also unknowingly agreed to the collection and sale of their data, the attorney general’s office said.
Press release. Court filing. Slashdot thread.
Upcoming Speaking Engagements
Read Time:14 Second
This is a current list of where and when I am scheduled to speak:
I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is on the 24th.
The list is maintained on this page.
Ransomware kingpin who called himself “J P Morgan” extradited to United States
Read Time:24 Second
An investigation dating back almost ten years has seen the extradition this week to the United States of a man suspected to be the head of one the world’s most prolific Russian-speaking cybercriminal gangs.
The UK’s National Crime Agency (NCA) says it has been investigating a cybercriminal using the online handle “J P Morgan” since 2015, alongside parallel investigations run by the United States FBI and Secret Service.
Read more in my article on the Tripwire State of Security blog.
New Phishing Attack Uses Sophisticated Infostealer Malware
Read Time:5 Second
The phishing attack uses infostealer malware to target saved passwords, credit cards & Bitcoin info
Manufacturing Firm Loses $60m in BEC Scam
Read Time:6 Second
Manufacturing firm Orion revealed it has lost $60m in a business email compromise (BEC) scam, which targeted a non-executive employee
Research Uncovers New Microsoft Outlook Vulnerability
Read Time:5 Second
CVE-2024-38173 is a medium severity RCE flaw in Microsoft Outlook, similar to CVE-2024-30103
The Chinese Communist Party (CCP): A Quest for Data Control
Read Time:9 Second
We assess apps owned by the People’s Republic of China (PRC) and the potential threat posed to users. Does the PRC leverage these apps for data collection and influence operations?